(Updated) Queues app on Microsoft Teams mobile

🚨 The Signal: Teams mobile now supports call queue management, allowing users to opt in/out and supervisors to manage teams remotely. This expands access to sensitive call routing controls from mobile devices.

The Impact

Teams Phone users and supervisors are affected, increasing the risk of unauthorized call routing changes or data exposure via mobile devices.

• Teams Phone users: Increased risk of unintended call routing changes if mobile devices are compromised.
• Supervisor leads: Elevated risk of unauthorized bulk queue management if mobile devices are not secured.
• Organizations using Teams Phone: Expanded attack surface for communication services due to mobile access to queue controls.
• Mobile app users: Potential for sensitive call history exposure if mobile device security is weak.

The Action

1. Review and update mobile device security policies to specifically address Teams Phone queue management capabilities.
2. Ensure all mobile devices accessing Teams Phone queue management enforce strong authentication and device health checks via Intune.
3. Conduct targeted security awareness training for call representatives and supervisors on secure mobile usage for Teams Phone.
4. Implement Conditional Access policies to restrict access to Teams Phone queue management from unmanaged or non-compliant mobile devices.
5. Regularly audit Teams Phone call queue configurations and membership changes for anomalies.

Domain: Teams · Impact: high · Workload: Teams