Cybersecurity researchers have uncovered a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the Guest Access feature in Teams.
“When a user operates as a guest in another tenant, their protection is determined entirely by their hosting environment, not their home organization,” Ontinue security researcher Rhys Downing said in the report.
“While these advances increase opportunities for collaboration, they also expand our responsibility to ensure the external environment is reliable and properly protected.”
The development comes as Microsoft began rolling out a new feature in Teams this month that allows users to chat with anyone via email, including those who don’t use the enterprise communications platform. This change is expected to be available worldwide by January 2026.
“Recipients will receive an email invitation to join the chat session as a guest, allowing for seamless communication and collaboration,” Microsoft said in an announcement. “This update simplifies external collaboration and supports flexible work scenarios.”
If the recipient is already using Teams, they’ll be notified directly through the app in the form of an external message request. This feature is enabled by default, but organizations can turn it off by using TeamsMessagingPolicy and setting the “UseB2BInvitesToAddExternalUsers” parameter to “false”.
However, this setting only prevents users from sending invitations to other users. This does not prevent you from receiving invitations from external tenants.
At this stage, it’s worth mentioning that guest access is different from external access. External access allows users to search for, call, and chat with people who have Teams but are outside your organization.
The “fundamental architectural gap” that Ontinue highlighted stems from the fact that Microsoft Defender for Office 365’s Teams protections may not apply when a user accepts a guest invitation to an external tenant. This means that when entering the security boundary of another tenant, the user is subject to the security policies of the location where the conversation is hosted, not where the user’s account resides.
Furthermore, it opens the door to scenarios where the user could become an unprotected guest in a malicious environment dictated by the attacker’s security policy.
In a hypothetical attack scenario, a threat actor could create a “no-protection zone” by disabling all safeguards within a tenant or take advantage of licenses that lack certain options by default. For example, an attacker could launch a malicious Microsoft 365 tenant using a low-cost license such as Teams Essentials or Business Basic that doesn’t come with Microsoft Defender for Office 365 out of the box.
Once an unsecured tenant is set up, the attacker can conduct reconnaissance on the target organization, gather details, and enter the victim’s email address to initiate contact via Teams. Teams will then send you an automatic invitation to join the chat as a guest.
Perhaps the most concerning aspect of the attack chain is the email reaching the victim’s mailbox, given that the message originates from Microsoft’s own infrastructure, effectively bypassing SPF, DKIM, and DMARC checks. Because the email is legitimately sent from Microsoft, there is little chance that your email security solution will flag it as malicious.
If the victim accepts the invitation, they will be granted guest access in the attacker’s tenant and all subsequent communications will take place there. Attackers can take advantage of the lack of safe links or safe attachment scanning by sending phishing links or distributing attachments laced with malware.
“Victim organizations remain completely unaware,” Downing said. “Because the attack occurred outside the security perimeter, no security controls were triggered.”
To prevent this line of attack, we recommend that organizations restrict B2B collaboration settings to only allow guest invitations from trusted domains, implement cross-tenant access controls, restrict external Teams communication when not required, and train users to be wary of unsolicited Teams invitations from external sources.
Hacker News has reached out to Microsoft for comment and will update the article if we hear back.
Source link
