Microsoft Teams Guest Access Creates a Hidden Security Risk

A newly uncovered gap in Microsoft Teams’ cross-tenant collaboration model exposes organizations to phishing, malware, and social engineering — even when they believe they are fully protected. 

Researchers at Ontinue found that attackers can invite users into malicious Teams tenants where all Microsoft Defender for Office 365 protections are disabled, leaving victims effectively outside their own security boundary. 

“Attackers create protection-free zones by disabling security in their tenants or due to its absence in a default Azure environment,” said researchers.

Why Guest Sessions Become Blind Spots

This threat does not stem from a software vulnerability but from the architectural design of Microsoft Teams’ B2B collaboration model. 

When a user joins another organization’s tenant as a guest, they leave their own security perimeter and inherit the policies of the hosting environment. 

That means protections like Safe Links, Safe Attachments, URL scanning, and Zero-hour Auto Purge (ZAP) are enforced solely by the resource tenant. 

If that tenant lacks Defender for Office 365 — common in low-cost or trial Microsoft 365 setups — guest users operate in an environment with little to no threat detection.

Attackers exploit this by creating inexpensive Microsoft 365 tenants that come without advanced security features enabled by default. 

Using Microsoft’s “Chat with Anyone” feature, which automatically allows users to message anyone with an email address, threat actors send Microsoft-generated guest invitations that pass SPF, DKIM, and DMARC checks. 

These invitations look legitimate and are rarely flagged by email gateways. 

Once victims accept and enter the attacker’s tenant, threat actors can deliver malicious URLs, weaponized documents, or social engineering lures without any scanning or retroactive removal. 

Meanwhile, none of the activity appears in the victim organization’s logs, alerts, or telemetry.

How Attackers Create “Protection-Free” Zones

Teams applies security policy inheritance based on the resource tenant — the environment hosting the conversation — which overrides the user’s home organization entirely. 

Because Defender for Office 365 protections do not travel with the user, a guest entering a tenant with weak or nonexistent threat protections effectively steps into an attacker-controlled “protection-free zone.” 

With full control over that environment, attackers can send malicious content that is never scanned, rewritten, detonated, or purged. 

And since all communication occurs within the attacker’s tenant, victim organizations receive no visibility into the interaction. 

From the user’s perspective, the exchange feels normal; from the defender’s perspective, nothing appears to have happened — a perfect scenario for stealthy phishing, malware delivery, and credential harvesting.

How to Reduce Cross-Tenant Security Risk

Organizations should assume that external tenants may not enforce the same level of protection — and in some cases, may intentionally lack it. The following controls can help reduce risk.

• Restrict external collaboration to trusted domains using Entra ID and Teams external access controls.
• Enforce cross-tenant access policies to block or tightly limit inbound and outbound B2B collaboration by default.
• Disable or limit the “chat with anyone via email” feature to reduce unsolicited guest invitations.
• Apply Conditional Access and MFA requirements for all external or guest interactions.
• Use sensitivity labels and data loss prevention rules to prevent sensitive data from being shared in guest environments.
• Audit guest accounts and monitor external session activity regularly to detect abnormal or high-risk usage.
• Train users to scrutinize unexpected Microsoft Teams invitations and understand the risks of joining external tenants.

Layering controls helps organizations reduce their exposure to untrusted external tenants.

The New Reality of Cross-Tenant Risk

This research underscores a fundamental shift in cloud collaboration: security boundaries no longer map cleanly to organizational boundaries. 

As SaaS platforms expand cross-tenant features to streamline productivity, threat actors are exploiting the gaps created when trust is extended without verification. 

Default-on collaboration features — paired with limited visibility into the security posture of external tenants — are turning cross-tenant communication into a fast-growing attack surface.

This shifting landscape illustrates how essential a zero-trust model has become in environments where trust cannot be assumed across tenant boundaries.