Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Teams and Defender for Office 365 add centralized external-user blocking controls

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft Teams is gaining centralized controls that let security admins block external users, suspicious domains, and malicious content handling in Defender for Office 365, reducing the risk of social-engineering abuse across organizational messaging and meetings. The update matters because it moves external communication restrictions into the Defender portal and strengthens default messaging protections for January 2026 rollout.

Related Happenings

Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498

Security Patch Release
First: 21.05.2026 10:49 Last: 21.05.2026 10:49 Sources 1

About this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...

Latest development: 21.05.2026 12:52

Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.

Open Happening

Microsoft Teams on macOS repeated location-prompt service disruption

Service Disruption
First: 19.05.2026 19:10 Last: 19.05.2026 19:10 Sources 1

About this happening: Microsoft confirmed a **Microsoft Teams on macOS** service disruption that causes **non-dismissible location prompts** for some users, interrupting normal app use for those who en...

Open Happening

Tycoon2FA device-code phishing campaign targeting Microsoft 365

Campaign
First: 17.05.2026 17:43 Last: 17.05.2026 17:43 Sources 1

About this happening: The **Tycoon2FA** phishing operation added **device-code phishing** to hijack **Microsoft 365** accounts, expanding its ability to steal access tokens and reach email, calendar, a...

Open Happening

KongTuke Microsoft Teams initial access campaign

Campaign
First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...

Open Happening

Snow malware suite deployment by UNC6692

Malware Activity
First: 25.04.2026 18:07 Last: 25.04.2026 18:07 Sources 1

About this happening: UNC6692 has deployed the **Snow** malware suite through **social engineering**, creating a stealthy path to **credential theft** and **domain compromise**. The operation uses **em...

Open Happening

Timeline

  1. 24.12.2025 18:22 2 articles · 5mo ago

    Microsoft announces Teams external-user blocking controls

    Initial Disclosure

    Microsoft announced that Teams security administrators will soon be able to block external users from sending messages, calls, or meeting invitations to people in their organization through the Microsoft Defender portal. The update integrates Teams with Defender for Office 365, lets admins manage blocked external contacts through the Tenant Allow/Block List, and will begin rolling out in early January 2026 with completion expected by mid-January 2026. Before use, organizations must enable two disabled-by-default Teams admin center settings, and the feature will work across the Defender XDR web portal and all Teams clients without changing existing domain blocks or federation configurations.

    Show sources
    Open in new tab