A significant gap in Microsoft Teams’ B2B guest access allows attackers to bypass Defender for Office 365 protections, creating unprotected zones for phishing and malware delivery.
At Cybersecurity News, we recently highlighted how Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks.
This architectural issue, highlighted by Ontinue, stems from new cross-tenant chat features enabled by default, enabling threat actors to lure users into malicious tenants where home organization safeguards like Safe Links and Safe Attachments do not apply. As Teams becomes central to enterprise collaboration, this risk amplifies with minimal setup costs for attackers.
Microsoft’s MC1182004 update, rolled out in November 2025, lets any Teams user start chats with external email addresses, automatically inviting recipients as guests.
Enabled by default across licenses, including low-cost SMB plans like Teams Essentials, recipients get legitimate Microsoft notifications that evade email filters. While aimed at simplifying collaboration, it ignores inbound invitation controls, as disabling outbound invites via PowerShell (Set-CsTeamsMessagingPolicy -UseB2BInvitesToAddExternalUsers $false) offers no inbound defense.
Teams Guest Chat Exposes Users
In guest scenarios, security policies are enforced from the resource tenant, the host of the conversation, not the user’s home tenant. Defender for Office 365 features such as Safe Links for URL scanning, Safe Attachments for file detonation, and Zero-hour Auto Purge (ZAP) check the host’s subscriptions and policies.
Attackers exploit this by spinning up trial or basic tenants lacking Defender, disabling scans entirely, allowing safe delivery of malicious links and files without alerts in the victim’s security console, reads Ontinue research.
Threat actors begin by creating a bare-bones tenant, then target users via LinkedIn or breaches for pretextual invites like vendor talks.
Victims accept, entering the attacker’s domain where phishing builds trust, malware deploys unchecked, and data exfiltrates unnoticed. Pivots to tools like QuickAssist follow, all of which are invisible to the home organization’s Defender tools.
| Aspect | Guest Access | External Access |
|---|---|---|
| Policy Enforcement | Resource tenant controls (no home protections) | Home tenant retains protections |
| Common Attack Use | Invites to malicious chats/channels | Federated messaging |
| Defender Features | Bypassed (Safe Links, ZAP, Attachments) | Applied normally |
Organizations must restrict guest invites in Entra ID External collaboration settings to allowlisted domains only.
Deploy cross-tenant access policies to block untrusted B2B by default, and limit Teams external access to specific domains in the admin center. User training on rejecting unsolicited invites completes the defense, countering this default-enabled risk before exploitation surges.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
