“Collaboration platforms are often configured for convenience first, with easy external chat, calls, screen sharing, and remote assistance, without fully considering how those features can be abused together,” Varkey said.
Kaur emphasized the need for integrated visibility. “The most effective defenses will come from integrating collaboration, identity, endpoint, and SOC visibility rather than treating them as separate layers,” she said.
Recommended measures include tightening external access controls, restricting remote-support tools to approved workflows, enforcing conditional access and multi-factor authentication, and improving user awareness around how legitimate IT support interactions occur, Microsoft wrote.
