Microsoft is watching you – What you need to know when using Microsoft Teams

Companies and private individuals alike rely on Microsoft Teams. The advantages are obvious: central storage in the cloud, simple organisation of employees in groups and collaborative work on projects. But what about encryption to protect your information?

As part of our security research, we took a closer look at encryption: How, when and where is encryption used and what type of connections are established? We also scrutinised whether the actual encryption meets the standards advertised by the manufacturer.

Result of the analysis

The result surprised us:

Encryption is used (when end-to-end encryption is activated for both communication partners):
✅ Audio calls
✅ Video calls
✅ The sharing of screens

Transmitted without end-to-end encryption (without the corresponding activation option):
❌ Files
❌ Messages

Significant security issues on the client devices

The investigation revealed significant security issues on the client devices themselves. There is no end-to-end encryption and no option to activate it via the settings. This means that messages and files are stored unencrypted on the client and can be viewed by the manufacturer Microsoft. This poses a considerable risk to the privacy and security of users. If you would like to take a look behind the encryption, please read our comprehensive research report attached.

Generic statement from Microsoft

We confronted Microsoft with the issue and received the following statement from a spokesperson: ‘’The end-to-end encryption feature meets the needs of some customers to provide a higher level of confidentiality when required. This confidentiality is mainly required in direct, non-persistent communication, i.e. video and audio transmissions, while there are already established ways of ensuring confidentiality for the transmission of messages or files. As is generally the case in Teams, these messages and files are already protected against unauthorised reading both by extensive security measures and by system-side encryption.’

You can download our complete analysis here

Lukas Sökefeld

Cyber Security Consultant
Lukas Sökefeld deals with the latest developments on the subject of AI and cyber security on a daily basis and advises our customers online and on site.

Jetzt weiterlesen!

Cyber Security, Management Consulting, Security Consulting

Security 2025: The top trends that no company can ignore

The security landscape is changing rapidly. To stay protected in the future, companies must focus on trends like OSINT, robotics, and Zero Trust by 2025. This article outlines the five key developments that you can’t ignore and a groundbreaking technology that could transform security.

Uncategorized

Deepfakes: More Than Just a Digital Facelift – A Cybersecurity Threat

I recently came across an interesting article by BlackBerry titled "Deepfakes and Digital Deception." It painted a vivid picture of the rising threat of deepfakes in the cybersecurity landscape. While deepfakes can be entertaining, their potential for malicious use is what truly caught my attention. The article effectively highlights how deepfakes, fueled by advancements in generative AI, are becoming increasingly sophisticated and accessible. This ease of creation, coupled with the persuasive power of deepfakes, makes them a potent tool for cybercriminals.

Uncategorized

EU Cyber Resilience Act: Everything you need to know

The EU Cyber Resilience Act (CRA) is a pioneering step towards greater cyber security for digital products in the European Union. This regulation defines binding security standards and protects consumers and companies from increasing cyber threats. In this article, you will learn everything you need to know about the CRA, its scope of application, the requirements and how companies can prepare themselves.

Alternativ zum Formular können Sie uns auch eine E-Mail an info@concepture.de senden.

Instead of the form, you can also send us an email to info@concepture.de.