APT29 and UNC6692 are actively abusing Microsoft Teams’ default external federation settings to impersonate IT helpdesk staff, harvest MFA approvals, and escalate privileges through Microsoft Entra Privileged Identity Management. There is no CVE and no vendor patch; the attack surface is a misconfiguration present in every M365 tenant that has not explicitly restricted external Teams access. Any organization that has not audited Teams external access policy and enforced Authenticator number matching is exposed today.