Microsoft Teams cross-tenant Defender blind spot security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Microsoft Teams has a cross-tenant Defender blind spot where guest invitations can move chats outside an organization’s protection boundary, creating phishing and malware delivery risk. Ontinue says Microsoft Defender for Office 365 protections may not apply once a user accepts a guest invite in an external tenant. The issue matters because an attacker can host the conversation in a malicious Microsoft 365 tenant with weaker or missing defenses, bypassing expected Teams email/chat protections. Organizations can reduce exposure by tightening B2B collaboration and cross-tenant access controls.
Related Happenings
Microsoft Teams admin policy adds approval-based control for third-party bots
Security Tool/Service
H score11
First: 30.06.2026 13:52
Last: 30.06.2026 13:52
Sources 1
About this happening:
Microsoft Teams introduced an **admin policy** that lets organizers prevent **third-party bots** from joining meetings without approval. The control improves **visibility** over e...
Microsoft Teams admin policy adds approval-based control for third-party bots
Security Tool/ServiceAbout this happening: Microsoft Teams introduced an **admin policy** that lets organizers prevent **third-party bots** from joining meetings without approval. The control improves **visibility** over e...
Microsoft Teams third-party bot approval controls for meeting social-engineering risk
Defensive Guidance
H score11
First: 30.06.2026 13:52
Last: 30.06.2026 13:52
Sources 1
About this happening:
**Microsoft Teams** has added admin controls that block **third-party bots** without approval, reducing **meeting social-engineering risk** across managed tenants. The policy impr...
Microsoft Teams third-party bot approval controls for meeting social-engineering risk
Defensive GuidanceAbout this happening: **Microsoft Teams** has added admin controls that block **third-party bots** without approval, reducing **meeting social-engineering risk** across managed tenants. The policy impr...
Microsoft Teams on macOS repeated location-prompt service disruption
Service Disruption
H score0
First: 19.05.2026 19:10
Last: 19.05.2026 19:10
Sources 1
About this happening:
Microsoft confirmed a **Microsoft Teams on macOS** service disruption that causes **non-dismissible location prompts** for some users, interrupting normal app use for those who en...
Microsoft Teams on macOS repeated location-prompt service disruption
Service DisruptionAbout this happening: Microsoft confirmed a **Microsoft Teams on macOS** service disruption that causes **non-dismissible location prompts** for some users, interrupting normal app use for those who en...
KongTuke Microsoft Teams initial access campaign
Campaign
H score42
First: 14.05.2026 15:12
Last: 14.05.2026 15:12
Sources 1
About this happening:
The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...
KongTuke Microsoft Teams initial access campaign
CampaignAbout this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...
Microsoft Edge regression disrupts Teams meeting joins
Service Disruption
H score1
First: 23.04.2026 16:18
Last: 23.04.2026 16:18
Sources 1
About this happening:
A **Microsoft Edge** regression is preventing some **Windows** users from joining **Microsoft Teams** meetings, causing a limited-scope access disruption for scheduled and link-ba...
Microsoft Edge regression disrupts Teams meeting joins
Service DisruptionAbout this happening: A **Microsoft Edge** regression is preventing some **Windows** users from joining **Microsoft Teams** meetings, causing a limited-scope access disruption for scheduled and link-ba...
Timeline
-
28.11.2025 10:33 2 articles · 7mo ago
Microsoft Teams guest access can bypass Defender protection
Technical Analysis UpdateOntinue identified a cross-tenant blind spot in Microsoft Teams guest access where Microsoft Defender for Office 365 protections may not apply after a user accepts a guest invitation to an external tenant. A malicious Microsoft 365 tenant using Teams Essentials or Business Basic can invite a target by email, move the conversation outside the victim organization’s security boundary, and deliver phishing links or malware-laced attachments without Safe Links or Safe Attachments scans. Organizations can reduce exposure by tightening B2B collaboration settings, using cross-tenant access controls, limiting external Teams communication, and training users to scrutinize unsolicited guest invitations.
Show sources
- MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants — thehackernews.com — 28.11.2025 10:33
- MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants — thehackernews.com — 28.11.2025 10:33