Microsoft Teams: Line key support for shared line and call transfers

🚨 The Signal: Teams Phone devices now support shared line keys and direct call transfers. This enhances delegation and call handling, but introduces new attack surfaces for social engineering and unauthorized call interception if not properly secured.

The Impact

Delegates and bosses using Teams Phone devices are affected, increasing risk of call interception or social engineering.

• Delegates: Risk of unauthorized call pickup if device is compromised.
• Bosses: Risk of sensitive call exposure via delegates if not properly configured.
• Security Teams: New attack vector for social engineering via delegated lines.
• Admins: Need to secure device access and configure delegation carefully.

The Action

1. Review and update existing Teams Phone device security policies.
2. Ensure physical security of Teams Phone devices, especially in shared spaces.
3. Educate users (bosses and delegates) on secure call handling practices and social engineering risks.
4. Implement Conditional Access policies for Teams Phone devices where applicable to restrict access.
5. Regularly audit call logs for unusual activity related to shared lines and transfers.

Domain: Teams · Impact: medium · Workload: Teams