Auto-Updating Teams Work Location is Not Employee Monitoring
As is the way of the internet, the news that a feature to automatically set the Teams work location for users created a huge fuss about the prospect that managers would keep an eye on employees based on their location. Of course, this is all rubbish. The update automates an existing feature that no sane manager would use to monitor employees. https://office365itpros.com/2025/10/28/teams-work-location-auto/Stealing Access Token Secrets from Teams is Hard Unless a Workstation is Compromised
Teams stores information in a local state file, including encrypted access tokens. A report from a French company explained how to extract and use those tokens with the Graph API. Is this important? It could be if attackers manage to gain access to a workstation, but at that point you’ve got other problems, and maybe using code to decrypt some tokens is the least of your troubles. https://office365itpros.com/2025/10/27/local-state-file-teams/🤬 All My Contacts Imported to My Partners Account
My partner restarted her Teams tonight. On restarting, every single one of my contacts had appeared in her contact list. Is this a bug, or have they introduced automatic contact sharing. She can't see any previous messages, but obviously a massive security breach sharing contact lists between accounts without permission.Security Researchers Demonstrate Exploit Against Teams External Access
Security researchers JumpSec demonstrated a weakness in Teams External Access by showing how to send malware to users via a federated chat. The exploit depends on another weakness in that attackers can interfere with the set of policy controls transmitted by the Teams server to clients. It’s yet another reason why Microsoft 365 tenants should restrict external access to the set of domains they really want to chat with. https://office365itpros.com/2023/06/26/teams-external-access-exploit/Unable to share screen on MS Teams in Google Chrome 109.0.5414 on Ubuntu 22.10
Hello, I have not been able to share the screen (or other windows) like I used to share with MS Teams running inside Google Chrome 109.0.5414 on Ubuntu 22.10. The only thing I can share is other tabs inside Google Chrome. The same thing is happening inside Chromium 109.0.5414. The strange thing is that Google Chrome and Chromium display the following message: "Go to Security & Privacy > Screen Recording to give permission and start sharing." But I do not have these Security & Privacy Settings. I am not using macOS, where I know about these settings. On Linux, there are no such settings. Are there any other options on a Linux System to set to make sharing screens possible once more? Thanks in advance. Details: - Ubuntu 22.10 with GNOME 43.1, Wayland - Chromium 109.0.5414 (via snap) and Google Chrome 109.0.5414 (via dpkg/apt)
Security and privacy Live Captions Teams Meeting
Dear Microsoft, In our company we would like to enable live captions for our users since the Dutch language became available. However, from security and privacy perspective, I need some more information on where the audio gets translated from speech to text (where does the data go). Also I would like to have some information on who has access to this audio and speech while the data is in transit. I would imagine that the audio gets processed in Azure somewhere and maybe Microsoft engineers have access to it. Do you have more information on encryption of speech to text (specifically for live captions in Teams meetings), where this gets processed (europe/US etc.) and who has access (from Microsoft perspective) etc.? This would help me to ease our security officers and enable the feature for our users. Thank you in advance for your help! Sylvester
