Your Microsoft Teams chat might be putting your company at serious risk — and most people have no idea it’s happening.
A new investigation from Ontinue has uncovered alarming flaws in how Microsoft Teams manages cross-tenant collaboration — that is, communication between employees in different organizations. And here’s where it gets controversial: the issue isn’t a software glitch. It’s baked into Teams’ very design.
Imagine your employee accepts a Teams invite from someone at another company. The moment they do, they step outside the safety net of your organization’s cybersecurity defenses and into someone else’s environment — one that might have zero protection.
Ontinue’s senior threat researcher, Rhys Downing, emphasizes that this is not a technical malfunction but a structural gap in how Microsoft Teams operates. Once a user joins another company’s Teams environment, also known as a different Microsoft 365 “tenant,” all their home security shields, provided by Microsoft Defender for Office 365, instantly vanish.
Downing puts it bluntly: “When users act as guests in another tenant, their safety depends entirely on that host organization — not their own.” In practice, this means that critical protections such as Safe Links (which scans malicious URLs) and Zero-hour Auto Purge, or ZAP (which removes harmful content after delivery), no longer function under the guest’s original organization’s rules. Instead, they depend fully on the security setup of the host.
And this is the part most people miss: attackers can take advantage of this setup. Cybercriminals can spin up their own Microsoft 365 tenants with all safety checks deliberately turned off — creating what Ontinue calls “protection-free zones.” Once a victim accepts a chat invite to such a zone, they are essentially walking through an open door into a trap, often without any visual warning that their defenses are gone.
How the attack works
When a targeted user accepts a malicious Teams invitation, everything seems normal. The familiar Teams interface loads. The chat looks legitimate. But under the hood, the attacker now has free reign because the host environment has no Defender protections. From there, the attacker can:
- Send phishing links that bypass Safe Links scanning.
- Deliver malware through attachments with no antivirus detection.
- Engage in social engineering conversations — without triggering any alerts on the victim’s side.
Downing calls this false sense of security a “dangerous assumption gap.” Many companies mistakenly assume that their security policies travel with their users across tenants. Ontinue debunks this: protection follows the host, not the home account.
A default setting that worsens the risk
Adding fuel to the fire, Microsoft’s MC1182004 update now allows Teams users to chat with “anyone with an email address” — and it’s enabled by default. Ontinue warns that this change makes sending guest invitations extremely easy, giving attackers one of the simplest entry points in modern collaboration tools.
While Microsoft frames this feature as a move toward broader collaboration, Downing cautions that it also enlarges the attack surface. In other words, the more freedom users have to connect externally, the greater the risk if those external environments aren’t properly secured.
To mitigate these vulnerabilities, Ontinue recommends tightening external collaboration rules. Organizations should:
- Limit who can accept or send guest invitations.
- Use Microsoft Entra’s cross-tenant access controls to block unknown or unverified domains.
- Regularly review and audit guest accounts to ensure none lead to unsafe external tenants.
As if cybersecurity teams didn’t have enough to worry about, this revelation lands in a week already filled with alarming breaches — crypto thieves have reportedly siphoned Solana tokens through malicious Chrome extensions. The message is clear: the digital attack surface is widening fast, and what looks like convenience can easily turn into a cybersecurity blind spot.
What do you think? Should Microsoft shoulder more responsibility for ensuring cross-tenant safety, or is this a matter for organizations to manage themselves? Share your thoughts in the comments — this debate is far from settled.
