Microsoft Teams: Apps in Shared Channels for Microsoft Teams

🚨 The Signal: Microsoft Teams Shared Channels now support third-party apps, allowing external collaborators to access them. This expands the attack surface for data exfiltration and introduces new vectors for malicious app exploitation within shared collaboration spaces.

The Impact

All users collaborating in Shared Channels are affected, increasing the risk of unauthorized data access and malicious app deployment.

• External users: Increased risk of accessing unapproved apps or data.
• Internal users: Potential for exposure to malicious apps via shared channels.
• Security teams: New vectors for app-based attacks and data exfiltration.
• Admins: Expanded scope for app governance and policy enforcement.

The Action

1. Review and update existing Microsoft Teams app governance policies to include Shared Channels.
2. Audit currently approved third-party apps for their data access permissions and relevance to shared channel collaboration.
3. Implement or refine app permission policies for external users in Shared Channels via the Teams admin center.
4. Communicate updated app usage guidelines and security best practices to all Teams users, especially those using Shared Channels.
5. Monitor Teams audit logs for unusual app activity or unauthorized app installations in Shared Channels.

Domain: Teams · Impact: high · Workload: Teams · Essential Eight: Application Control · ISM: ISM-0843, ISM-1490, ISM-1544, ISM-1582, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1870, ISM-1871