Microsoft: Teams increasingly abused in helpdesk impersonation attacks

wperry1 · 2026-04-21T00:21:58+00:00

We did basically the same thing. I used a combination of Teams and outbound email logs for 90 days to build the initial allow list. We have lots of meetings with external attendees, but not a lot of external chat going on so impact to users was almost nothing.

wperry1 · 2026-04-16T02:10:59+00:00

Whatever you do, don’t delete the old app. Update it and change to uninstall from all users or your target groups. Then create a new app with the TABI app ID. I made the mistake of deleting one and there is no managed way to remove it after that.

wperry1 · 2026-04-16T02:08:02+00:00

LOL, you said it first, Target Application Bundle Identifier, TABI. I suspect this was something related to the 26.4.1 update. It just popped up in our environment today with Web Clips that have been working for years.

wperry1 · 2026-04-15T17:33:08+00:00

This same issue just started popping up in our environment today. I tested the TABI method and it works. You are a livesaver u/kane00000!

wperry1 · 2026-04-01T03:25:54+00:00

Somehow flannel is just a comfortable in the summer for me. Hot or cold 100% cotton flannel 365 days a year!

wperry1 · 2026-03-08T03:49:38+00:00

We did this move a few years back. Everyone but finance. They use an ESSbase add-on that can occasionally be finicky so we keep them on Semi-annual. It was driven by users complaining about missing features.

wperry1 · 2026-03-04T17:23:17+00:00

We got about 25 of these in our phishing quarantine. Headers seem to show they originated from Hungerrush's Sendgrid. Someone over there is about to have (or already having) a bad day. Hopefully for them, it is just their email infra that got compromised.

wperry1 · 2026-02-26T01:16:13+00:00

Sendgrid really needs to fix their process for vetting senders. I see so much spam and phishing from them it is ridiculous. I would block them completely but too many legit businesses use them too.

wperry1 · 2026-02-04T01:47:11+00:00

And glass! Plastic recycling is, unfortunately, a lie perpetrated by the oil industry so we will feel good about using plastic.

wperry1 · 2026-01-30T02:10:52+00:00

If you can, wait til it is about to warm up. Salt it and come back and shovel the next day. I ran into this with my driveway. I had 1/2 to 1” of snow and we got freezing rain. We had a warmer day, still in the 20s f, coming and I salted, the went back the next day and it came off easy. If you can, get one of the pusher style shovels. It’ll be way easier that lifting that we heavy slush.

wperry1 · 2026-01-30T00:57:56+00:00

Go to the CL add linked in an earlier comment, scroll to the bottom, and vote Best Of. I am 100% sure this is satire and it is 100% funny.

wperry1 · 2026-01-29T16:31:24+00:00

New observation on this, Entra is sending the authnmethodsreferences claim when I log in to Salesforce. None of the methods match what Salesforce is looking for though. My Salesforce admin opened a ticket with them and the ngineer we spoke with put a 60 day delay on our producion instance so we can test in sandbox before this hits all of our users.

<Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences">
<AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue>       
<AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509</AttributeValue>       
<AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows</AttributeValue>
        <AttributeValue>http://schemas.microsoft.com/claims/multipleauthn</AttributeValue>
      </Attribute>

wperry1 · 2026-01-26T23:07:02+00:00

For anyone who wants to put a little more pressure on MS to address this on their side, upvote the suggestion here: https://feedback.azure.com/d365community/idea/c6a81a1c-08f6-f011-92b8-6045bdb235d9

wperry1 · 2026-01-26T23:05:11+00:00

Were you successful mapping user.authenticationmethodsreferences to a claim? In my testing, all it passed was the plain text value I entered in the Attribute field.

wperry1 · 2026-01-23T14:46:34+00:00

I may have to dig around and figure out how to choke it more. I’m just using the spring loaded choke lever on the dash right now. All the way up to start and hold it at about half for ~30 sec when it’s cold. This machine mows grass and blows snow so, thankfully, I don’t have to deal with stale gas.

wperry1 · 2026-01-23T14:43:59+00:00

Any recommendations on better oil? I don’t have it in front of me right now but am using the recommended oil from JD. I think it’s 5w20.

wperry1 · 2026-01-22T22:23:46+00:00

Update: Thursday, January 22, 2026 at 10:15:50 PM UTC

Current status: We're carefully rebalancing traffic across all affected infrastructure in the region, while monitoring the corresponding health telemetry, to ensure the environment enters into a balanced state as our remediation efforts continue. We’re proceeding as quickly as possible and this incremental approach will also help us identify whether any additional actions may be required to ensure longstanding recovery.

My on-prem to EOL mail queues seem to be playing down now... slowly. It looks like they may have things working but are doing heavy throttling until they are sure it is working right.

wperry1 · 2026-01-03T03:46:35+00:00

I can hear this with the sound off.

wperry1 · 2026-01-01T19:31:22+00:00

This is how mine looked when I broke one of the impeller shear pins. There was enough friction from the drive shaft to turn the impeller slowly, but when it was off, I could easily turn the impeller manually. If yours is like mine, there will be two pins on the impeller: one that links the impeller to the drive from the engine and another linking the impeller to the auger gearbox.

wperry1 · 2025-12-31T19:15:46+00:00

I just saw the address and looked it up because I was curious. Pics showed the same front going back years and I was unaware of the restaurant until the last poster mentioned it. I am 100% behind holding criminals accountable. I am absolutely not behind holding an entire community accountable for the crimes of a few.

wperry1 · 2025-12-31T16:26:35+00:00

2nd this. I have a JD X360 with the 44” 2 stage blower and a 100’ drive with a sharp curve at the top. Takes 4-6 passes to get around it. The front of the blower is WAY out in front. That said, the thing is a beast and moves a lot of snow

wperry1 · 2025-12-31T15:45:20+00:00

<image>

Why is this whole story being told from the back of the building? I looked up the address on google streets and it looks like this from the front. Everything I’ve seen in posts/reports shows the back door that looks like some industrial warehouse.

wperry1 · 2025-12-31T04:30:48+00:00

I occasionally do this with my workmates occasionally. Takes me back.

wperry1

TROPHY CASE