Microsoft Teams: User uploaded custom background images for the new VDI solution for Microsoft Teams

🚨 The Signal: Teams VDI users can now upload custom background images. This introduces a potential vector for displaying inappropriate or sensitive content, increasing data exfiltration risk and compliance challenges.

The Impact

All users are affected by the potential for inappropriate content or data exposure, increasing reputational and compliance risks.

• End users: Can inadvertently or maliciously display sensitive data.
• Security teams: Need to monitor for data exfiltration via screen sharing.
• Compliance teams: Must ensure background images adhere to content policies.
• Organisational reputation: At risk from inappropriate user-uploaded content.

The Action

1. Review and update existing acceptable use policies to specifically address virtual meeting backgrounds.
2. Communicate updated policies to all users, emphasising responsible use of custom backgrounds.
3. Consider implementing data loss prevention (DLP) policies for screen sharing if not already in place, to detect sensitive information.
4. Educate users on the risks of displaying confidential information, even in backgrounds.

Domain: Teams · Impact: medium · Workload: Teams