← Video Conferencing
D

Microsoft Teams

Serious concerns
Microsoft · 🇺🇸 United States
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
App: com.microsoft.teams
Manufacturer: Microsoft

The bottom line

Meeting transcripts from Teams are stored in OneDrive, indexed by Microsoft's compliance search tools, and now processed by Copilot AI — the same system connected to Microsoft's 801 advertising partners. Your employer's compliance team, Microsoft's AI, and potentially Microsoft's ad system can all access what was said in your meeting. The transcript you didn't ask for is now a permanent, searchable, AI-processed record. Microsoft Teams encrypts 1:1 calls but not group meetings — the ones where sensitive business discussions actually happen. And you can't remove Teams from Windows without using PowerShell commands Microsoft doesn't document in the normal uninstall flow. In 2023, the EU fined Microsoft €4.6 million for bundling Teams with Office. The feature you can't remove doesn't even encrypt the calls that matter most.

Legal jurisdiction
🇺🇸 United States (headquarters)
CLOUD Act read more →
US govt can demand your data from this company even if stored overseas
FISA §702 / PRISM read more →
NSA collects stored emails, photos, messages without individual warrants
Geofence warrants read more →
Police can demand location data for everyone near a crime scene
Spying
0/4 N/A
Is someone spying on me?
Data Sharing
2/4 MODERATE
Who gets my data?
Security
2/4 MODERATE
Is it actually secure?
Honesty
2/4 MODERATE
Can I trust what they say?
ACCEPTABLE Moderate concerns. Standard privacy hygiene applies.
4Contradictions
0Critical
2High
2Medium
4Sources
Findings by concern
Data Sharing 2/4 MODERATE 2 findings
⚡ highfirmware analysis vs policy claims
Meeting transcripts from Teams are stored in OneDrive, indexed by Microsoft's compliance search tools, and now processed by Copilot AI — the same system connected to Microsoft's 801 advertising partners. Your employer's compliance team, Microsoft's AI, and potentially Microsoft's ad system can all access what was said in your meeting. The transcript you didn't ask for is now a permanent, searchable, AI-processed record.

What they claim: Teams meeting data is private and secure.

What we found: Transcripts in OneDrive, searchable via Purview eDiscovery. Copilot processes audio real-time. Same infrastructure as Outlook (801 partners), DiagTrack, Recall. Telemetry on idle Windows. No technical separation from ad/AI pipelines.

⚫ mediumpolicy claims vs regulatory findings
Microsoft sees your emails, files, chats, meetings, and computer activity. No single company has ever had this much data about how people work.

What they claim: Teams is part of a secure enterprise platform.

What we found: Broadest corporate data stack: Teams+Outlook+OneDrive+Windows+Copilot+Edge. No company has more complete picture of enterprise users. US FISA/CLOUD Act jurisdiction.

Security 2/4 MODERATE 1 finding
⚡ highfirmware analysis vs regulatory findings
Microsoft Teams encrypts 1:1 calls but not group meetings — the ones where sensitive business discussions actually happen. And you can't remove Teams from Windows without using PowerShell commands Microsoft doesn't document in the normal uninstall flow. In 2023, the EU fined Microsoft €4.6 million for bundling Teams with Office. The feature you can't remove doesn't even encrypt the calls that matter most.

What they claim: Users control meeting data and privacy.

What we found: E2EE for 1:1 calls only, not group meetings. Can't remove from Windows. Telemetry integrated with OS. PRISM since 2007. Group meetings -- where sensitive discussions happen -- have no E2EE.

Honesty 2/4 MODERATE 1 finding
⚫ mediumpolicy claims vs firmware analysis
Copilot now listens to your entire Teams meeting in real time. Microsoft added a "no save" mode where the transcript is processed and then deleted — but during the meeting, everything you say is still being sent to Microsoft's servers, analysed by AI, and held in memory. "No save" means the recording is destroyed after. It does not mean the recording never happened.

What they claim: Copilot AI enhances productivity while respecting privacy.

What we found: Copilot generates notes/summaries from meeting audio. Transcripts indexed for Copilot processing. Non-persisted mode still processes everything said, just deletes after. Nov 2025: transcripts no longer auto-saved (improvement).

What happened to real people
Documented incidents involving Microsoft products and user data.
First PRISM participant (2007). 31% of US legal demands come with secrecy orders — 1,974 gag orders in H1 2025 alone. Users never told their data was demanded. [source]
Storm-0558: Chinese hackers used a stolen Microsoft signing key to access US government officials' email accounts. Microsoft's own infrastructure was the attack vector. [source]
What your data is worth to governments
Microsoft complied with 6,288 government data requests in H1 2025. That's 31% of demands include secrecy orders. Microsoft has been a confirmed PRISM participant since 2007. Under this programme, the NSA collects stored communications. The company is legally prohibited from telling you. Jurisdiction: US (CLOUD Act, FISA Section 702, Patriot Act).
Documented: First PRISM participant (2007). 31% of US legal demands come with secrecy orders — 1,974 gag orders in H1 2025 alone. Users never told their data was demanded.
Documented: Storm-0558: Chinese hackers used a stolen Microsoft signing key to access US government officials' email accounts. Microsoft's own infrastructure was the attack vector.
What is PRISM? · What is the CLOUD Act? · Transparency report
Sources