New Microsoft Teams Feature Exposes Users to Phishing and Malware Risks

Microsoft is poised to roll out a significant update to Teams, enabling users to initiate chats with anyone using just an email address—even if the recipient isn’t a Teams user.

While the feature, launching in targeted releases by early November 2025 and globally by January 2026, promises expanded connectivity across Android, desktop, iOS, Linux, and Mac platforms, security experts are voicing serious concerns about the security risks introduced by this change.

The driving force behind this update is flexibility: organizations can effortlessly communicate with external contacts and partners, enhancing productivity in hybrid work settings.

Guests receive an invite via email and join the conversation as external users, all governed under Microsoft Entra B2B Guest policies.

This default-enabled feature breaks longstanding barriers to communication, reflecting Microsoft’s intent to streamline cross-company collaboration.

However, this same broad accessibility substantially enlarges the attack surface for organizations.

By permitting ...