Cybersecurity researchers now shed light on a cross-tenant blind spot that enables attackers to bypass Microsoft Defender for Office 365 protections through the guest access feature in Teams.
Teams Blind spot
“When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization,” Ontinue security researcher Rhys Downing said in a report.
“These advancements increase collaboration opportunities, but they also widen the responsibility for ensuring those external environments are trustworthy and properly secured.”
Next, Microsoft began rolling out a new Teams feature that lets users chat with anyone via email, including those who don’t use the enterprise communications platform, starting this month. The company expects the change to reach global availability by January 2026.
“The recipient will receive an email invitation to join the chat session as a guest, enabling seamless communication and collaboration,” Microsoft said in its announcement. “This update simplifies external engagement and supports flexible work scenarios.”
If the recipient already uses Teams, the app notifies them directly through an external message request. The feature comes enabled by default; however, organizations can turn it off with the TeamsMessagingPolicy by setting the “UseB2BInvitesToAddExternalUsers” parameter to “false.”
Still, this setting only blocks users from sending invitations to others. It does not stop them from receiving invitations from external tenants.
At this point, it’s worth noting that guest access differs from external access, which allows users to find, call, and chat with people who have Teams but belong to other organizations.
Weakness
The “fundamental architectural gap” highlighted by Ontinue arises because Microsoft Defender for Office 365 protections for Teams no longer apply when a user accepts a guest invitation to an external tenant. In other words, once the user enters the other tenant’s security boundary, the hosting environment—not the user’s home organization—enforces all security policies.
Moreover, this situation creates an opportunity where the user can become an unprotected guest inside a malicious environment dictated by the attacker’s security policies.
In a hypothetical attack scenario, a threat actor can create “protection-free zones” by disabling all safeguards in their tenants or choosing licenses that lack certain security features by default. For example, the attacker can spin up a malicious Microsoft 365 tenant with a low-cost license such as Teams Essentials or Business Basic that doesn’t include Microsoft Defender for Office 365.
After setting up the unprotected tenant, the attacker can conduct reconnaissance on the target organization, collect more information, and initiate contact via Teams by entering a victim’s email address. That action triggers Teams to send an automated invitation that prompts the victim to join the chat as a guest.
Perhaps the most concerning part of this attack chain lies in the email landing directly in the victim’s mailbox because the message originates from Microsoft’s own infrastructure. This origin effectively bypasses SPF, DKIM, and DMARC checks. Email security solutions rarely flag such emails as malicious because they come legitimately from Microsoft.
If the victim ends up accepting the invitation, they gain guest access in the attacker’s tenant, where all further communication occurs. At this stage, the threat actor can send phishing links or malware-laced attachments and exploit the lack of Safe Links and Safe Attachments scans.
“The victim’s organization remains completely unaware,” Downing said. “Their security controls never triggered because the attack occurred outside their security boundary.”
Conclusion
To counter this attack method, organizations should restrict B2B collaboration settings to accept guest invitations only from trusted domains, implement cross-tenant access controls, limit external Teams communication when unnecessary, and train users to stay vigilant about unsolicited Teams invites from external sources.
Source: TheHackerNews
Read more at Impreza News
