Microsoft Teams continues to enhance collaboration across organizations, helping users stay connected and productive from anywhere. Following the recent activity detection setting in microsoft teams web update, Microsoft is rolling out another capability designed to make communication even easier.
The new chat with anyone with an email address feature lets users connect seamlessly with external contacts. However, while it sounds like a collaboration dream, you should double-check your security settings before this convenience turns into a potential risk.
What is the Microsoft Teams Chat with Anyone Feature?
Teams users can now start a chat with anyone using an email address, even if that recipient isn’t on Teams. The invitee receives an email invite and joins as a guest through Microsoft Entra’s B2B access.
This update is designed for small and medium businesses with the following licenses and platform support.
Eligible licenses:
- Teams Essentials
- Microsoft 365 Business Basic
- Microsoft 365 Business Standard
- Microsoft 365 Business Premium
Supported platforms:
- Android
- Desktop
- iOS
- Linux
- Mac
Rollout Timeline 🗓️
- Targeted release will begin in early November 2025 and is expected to be completed by mid-November 2025.
- General availability rollout will start in January 2026 and will be enabled by default for all eligible users.
Microsoft Teams Chat with Anyone – What Makes It a Security Risk?
It has never been easier to connect with anyone in Teams using just their email address. Sales reps can reach clients instantly, and vendors can reply without joining another tenant. But open doors can attract unwanted visitors too.
Here’s what this Teams’ new “chat with anyone” feature could mean for your organization:
- Phishing Entry Points: Attackers might exploit vulnerabilities like CVE‑2024‑38197 to impersonate external users and trick employees into clicking malicious links or sharing sensitive data.
- Data Exposure Risks: Employees may unintentionally share confidential data, putting the organization at risk of intellectual property loss or non-compliance with regulations like GDPR.
- Limited Visibility and Compliance Risks: Chats with external guests may not follow your DLP or retention policies, and such communications could go unnoticed in security and compliance reports.
- Malware Distribution: Unauthorized users could send files containing malware, putting your organization’s devices and data at risk.
How to Disable the Chat with Anyone Feature in Teams
If your organization prefers tight control over external collaboration, you can disable this feature using PowerShell.
|
1 |
Set-CsTeamsMessagingPolicy -Identity Global -UseB2BInvitesToAddExternalUsers $false |
The cmdlet above disables this feature by setting the UseB2BInvitesToAddExternalUsers attribute to false in the Teams Messaging Policy.
Protect Your Organization from Microsoft Teams Chat with Anyone Security Risks
If you don’t want to fully disable the “Chat with Anyone” feature, follow these best practices to keep collaboration secure and controlled.
1. Restrict External Domains in Microsoft Teams
Allow only trusted domains, like your partner or client domains, to interact with your users and disable external access in Microsoft Teams.
2. Review Microsoft Entra B2B Guest Settings
Ensure your Entra B2B policies align with your organization’s security posture. Disable unnecessary guest permissions and audit them periodically.
3. Follow Security Best Practices Against Phishing and Malicious Links
To further protect your organization from attackers exploiting external chats:
- Monitor chat activity for unusual patterns
- Detect and block links leading to Microsoft Teams phishing or malware
- Enable multi-factor authentication for all accounts
4. Educate Users on External Teams chat Security
Remind employees! External guests are not always who they claim to be. Encourage them to verify identities before sharing sensitive information.
Final Thoughts
Microsoft Teams’ new “Chat with Anyone” update is all about frictionless communication, but friction exists for a reason because it helps slow down potential threats.
Before the rollout reaches your users, review your Teams messaging policy, external access controls, and guest restrictions. A few proactive steps today can prevent unwanted data exposure tomorrow.
“Collaboration’s the way. Controlled collaboration wins the day!”
We hope this guide helps you understand the Teams new Chat with Anyone feature and take the necessary steps to keep your organization secure. Stay informed, stay protected, and make collaboration safer for everyone.
