{"id":5968,"date":"2025-11-27T11:37:21","date_gmt":"2025-11-27T11:37:21","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5968"},"modified":"2025-11-27T11:37:21","modified_gmt":"2025-11-27T11:37:21","slug":"microsoft-teams-guest-chat-feature-exposes-cross-tenant-blind-spot","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5968","title":{"rendered":"Microsoft Teams\u2019 guest chat feature exposes cross-tenant blind spot"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>A newly highlighted flaw in Microsoft\u2019s cross-tenant collaboration model shows that once a user accepts a guest invitation in Teams, their Defender for Office 365 protections are dropped entirely, leaving them exposed inside an external tenant even while logged in with their home account.<\/p>\n<p>According to Ontinue threat researcher Rhys Downing, one of Microsoft\u2019s recently enabled features, \u201cMC1182004,\u201d that allows Teams users to initiate chats with any email address, opens an attack vector for threat actors who know cross-tenant security limitations.<\/p>\n<p>\u201cMany organizations assume their controls \u2018follow\u2019 the user wherever they go,\u201d said <a href=\"https:\/\/www.linkedin.com\/in\/julianbrownlowdavies\/?originalSubdomain=uk\" target=\"_blank\" rel=\"noopener\">Julian Brownlow Davies<\/a>, senior vice president, offensive security strategy &amp; operations at Bugcrowd. \u201cIn reality, attackers can spin up a poorly secured tenant, invite your users in with what looks like a perfectly legitimate Microsoft Teams email, and deliver links and files that never touch your own Defender stack at all.\u201d<\/p>\n<p>This means the full suite of Defender protections, including URL scanning, safe links, file sandboxing, and zero-hour auto purge, can simply be disabled, turning a harmless-looking collaboration invite into an attack path.<\/p>\n<p>Microsoft did not immediately respond to CSO\u2019s request for comments.<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>New default triggers architectural flaw<\/h2>\n<p>Downing explained in a <a href=\"https:\/\/www.ontinue.com\/resource\/blog-microsoft-chat-with-anyone-understanding-phishing-risk\/\" target=\"_blank\" rel=\"noopener\">blog post<\/a> that the issue isn\u2019t a software bug in Teams, but an architectural reality of cross-tenant collaboration. When a user joins another tenant as a guest, the hosting (resource) tenant\u2019s security settings apply\u2013not the user\u2019s original (home) tenant.<\/p>\n<p>As a result, all protections provided by Defender for Office 365 are bypassed if the resource tenant has them disabled or never had them in the first place.<\/p>\n<p>Making an attack easier is the default-enabled feature in Teams, <a href=\"https:\/\/mc.merill.net\/message\/MC1182004\" target=\"_blank\" rel=\"noopener\">MC1182004<\/a>, that allows users to start a chat with any email address, even if the recipient isn\u2019t yet part of Teams. That means attackers can simply spin up a Microsoft 365 tenant, invite victims via email, and deliver phishing links or malware-all without triggering the victim\u2019s own security stack.<\/p>\n<p>Davies echoed Downing\u2019s argument that this is an architectural consequence of how <a href=\"https:\/\/www.csoonline.com\/article\/648486\/beware-of-overly-permissive-azure-ad-cross-tenant-synchronization-policies.html\">cross-tenant collaboration<\/a> works. \u201cAt Bugcrowd, we see the same pattern across crowdsourced testing programs, particularly in our Red Team engagements: much of the risk now lives in the connectivity between tenants, identity systems, and collaboration tools, rather than in the individual apps themselves,\u201d he said.<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>Mitigations include vetting collaborations<\/h2>\n<p>Jason Soroko, senior fellow at Sectigo, warns that this is not a mere \u201cbypass bug,\u201d but a blind spot in many organizations\u2019 mental model of cross-tenant risk. \u201cSecurity teams should respond by treating external guest access as a trust boundary that needs explicit governance rather than a convenience feature that can stay on by default,\u201d he said.<\/p>\n<p>Restricting B2B guest invitation to a vetted allow-list of trusted partner domains, and implementing cross-tenant access policies in Microsoft Entra ID to block suspicious guest-tenant access was recommended by Downing to stay ahead of this inherent threat.<\/p>\n<p>Another key mitigation includes disabling the default \u201cchat with Anyone\u201d feature in Teams, which allows unsolicited external invitations to reach users. This is a practical step for many organizations that can simply do so through the Teams admin center by tightening external policies. Together with the Entra ID <a href=\"https:\/\/www.csoonline.com\/article\/4060101\/entra-id-vulnerability-exposes-gaps-in-cloud-identity-trust-models-experts-warn.html\">warning<\/a> from September, the disclosure underscores that a real danger sits in the gaps across Microsoft tenants, where convenience defaults and misplaced trust continue to outpace security.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>A newly highlighted flaw in Microsoft\u2019s cross-tenant collaboration model shows that once a user accepts a guest invitation in Teams, their Defender for Office 365 protections are dropped entirely, leaving them exposed inside an external tenant even while logged in with their home account. According to Ontinue threat researcher Rhys Downing, one of Microsoft\u2019s recently [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":5969,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5968","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5968"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5968"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5968\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5969"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}