Microsoft Teams Guest Access Leaves Users Exposed to Attacks

We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details.

If your staff accepts an outside invitation to chat in Microsoft Teams, they might be walking straight out of your company’s digital security zone.

A new report from Ontinue is raising major concerns about how Microsoft Teams handles cross-tenant collaboration. The findings show that when employees accept guest invitations from outside organizations, they may unknowingly step into environments with zero security protections.

Ontinue’s threat researcher, Rhys Downing, explains that this issue isn’t a bug, but a core part of how Teams is built. When an employee accepts a guest invitation to another organization’s Teams environment, that is, a different Microsoft 365 “tenant,” they instantly lose all the protections ...