An article by security researchers Black Hills pointed to some vulnerabilities with incoming webhook connectors and email connections for Teams channels. Fortunately, it seems like Microsoft is making changes to Teams to improve security. Even so, it’s always wise for tenants to keep an eye on how information flows into Teams.
The email addresses for Teams channels are interesting objects. Messages sent to channels start conversations in the target channel and are also captured in SharePoint. Any team member can enable or disable the ability of a channel to receive email by creating or removing email addresses and no admin control exists to stop this happening. Events captured in the Office 365 audit log reveal when email addresses are created or removed, meaning that you can at least know what’s going on.
Teams allows users to send email to channels via special email addresses. Those addresses aren’t very user-friendly, but you can add them as mail contacts so that channel addresses show up in the Exchange GAL. It’s easy to do and makes it much easier for people to email Teams channels. That is, until someone removes the channel email address…