By Guru Baran
Publication Date: 2025-11-27 05:26:00
A significant gap in Microsoft Teams’ B2B guest access allows attackers to bypass Defender for Office 365 protections, creating unprotected zones for phishing and malware delivery.
At Cybersecurity News, we recently highlighted how Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks.
This architectural issue, highlighted by Ontinue, stems from new cross-tenant chat features enabled by default, enabling threat actors to lure users into malicious tenants where home organization safeguards like Safe Links and Safe Attachments do not apply. As Teams becomes central to enterprise collaboration, this risk amplifies with minimal setup costs for attackers.
Microsoft’s MC1182004 update, rolled out in November 2025, lets any Teams user start chats with external email addresses, automatically inviting recipients as guests.
Enabled by default across licenses, including low-cost SMB plans like…
