New Microsoft Teams Feature Opens Door to Guest Access Attacks, Bypassing Defender Protections

Cybersecurity experts have identified a vulnerability in Microsoft Defender for Office 365 that allows attackers to bypass protections in Microsoft Teams by exploiting the guest access feature. Rhys Downing from Ontinue highlights that when users join another company's system as guests, they are subject to that system's security measures, not their own. This poses a risk, especially with Microsoft's new Teams feature that enables users to chat with anyone via email, potentially increasing exposure to insecure systems.

The feature, which will be globally available by January 2026, allows users to send chat invites to non-Teams users via email. While this enhances collaboration, it also introduces security challenges. Attackers can exploit this by setting up fake Microsoft 365 environments with minimal security, inviting users to join as guests, and bypassing email security checks since the invites appear to come from Microsoft.

Once a user accepts such an invite, they become vulnerable to attacks within the attacker's system, where security features like Safe Links and Safe Attachments are absent. This situation is exacerbated by the fact that the victim's company remains unaware of the breach, as it occurs outside their security perimeter.

To mitigate these risks, companies should restrict guest invites to trusted systems, manage cross-system access, limit external Teams communication, and educate users about the dangers of accepting unknown Teams invites.

Stay secure — stay Wavasec. 🔐