Microsoft Teams: Join as attendees in Microsoft town hall and webinars from Teams Rooms on Windows

🚨 The Signal: Teams Rooms on Windows can now join town halls and webinars as attendees. This expands the attack surface for meeting-related vulnerabilities and requires review of device security posture.

The Impact

Teams Room administrators and security teams are affected, facing increased risk from unmanaged or compromised meeting room devices.

• Teams Room Admins: New attack vector if devices are not properly secured.
• Security Teams: Expanded scope for vulnerability management and incident response.
• End Users: Potential for compromised meeting experiences if devices are exploited.

The Action

1. Review and apply Microsoft Teams Rooms security baselines and hardening guides.
2. Ensure Teams Rooms devices are patched regularly and running the latest firmware.
3. Implement network segmentation for Teams Rooms to restrict unnecessary outbound/inbound access.
4. Monitor Teams Rooms device health and activity for anomalous behaviour via Microsoft Defender for Endpoint.
5. Review Conditional Access policies for Teams Rooms identities to ensure appropriate access controls.

Domain: Teams · Impact: high · Workload: Teams · Essential Eight: User Application Hardening, Patch Operating Systems · ISM: ISM-1407, ISM-1412, ISM-1485, ISM-1486, ISM-1501, ISM-1542, ISM-1585, ISM-1621, ISM-1622, ISM-1623, ISM-1654, ISM-1655, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1694, ISM-1695, ISM-1696, ISM-1701, ISM-1702, ISM-1823, ISM-1824, ISM-1859, ISM-1860, ISM-1877, ISM-1889, ISM-1902