Microsoft Teams Guest Access Vulnerability Bypasses Defender Protection

Published
November 28, 2025
Category
Hot Technology Sectors
Word Count
296 words
Voice
guy
Listen to Original Audio
0:00 / 0:00

Full Transcript

Cybersecurity researchers have uncovered a significant vulnerability in Microsoft Teams that allows attackers to bypass Microsoft Defender for Office 365 protections through the guest access feature. Rhys Downing, a security researcher at Ontinue, highlighted that when users operate as guests in another tenant, their security protections are determined by that hosting environment rather than their home organization.

This vulnerability is particularly concerning as Microsoft is rolling out a new feature in Teams that enables users to chat with anyone via email, including those who do not use the platform. This feature is expected to be globally available by January 2026.

The report indicates that the guest access feature can create 'protection-free zones' by allowing threat actors to disable security safeguards in their tenants. An attacker can create a Microsoft 365 tenant using low-cost licenses, which do not come with Defender for Office 365, and then send invitations to potential victims via Teams.

This scenario is alarming because emails sent from Microsoft's infrastructure can bypass traditional email security measures such as SPF, DKIM, and DMARC, making it difficult for organizations to detect malicious activity.

When victims accept these invitations, they gain guest access to the attacker's tenant, where they can be exposed to phishing links and malware without any protection. Downing emphasizes that the victim's organization may remain completely unaware of the breach, as their security controls do not trigger when the attack occurs outside their security boundary.

To mitigate this risk, organizations are advised to restrict B2B collaboration settings to only allow guest invitations from trusted domains, implement cross-tenant access controls, and train users to be cautious of unsolicited Teams invites from external sources.

The Hacker News has reached out to Microsoft for comment on this vulnerability and will provide updates if a response is received.

More Info...

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants
The Hacker News November 28, 2025
← Back to All Transcripts