A significant vulnerability has been uncovered in Microsoft Teams that creates a cross-tenant security blind spot, allowing cyber attackers to completely circumvent the sophisticated protections offered by Microsoft Defender for Office 365.

Security researchers from Ontinue have shed light on a fundamental architectural gap tied to the guest access feature in Teams. The problem lies in how security policies are enforced: when a user accepts an invitation and operates as a guest in another organization’s Microsoft tenant, all their security protections are determined by the hosting environment, not their own company’s policies.

As researcher Rhys Downing points out, while increased collaboration across organizations is positive, it dramatically expands the responsibility of ensuring these external digital spaces are safe and properly secured.

The Danger of Stepping Outside Your Microsoft Teams Security Zone

This architectural flaw means that when a user becomes a guest in an external tenant, they are instantly subjected to the security rules of the place where the conversation is taking place. This is where the risk explodes: a user can unknowingly enter a malicious environment where the security policies are set by the attacker.

In a planned attack, a criminal can easily set up a low-cost, brand-new Microsoft 365 tenant using a basic license like Teams Essentials or Business Basic. Crucially, these entry-level licenses do not include Microsoft Defender for Office 365 and its vital safeguards like Safe Links and Safe Attachments by default. This creates a “protection-free zone” that the hacker controls.

Once this insecure tenant is ready, the attacker simply needs to get the victim’s email address. Teams then sends an automatic invitation to the victim’s inbox, prompting them to join the external chat as a guest.

Microsoft’s Own System Delivers the Attack Email

Perhaps the most alarming part of this whole attack chain is the delivery mechanism. The email invitation to join the external chat comes directly from Microsoft’s own infrastructure.

Because the invitation is sent from a legitimate Microsoft source, it effortlessly sails past common email defenses like SPF, DKIM, and DMARC checks. Consequently, most company email security filters are highly unlikely to flag the message as a threat or spam. The email appears completely legitimate and safe to the victim’s security solution.

Should the victim click and accept the invitation, they are granted guest access to the attacker’s unprotected tenant. All subsequent communications—which could include a malicious attacker sending phishing links, infected documents, or malware-laced attachments—occur entirely within this rogue environment, where there are no Safe Links or Safe Attachments scans to stop them.

The victim’s home organization remains completely in the dark. Their internal security controls never activate because the entire exploit happens outside their security boundary.

This vulnerability is being highlighted just as Microsoft is rolling out a new feature that will increase the likelihood of these cross-tenant interactions. The feature, which began rolling out this month and is expected to be global by January 2026, allows Teams users to chat with anyone via email, even individuals who don’t actively use the enterprise platform.

Microsoft stated that the non-Teams recipient will receive an email invitation to join the chat session as a guest, promoting “seamless communication.” While this feature is enabled by default, organizations can disable the ability for their users to send invitations by modifying the TeamsMessagingPolicy. However, this setting does not prevent users from receiving invitations from outside organizations.

🚨 How to Lock Down Your Teams Environment

To protect against this sophisticated attack vector, organizations must move beyond simple default settings and implement a stronger security stance:

• Filter Invitations: Restrict who can send guest invitations by using B2B collaboration settings to only allow invites from a pre-approved list of trusted domains.

• Implement Cross-Tenant Access Controls: Establish explicit cross-tenant access policies to govern and limit how your users can interact with external organizations.

• Limit External Communication: If your business does not require external communication via Teams, disable it to reduce your risk exposure.

• Mandatory User Training: Conduct training to make users highly aware of this specific threat. Teach them to be highly cautious and skeptical of unsolicited Teams invitations coming from outside sources, even if the email appears to originate from a legitimate Microsoft address.