MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants thehackernews.com/2025/11/m…
Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams.
“When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization,” Ontinue security researcher Rhys Downing said in a report.
“These advancements increase collaboration opportunities, but they also widen the responsibility for ensuring those external environments are trustworthy and properly secured.”
The development comes as Microsoft has begun rolling out a new feature in Teams that allows users to chat with anyone via email, including those who don’t use the enterprise communications platform, starting this month. The change is expected to be globally available by January 2026.
