New “Chat with Anyone” Feature in Microsoft Teams: Helpful or Risky? - Cobweb
Book a call Existing Customers Call: 03333 234 934 Visit Dubai Site

New “Chat with Anyone” Feature in Microsoft Teams: Helpful or Risky?

Home » Content Hub » New “Chat with Anyone” Feature in Microsoft Teams: Helpful or Risky?

Written By

Keir Nolan

Publish Date

08/12/2025

Categories

Blogs Hot Topic

Microsoft is rolling out a big update to Teams: you’ll soon be able to start a chat with anyone using just their email address, even if they don’t have a Teams license. The feature is already in targeted release and should be available globally in early 2026. It’s designed to make working with people outside your organisation easier, but it also raises some serious security questions every business should think about.

What’s changing in Teams?

With this Teams update (Message Center ID: MC1182004), you can type in an external contact’s email address and start a chat. They’ll get an email invite and join as a guest, following your organisation’s Entra B2B Guest policy. It works across desktop, mobile, and even Linux. This feature is enabled by default, but admins can disable it in the TeamsMessagingPolicy settings. For detailed instructions on how it works and how to disable it, please see Microsoft’s guide here.

Why it’s useful

  • You’ll no longer need to ask “Do you have Teams?”. You can chat with clients, partners, or vendors without worrying about licenses.
  • Inclusive collaboration: Great for small businesses or hybrid teams who need quick conversations without extra setup.
  • Controlled access: Guests still fall under your organisation’s policies, and admins can manage permissions.

What to watch out for

If you decide to keep this feature enabled, here are some risks to consider:

  • Bigger attack surface: The risk isn’t random people messaging you, but rather attackers tricking users into starting a chat. A phishing email could nudge someone to open a Teams chat, and once trust is established, attackers might share malicious links or ask for sensitive information.
  • Impersonation risks: Someone pretending to be a trusted contact could join a conversation and extract data.
  • Compliance issues: Even though chats stay within organisational boundaries, sharing sensitive data with the wrong person could lead to GDPR or other regulatory headaches.

Best practices if you keep it enabled

  • Check guest access policies: Make sure Entra B2B settings and domain restrictions are properly configured.
  • Require MFA for guests: Adds an extra layer of security when it comes to external participants.
  • Training your team: Help your employees to spot phishing attempts and verify requests before starting external chats. Cyber security training platforms such as Mimecast Engage or KnowBe4 help with regular reminders for your team.
  • Use Defender for Office 365: Advanced threat protection can scan links and attachments in chats.

Key takeaways:

If an organisation decides to not disable this new feature, they should check and review guest policies, enable MFA for external participants, train users to spot phishing attempts, and use threat protection tools like Defender for Office 365.

  • Teams now allows chatting with anyone using just their email address—even if they don’t have a Teams license.
  • The benefit of this is that external collaboration will be a lot easier.
  • However, there’s a big risk of attackers using this new feature to their advantage, by creating phishing emails to get into chats.

Our team is here if you need a hand with any of the above, or managing your Microsoft tenant. We’d be more than happy to chat through how you can get the most out of your Microsoft services.

Keeping your Microsoft Tenant Secure

Managed Services for your Business

More information Contact us