I found a bug...

Swapping between accounts meant that one account had all the rights of the previous account

I use two accounts for Teams - one that is my own work account (only a member of any teams that I need access to on a day-to-day basis) and another that is used by the whole department as a service account (which is an owner of every team that has been created).

Using the desktop app, I signed out from the department service account and into my own, but had Owner level access to all the teams in the business. Any changes that I made (to teams that my account wasn't even a member of) were made successfully, but in the name of the service account.

This was reported to Microsoft Support, who did a remote session to verify the issue (I can provide a ticket number if required). Signing out and signing back in did resolve the issue, but for obvious reasons I'm concerned about this security flaw. Even more so because we'll be turning off S4B and migrating everyone to Teams in the next two weeks.

1 vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Neil A shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base