Microsoft Teamsβ B2B Guest Access feature has a significant security flaw that allows attackers to bypass protection measures like Microsoft Defender. This vulnerability arises because security permissions shift from the userβs organization to the host environment once they accept a guest invitation, enabling malicious actors to exploit unprotected Teams accounts. #MicrosoftTeams #B2BGuestAccess
Keypoints
- The security flaw in Microsoft Teams allows attackers to bypass Defender protections when users accept guest access invitations.
- Once added as guests, usersβ security is controlled solely by the hosting environment, not their own organization.
- Attackers can create low-cost or trial Microsoft 365 accounts with minimal security to exploit this vulnerability.
- A default feature that allows starting chats with any email address significantly increases the attack surface.
- Experts recommend configuring stricter policies, limiting guest access to trusted domains, and applying immediate security changes.
Read More: https://hackread.com/microsoft-teams-guest-chat-flaw-malware/