A gap in Microsoft Teams’ B2B guest access allows attackers to bypass Defender for Office 365 protections, creating unprotected spaces for phishing and malware.
This issue, highlighted by Ontinue, comes from the default cross-tenant chat feature. Attackers can trick users into joining malicious tenants where protections like Safe Links and Safe Attachments don’t apply. As Teams becomes central to enterprise work, this risk grows, and it costs attackers very little to exploit.
Microsoft’s MC1182004 update, released in November 2025, allows any Teams user to start chats with external email addresses, automatically inviting recipients as guests.
This is enabled by default on all plans, including low-cost options like Teams Essentials. Recipients see legitimate Microsoft notifications that often bypass email filters. While designed to make collaboration easier, it doesn’t stop inbound invites—even turning off outbound invites via PowerShell offers no protection.
How Teams Guest Chat Exposes Users
When chatting as a guest, security policies come from the host tenant—not the user’s home organization. Defender for Office 365 features such as Safe Links, Safe Attachments, and Zero-hour Auto Purge rely on the host tenant’s subscriptions and policies.
Attackers exploit this by creating trial or basic tenants without Defender. This disables scans entirely, letting malicious links and files reach victims without triggering alerts. Ontinue’s research shows attackers often start with a minimal tenant and then target users through LinkedIn or breaches with pretextual invites like vendor meetings.
When someone accepts a guest invite, they enter the attacker’s environment. Here, phishing tricks can succeed, malware can run without being blocked, and sensitive data can be stolen—all without triggering the user’s Defender protections. Attackers can even use tools like QuickAssist, which remain invisible to the home organization’s security.
| Aspect | Guest Access | External Access |
|---|---|---|
| Policy Enforcement | Controlled by the host tenant; home protections don’t work | Home tenant protections stay active |
| Common Attack Use | Invites to malicious chats or channels | Federated messaging |
| Defender Features | Bypassed (Safe Links, Safe Attachments, ZAP) | Works normally |
To stay safe:
- Limit guest invites in Entra ID External Collaboration to only allowlisted domains.
- Use cross-tenant access policies to block untrusted B2B access by default.
- Restrict Teams external access to specific domains via the admin center.
- Train users to ignore unsolicited invites.
Following these steps helps block attackers before they can exploit this default-enabled feature.
Leave A Comment