Cross-Tenant Vulnerability in Microsoft Teams Guest Access Bypasses Defender for Office 365 Protections

A significant security vulnerability has been identified in Microsoft Teams' guest access functionality that could allow attackers to bypass Microsoft Defender for Office 365 protections. According to research by Rhys Downing of Ontinue, when users operate as guests in an external tenant, their security protections are governed entirely by the host tenant's configuration rather than their home organization's settings. This cross-tenant flaw creates a potential attack vector where threat actors could exploit weaker security policies in external environments to deliver malicious content to otherwise well-protected users. The vulnerability underscores critical considerations for organizations utilizing multi-tenant collaboration, particularly those with stringent security requirements. Security teams should evaluate their exposure to this risk by auditing guest access usage and considering additional protective measures for users who frequently operate in external tenants. While technical details remain limited without access to the full research, this finding highlights the importance of understanding security inheritance models in cloud collaboration platforms. Organizations are advised to monitor Microsoft's response and consider implementing compensatory controls for high-risk users.