Microsoft Teams Guest Access Leaves Users Exposed to Attacks
If your staff accepts an outside invitation to chat in Microsoft Teams, they might be walking straight out of your company’s digital security zone.
A new report from Ontinue is raising major concerns about how Microsoft Teams handles cross-tenant collaboration. The findings show that when employees accept guest invitations from outside organizations, they may unknowingly step into environments with zero security protections.
Ontinue’s threat researcher, Rhys Downing, explains that this issue isn’t a bug, but a core part of how Teams is built. When an employee accepts a guest invitation to another organization’s Teams environment, that is, a different Microsoft 365 “tenant,” they instantly lose all the protections provided by their home organization’s Microsoft Defender for Office 365.
“When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization,” Downing wrote in the report.
In simple terms, security policies, including features like Safe Links, which scans for malicious URLs, and Zero-hour Auto Purge (ZAP), which retroactively removes malicious messages, are controlled by the resource tenant, not the user’s home tenant.
The research warns that attackers can abuse this by creating their own Microsoft 365 tenants with all protections turned off, creating what Ontinue describes as “protection-free zones.” The moment a victim accepts a chat invitation, they enter that zone without any warnings or safeguards.
What happens when a victim accepts an invitation
When a user accepts a malicious invitation, nothing looks suspicious. The interface is familiar. The chat window appears normal. And because the hosting tenant has no Defender protections, the attacker can:
- Send phishing links without Safe Links checks,
- Deliver malware without attachment scanning,
- Or run social-engineering conversations with zero alerts triggered on the victim’s side.
Downing calls the misunderstanding around this model a dangerous assumption gap. Many organizations wrongly believe that their own Defender configurations carry over with the user. Ontinue states that this belief is false: “Protection applies from where the conversation is hosted, not where your user’s account lives.”
A default feature that makes attacks easier
A recently enabled Teams feature appears to make the situation even riskier. Microsoft’s MC1182004 update lets Teams users chat with “anyone with an email address,” and it’s automatically turned on.
Ontinue notes that this makes guest invitations “trivial” to deliver, especially since most organizations accept invitations from any Microsoft 365 tenant worldwide.
Downing notes that Microsoft is expanding cross-tenant collaboration, but warns that these changes “also widen the responsibility for ensuring those external environments are trustworthy and properly secured.”
Ontinue stresses that organizations must tighten how external collaboration works. Downing recommends restricting who can send or receive guest invitations and relying on Microsoft Entra’s cross-tenant access controls to block unknown domains.
It’s been a bad week for cybersecurity. Crypto thieves have stolen Solana via hidden Chrome extensions.
About Author
