Cybersecurity researchers have uncovered a cross tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams.
Architectural Flaw in Guest Access
The fundamental architectural gap highlighted by Ontinue security researcher Rhys Downing stems from the fact that a user's security protections are determined entirely by the hosting environment, not by their home organization, when they operate as a guest in another tenant.
This means that when a user accepts a guest invitation to an external tenant, they are subjected to the security policies of the tenant hosting the conversation, not the security policies where the user's account lives. This opens the door to a scenario where a user can become an unprotected guest in a malicious environment dictated by an attacker's own security policies.
Hypothetical Attack Scenario
A threat actor can exploit this by creating a "protection free zone." They can set up a malicious Microsoft 365 tenant using a low-cost license, like Teams Essentials or Business Basic, that does not include Microsoft Defender for Office 365 out of the box.
The attacker then conducts reconnaissance, initiates contact by entering a victim's email address in Teams, and triggers an automated invitation. The most concerning aspect is that this invitation email originates from Microsoft's own infrastructure, which effectively bypasses common email security checks such as SPF, DKIM, and DMARC. As a result, email security solutions are unlikely to flag the message as malicious.
If the victim accepts the invitation, they are granted guest access in the attacker's tenant. All subsequent communication takes place there, where the threat actor can send phishing links or distribute malware laced attachments without being detected by the victim's organization's Safe Links and Safe Attachments scans. The victim's organization remains completely unaware because the attack occurs outside their security boundary.
Mitigation Recommendations
To safeguard against this attack vector, organizations are recommended to implement several security measures:
- Restrict B2B collaboration settings to only allow guest invitations from trusted domains.
- Implement cross tenant access controls.
- Restrict external Teams communication if it is not strictly required.
- Train users to watch out for unsolicited Teams invites from external sources.
This development coincides with Microsoft's rollout of a new Teams feature that allows users to chat with anyone via email, even those who do not use the enterprise communications platform. This feature is enabled by default and is expected to be globally available by January 2026.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
