Microsoft Teams Guest Access Bypasses Defender for Office 365 Protections
Summary
Hide ▲
Show ▼
Researchers discovered a security blind spot in Microsoft Teams guest access that allows attackers to bypass Microsoft Defender for Office 365 protections. When users join an external tenant as guests, their security protections are determined by the hosting environment, not their home organization. This vulnerability enables attackers to create 'protection-free zones' by setting up malicious tenants with minimal security policies and inviting targets to join as guests, bypassing email security checks and delivering phishing or malware-laden content. The issue arises because Microsoft Defender for Office 365 protections do not apply when a user accepts a guest invitation to an external tenant, subjecting them to the security policies of the hosting tenant. Organizations are advised to restrict B2B collaboration settings, implement cross-tenant access controls, and train users to be cautious of unsolicited Teams invites.
Timeline
-
28.11.2025 10:33 1 articles · 23h ago
Microsoft Teams Guest Access Vulnerability Disclosed
Researchers identified a security blind spot in Microsoft Teams guest access that allows attackers to bypass Microsoft Defender for Office 365 protections. By setting up malicious tenants with minimal security policies, attackers can invite targets to join as guests, bypassing email security checks and delivering phishing or malware-laden content. Organizations are advised to restrict B2B collaboration settings and implement cross-tenant access controls to mitigate the risk.
Show sources
- MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants — thehackernews.com — 28.11.2025 10:33
Information Snippets
-
Microsoft Teams guest access allows users to operate under the security policies of the hosting tenant, not their home organization.
First reported: 28.11.2025 10:331 source, 1 articleShow sources
- MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants — thehackernews.com — 28.11.2025 10:33
-
Attackers can create 'protection-free zones' by setting up malicious tenants with minimal security policies and inviting targets to join as guests.
First reported: 28.11.2025 10:331 source, 1 articleShow sources
- MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants — thehackernews.com — 28.11.2025 10:33
-
The attack bypasses SPF, DKIM, and DMARC checks as the invitation email originates from Microsoft's infrastructure.
First reported: 28.11.2025 10:331 source, 1 articleShow sources
- MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants — thehackernews.com — 28.11.2025 10:33
-
Organizations can restrict guest invitations by setting the 'UseB2BInvitesToAddExternalUsers' parameter to 'false' in TeamsMessagingPolicy.
First reported: 28.11.2025 10:331 source, 1 articleShow sources
- MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants — thehackernews.com — 28.11.2025 10:33
-
Microsoft is rolling out a feature allowing users to chat with anyone via email, including non-Teams users, expected to be globally available by January 2026.
First reported: 28.11.2025 10:331 source, 1 articleShow sources
- MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants — thehackernews.com — 28.11.2025 10:33