Teams Guest Phishing Bypass: Attackers Exploit External Tenants to Defeat Microsoft Defender

Expanding Microsoft Teams’ capabilities for working with external users brings not only convenience, but also new vulnerabilities. The Ontinue team has detailed a technique that exploits the peculiarities of guest access to bypass Microsoft Defender for Office 365 and leverage Microsoft’s own infrastructure to deliver phishing emails with minimal suspicion from mail filters.

The issue stems from the fact that, when operating inside a foreign tenant, a user receives protection not from their own organization, but from the host’s security infrastructure. If an employee accepts an invitation as a guest in an external tenant, the security policies of that other company apply to them. Guest access differs from external access in Teams: in the former, the user effectively enters the foreign environment itself, where communication takes place.

According to Ontinue’s Rhys Downing, this creates an architectural fault line. An attacker can deploy their own Microsoft 365 tenant on a low-cost plan such as Teams Essentials or Business Basic—tiers that lack Microsoft Defender for Office 365 by default—or simply disable whatever protections are available. Such a tenant becomes a de facto “filter-free zone.”

The attacker then conducts reconnaissance, identifies addresses within the target organization, and initiates contact through Microsoft Teams, specifying the victim’s email address. Teams automatically sends an invitation to join a chat as a guest. Because the message originates from Microsoft’s infrastructure, it cleanly passes SPF, DKIM, and DMARC checks. Email gateways and filtering systems rarely flag these notifications as suspicious, as they appear to be legitimate service messages.

If the recipient follows the invitation and accepts it, they gain guest access to the attacker’s tenant. From that moment onward, all subsequent messages and attachments are governed by the security policies of this external environment. The absence of controls such as Safe Links and Safe Attachments allows malicious files and URLs to be delivered with virtually no restrictions. Meanwhile, the victim’s own organization may never see any suspicious activity, since the attack unfolds entirely outside its security perimeter.

Microsoft has already begun rolling out a new Teams feature enabling message exchange with any email address, even for people who do not actively use the service. The feature is enabled by default. Organizations can block outgoing invitations by modifying the TeamsMessagingPolicy setting “UseB2BInvitesToAddExternalUsers” to “false,” but this does not prevent employees from receiving invitations from external tenants—leaving the attack vector intact.

To reduce exposure, Ontinue’s experts advise restricting B2B collaboration to a list of trusted domains, employing cross-tenant access policies, tightly limiting external communication in Teams when necessary, and educating employees to treat unsolicited invitations to external chats with extreme caution.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy