Microsoft Teams desktop client rolls out separate calling process and new security controls
Security Tool/Service
Summary
Hide ▲
Show ▼
Microsoft Teams Desktop Client for Windows is rolling out ms-teams_modulehost.exe in January 2026, splitting calling features into a separate process and changing how the app is handled by endpoint security tools. The update is meant to improve call startup and meeting performance while reducing false-positive detections. Teams is also expanding protections against malicious URLs, malicious file types, and screen-capture attempts in meetings and chats.
Related Happenings
Microsoft Teams admin policy adds approval-based control for third-party bots
Security Tool/Service
H score11
First: 30.06.2026 13:52
Last: 30.06.2026 13:52
Sources 1
About this happening:
Microsoft Teams introduced an **admin policy** that lets organizers prevent **third-party bots** from joining meetings without approval. The control improves **visibility** over e...
Microsoft Teams admin policy adds approval-based control for third-party bots
Security Tool/ServiceAbout this happening: Microsoft Teams introduced an **admin policy** that lets organizers prevent **third-party bots** from joining meetings without approval. The control improves **visibility** over e...
Microsoft Teams third-party bot approval controls for meeting social-engineering risk
Defensive Guidance
H score11
First: 30.06.2026 13:52
Last: 30.06.2026 13:52
Sources 1
About this happening:
**Microsoft Teams** has added admin controls that block **third-party bots** without approval, reducing **meeting social-engineering risk** across managed tenants. The policy impr...
Microsoft Teams third-party bot approval controls for meeting social-engineering risk
Defensive GuidanceAbout this happening: **Microsoft Teams** has added admin controls that block **third-party bots** without approval, reducing **meeting social-engineering risk** across managed tenants. The policy impr...
Microsoft Teams on macOS repeated location-prompt service disruption
Service Disruption
H score0
First: 19.05.2026 19:10
Last: 19.05.2026 19:10
Sources 1
About this happening:
Microsoft confirmed a **Microsoft Teams on macOS** service disruption that causes **non-dismissible location prompts** for some users, interrupting normal app use for those who en...
Microsoft Teams on macOS repeated location-prompt service disruption
Service DisruptionAbout this happening: Microsoft confirmed a **Microsoft Teams on macOS** service disruption that causes **non-dismissible location prompts** for some users, interrupting normal app use for those who en...
KongTuke Microsoft Teams initial access campaign
Campaign
H score42
First: 14.05.2026 15:12
Last: 14.05.2026 15:12
Sources 1
About this happening:
The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...
KongTuke Microsoft Teams initial access campaign
CampaignAbout this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
Campaign
H score37
First: 06.05.2026 16:02
Last: 06.05.2026 16:02
Sources 1
About this happening:
The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
CampaignAbout this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
Timeline
-
25.11.2025 16:24 2 articles · 7mo ago
Microsoft Teams desktop client rolls out separate calling process and new security controls
Initial DisclosureBeginning in **early January 2026**, Teams will separate calling functions into a new **ms-teams_modulehost.exe** process. The rollout also broadens chat and meeting protections against **malicious links**, **file types**, and **screen capture**.
Show sources
- Microsoft is speeding up the Teams desktop client for Windows — www.bleepingcomputer.com — 25.11.2025 16:24
- Microsoft is speeding up the Teams desktop client for Windows — www.bleepingcomputer.com — 25.11.2025 16:24