Defender for Office 365 Focuses on Teams

• New Defender for Office 365 features are available to help secure and monitor Microsoft Teams.
• Teams-based attacks are on the rise, so organizations should be regularly hunting for and securing against attacks.
• Hunting for Teams-based attacks may require additional skills that Security Operations Center teams do not yet have.

Microsoft Teams increasingly is being used as an attack vector to deliver malware, ransomware, and other attacks to organizations and is increasingly being used by known cybercriminals. (For example, in June 2024, the Storm-1811 group was observed using Teams and Microsoft’s Quick Assist tool to compromise remote systems by impersonating help-desk staff.) A collection of Defender for Office 365 enhancements offers the potential for organizations to secure Teams more effectively, help prevent future attacks, and discover previous attacks more easily. Organizations should also reconsider Teams policies and defaults that, while they enable easy external connectivity to Teams, can increase the risk of attack.