Microsoft Viva: Viva Engage - Community replies and reactions in Teams

🚨 The Signal: Viva Engage notifications for replies and reactions are now visible in Microsoft Teams. This change increases user engagement but also expands the attack surface for social engineering within Teams.

The Impact

All users are affected by increased notification visibility, which slightly elevates the risk of social engineering and information exposure.

• End Users: Increased exposure to social engineering via notifications.
• Security Teams: New vector for phishing and information disclosure.
• Compliance Teams: Potential for unapproved information sharing via reactions/replies.
• Admins: Need to review existing Viva Engage and Teams notification policies.

The Action

1. Review existing Microsoft Teams messaging policies for Viva Engage app integration.
2. Communicate to users about the new notification behaviour and social engineering risks.
3. Ensure Viva Engage content policies align with organisational information classification.
4. Monitor user activity for unusual engagement patterns related to Viva Engage notifications.

Domain: Teams · Impact: medium · Workload: Teams