SOLVED

Security incident on Microsoft Teams meeting chat

%3CLINGO-SUB%20id%3D%22lingo-sub-1729926%22%20slang%3D%22en-US%22%3ESecurity%20incident%20on%20Microsoft%20Teams%20meeting%20chat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1729926%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20is%20the%20estimate%20when%20the%20following%20security%20incident%20on%20Teams%20Meetings%20will%20be%20fixed%3F%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EOrganizer%20have%20a%20recurrence%20meeting%20with%20team.%20In%20a%20one%20day%20organizer%20invite%20extra%20speaker%20to%20the%20meeting.%20After%20this%20that%20extra%20speaker%20receives%20all%20the%20chat%20messages%20on%20that%20meeting%2C%20even%20after%20that%20one%20day%20where%20was%20invited.%20Also%20organizer%20is%20not%20able%20to%20get%20out%20that%20person%20from%20meeting%20chat.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20pretty%20bad%20security%20issue%20for%20us%2C%20and%20others%20most%20likely.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1729926%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EChat%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMeetings%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1730168%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20incident%20on%20Microsoft%20Teams%20meeting%20chat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1730168%22%20slang%3D%22en-US%22%3EMaybe%20one%20could%20add%20options%20for%20the%20end%20meeting%20button.%3CBR%20%2F%3E-%20End%20meeting%20and%20do%20nothing%3CBR%20%2F%3E-%20End%20meeting%20and%20remove%20all%20participants%20not%20invited%20from%20chat%20(which%20would%20affect%20people%20that%20have%20been%20added%20to%20the%20meeting%20spontaneously)%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20for%20meetings%20with%20recurrence%3A%3CBR%20%2F%3E-%20End%20meeting%20and%20remove%20participants%20that%20have%20not%20been%20invited%20to%20the%20recurrence%3CBR%20%2F%3E%3CBR%20%2F%3EI%20believe%20hard%20to%20implement%2C%20but%20definitely%20really%20helpful%20in%20opposite%20to%20try%20teach%20users%20to%20remove%20participants%20manually%20from%20a%20chat%20after%20the%20meeting.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1730356%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20incident%20on%20Microsoft%20Teams%20meeting%20chat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1730356%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F90197%22%20target%3D%22_blank%22%3E%40Petri%20X%3C%2FA%3E%2C%20good%20question.%20We%20are%20actively%20working%20on%20improving%20this.%20No%20timeline%20to%20share.%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F702577%22%20target%3D%22_blank%22%3E%40DanielKlicks%3C%2FA%3E%26nbsp%3Bgave%20the%20workaround%20we%20recommend.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1730598%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20incident%20on%20Microsoft%20Teams%20meeting%20chat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1730598%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F702577%22%20target%3D%22_blank%22%3E%40DanielKlicks%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20sure%20what%20do%20you%20mean%2C%20as%20end%20meeting%20just%20kick%20out%20all%20from%20call%2C%20not%20ending%20the%20chat.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1730632%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20incident%20on%20Microsoft%20Teams%20meeting%20chat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1730632%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F90197%22%20target%3D%22_blank%22%3E%40Petri%20X%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat%20was%20a%20suggestion%20to%20MS%20how%20to%20solve%20your%20%22security%20incident%22.%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1730680%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20incident%20on%20Microsoft%20Teams%20meeting%20chat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1730680%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F140470%22%20target%3D%22_blank%22%3E%40Emily%20Kirby%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20do%20not%20see%20that%20tho%20are%20a%20real%20workarounds.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Super Contributor

What is the estimate when the following security incident on Teams Meetings will be fixed?


Organizer have a recurrence meeting with team. In a one day organizer invite extra speaker to the meeting. After this that extra speaker receives all the chat messages on that meeting, even after that one day where was invited. Also organizer is not able to get out that person from meeting chat.

 

This is pretty bad security issue for us, and others most likely.

6 Replies
best response confirmed by Emily Kirby (Microsoft)
Solution
Maybe one could add options for the end meeting button.
- End meeting and do nothing
- End meeting and remove all participants not invited from chat (which would affect people that have been added to the meeting spontaneously)

And for meetings with recurrence:
- End meeting and remove participants that have not been invited to the recurrence

I believe hard to implement, but definitely really helpful in opposite to try teach users to remove participants manually from a chat after the meeting.

Hi @Petri X, good question. We are actively working on improving this. No timeline to share.  @DanielKlicks gave the workaround we recommend.

@DanielKlicks 

Not sure what do you mean, as end meeting just kick out all from call, not ending the chat.

@Petri X 

That was a suggestion to MS how to solve your "security incident". :smile:

@Emily Kirby 

I do not see that tho are a real workarounds.

@DanielKlicks 

:cryingwithlaughter:

Perfect !

Now we need to make @Emily Kirby to see the point :lol:

 

Thanks for your support !

We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE