This tactic of sending unsolicited messages and calls via Teams has an easy solution—only allow specific external domains to communicate with your end users. Review your Teams logs, see which domains your users are communicating with, add them to the allow list and enable the control. Make your end users open up a support ticket for future domain adds so you can vet them.
Forget about Zero Trust and apply best practice security configurations. Let the marketing people and the CISO worry about whether something is “zero trust” or not. #Cybersecurity
Microsoft docs:
https://learn.microsoft.com/en-us/microsoft-365/solutions/trusted-vendor-onboarding?view=o365-worldwide#allow-the-vendors-domain-in-teams-external-access
From: @screaminggoat
https://infosec.exchange/@screaminggoat/113867636525001029
=> More informations about this toot | More toots from deepthoughts10@infosec.exchange
text/geminiThis content has been proxied by September (3851b).