MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Yikes, Microsoft Teams just got a major security flaw exposed. Attackers are exploiting guest access features to bypass Microsoft Defender protections when users join external tenants. This isn't just theoretical - it's actively being weaponized in the wild.

Here's the breakdown: When users accept guest invitations to external Teams tenants, their Defender for Office 365 protections can get stripped away. The external tenant's security policies override the user's home tenant protections, creating a dangerous gap in security coverage.

The attack chain is slick: 1) Attacker compromises an external tenant with weak security settings 2) They invite users from protected organizations as guests 3) Once users join, their Defender protections get disabled in that external environment 4) Attackers can now deliver malware, phishing links, or malicious files without Defender interference.

This isn't just about Teams chat - it affects all Office 365 services within the external tenant. Email, SharePoint, OneDrive - all potentially exposed once Defender gets sidelined.

Microsoft's response? They're aware and investigating. No patch timeline yet. Security teams need to audit guest access policies immediately and reconsider external collaboration settings.

Bottom line: Your Teams guest access might be handing attackers a free pass around your Defender protections. Time to lock down those external tenant invites before this gets exploited at scale.