Microsoft Teams: Emoji Reactions Workflows

🚨 The Signal: Microsoft Teams now allows workflows to be triggered by emoji reactions. This enables automated actions like creating support tickets directly from user reactions, potentially streamlining helpdesk processes but introducing new automation vectors.

The Impact

Admins and Security Teams are affected by the introduction of new automation vectors that could be misused if not properly governed, increasing risk of data exfiltration or unauthorized actions.

• Security Teams: New automation vectors could be exploited for unauthorized actions or data exfiltration.
• Admins: Need to review and control where and how emoji-triggered workflows can be created and used.
• End Users: Could inadvertently trigger workflows if not properly educated on their function and scope.

The Action

1. Review existing Power Automate DLP policies to ensure they cover Teams-triggered flows.
2. Audit existing Power Automate flows for any that could be initiated by Teams reactions.
3. Communicate to users about the appropriate use and potential impact of emoji-triggered workflows.
4. Consider implementing granular permissions for Power Automate flow creation within Teams.

Domain: Teams · Impact: medium · Workload: Teams