Accepting Microsoft Teams guest invitations could pose a security risk

As Microsoft rolls out a new feature to make it easier to invite guests to collaborate on Teams, Ontinue researchers warn users to be aware of the risks of joining external Teams tenants.

The new feature, tracked as MC1182004, allows Teams users to invite anyone with an email address to join their Teams tenant, making it easier to invite non-Teams users to collaborate. This creates a new guest account for the invited user, which can also be created for existing Teams users from other organizations as well.

The security risk lies in the fact that Microsoft Teams guests are protected by the host tenant’s Defender for Office 365 security configurations rather than their own organization’s, meaning they may lose some protections when working as a guest.

These protections include Safe Links — which uses time-of-click URL scanning to block malicious links, real-time URL scanning to pre-emptively detect links from malicious domains — Safe Attachments, which analyzes shared files for safety — and zero-hour auto purge (ZAP), which retroactively removes malicious messages from Teams chats.

“Most assume these protections follow their users everywhere including when collaborating as guests in external tenants. That assumption is dangerously wrong,” Ontinue stated in a blog post Wednesday.

In reality, when a Teams user signs into another Teams tenant as a guest, they are leaving their organization’s security boundary and can no longer assume the same protections. This is not a vulnerability in Teams but a risk organizations must be aware of when considering whether to allow their users to accept these invites, Ontinue said.

“Attackers can spin up a poorly secured tenant, invite your users in with what looks like a perfectly legitimate Microsoft Teams email, and deliver links and files that never touch your own Defender stack at all,” noted Julian Brownlow Davies, senior vice president of offensive security strategy & operations at Bugcrowd, in comments to SC Media.

Ontinue pointed out that an attacker can create a Teams tenant with no Defender protections using a free trial or low-cost license and impersonate legitimate business partners to convince users to accept a guest invitation. They could then send links to phishing or malware pages and attach malicious files without the target having the benefit of Defender scans to block the harmful content.

“Security teams should treat this as a configuration and governance problem they can act on now. Concretely, that means tightening cross-tenant policies so that guest access is allowed only to vetted partner tenants,” said Davies.

The MC1182004 feature, which will be rolled out globally in January 2026, is enabled by default, but Ontinue noted that disabling the feature only prevents users from sending invites, not from receiving them.

To restrict guest invitations to an allowlist of trusted domains, users must change their external collaboration settings in Microsoft Entra ID. Cross-tenant access settings can also be configured to block guest collaboration by default via Entra ID, and external access can be restricted in the Teams Admin Center to prevent unknown, non-organization members from contacting employees via Teams.

“Use conditional access and sign in reporting to monitor guest usage, with special attention to unusual new external tenants and to sessions initiated from unsolicited invitations, and update security awareness content so users know to treat unexpected Teams invitations like any other phishing channel and to validate them out of band,” Sectigo Senior Fellow Jason Soroko advised in comments in SC Media.