< Go Back
Blog

What to Know About Microsoft’s New ‘Chat with Anyone’ Capability

Microsoft has introduced a new feature in Microsoft Teams called “Chat with Anyone,” a capability designed to simplify external collaboration by allowing users to initiate chats with almost any email address, even if the recipient isn’t already part of Teams. According to Microsoft, users can start a new message, type in a person’s name or email, and invite someone outside the organization to a chat. The feature will start to be rolled out in November 2025.

What the Feature Means

For organizations that collaborate frequently with partners, contractors, and external stakeholders, the Chat with Anyone functionality offers a practical benefit: you don’t need the other party to already be a Teams user or guest in your tenant to begin messaging. Users can invite external participants via email, and the guest can join the chat across devices, like Android, iOS, Windows, Mac, or Linux – making the connection relatively seamless.

Moreover, by default the feature can be enabled in a tenant and might be turned on unless specifically disabled, meaning organizations should be aware it may be active without explicit configuration.

In short: easier external chats, faster collaboration, and fewer hurdles, especially in hybrid and partner-heavy environments.

Security Considerations To Watch Out For

While the convenience is clear, the security implications are significant. Enabling external chats by email broadens the attack surface for phishing, credential harvesting, and malware delivery. One analysis of the new feature flagged that allowing chats with unknown external email addresses “without prior validation” increases the risk that malicious actors could masquerade as trusted contacts, send chat invitations, embed links or files, and exploit the guest-join process to gain a foothold.

For example, a user receives a Teams chat invite from what appears to be a trusted supplier, accepts the chat, and then receives a link or file asking them to click or open. Since the chat occurs within Teams rather than via email, traditional email filters might not scrutinize it as closely. That opens the door to ransomware, spyware, or credential-stealing links.

Furthermore, even though the chat is technically governed by cloud-policy (such as guest access via Microsoft Entra ID B2B guest settings), the behavioral risks remain that users may assume the external chat is safe, share sensitive information, or inadvertently allow broad access.

What your organization can do

To manage the risk while benefitting from the new capability, consider the following actions:

  • Review whether the feature is already enabled in your Teams messaging policy, and if your default stance should be controlled or disabled. Cyber Security News reported that admins can disable the feature via PowerShell by setting the UseB2BInvitesToAddExternalUsers attribute in TeamsMessagingPolicy to false.
  • Incorporate user awareness training. Explain to employees that even chats received in Teams from “external” users need the same caution as email invites – verifying identity, being cautious with links/files, and reporting unexpected requests.
  • Align external chat policy with your third-party/guest access controls. If your organization already has strict controls around guest access, external domains, and BYOD, ensure this feature is part of that conversation.
  • Log and monitor external chat activity. Treat external chats as part of your broader collaboration security posture. Ensure that sharing of sensitive attachments, links, or access via these chats is subject to the same governance as email.
  • Communicate with your security and compliance teams. Adjust your external sharing, DLP and collaboration policies to reflect that chat may now be an additional vector.

The “Chat with Anyone” feature in Microsoft Teams brings a welcome boost in collaboration flexibility, but with that flexibility comes increased risk. If your organization enables this capability (or already has it enabled), it’s vital to treat it like any other external communications channel – with clear policy, training, and oversight.

If you have questions or concerns about how this fits into your security posture or how to govern external chat safely, talk to your Cyber Advisor to ensure alignment with your risk management and compliance needs.

Sharing
Keywords

Related Articles

A person using a touchscreen tablet to enter login credentials, with a lock symbol on the screen. A smartphone displaying a verification prompt is nearby. This illustrates cyber criminals leveraging built-in Microsoft tools.
Blog
Built-in Threats: How Cybercriminals Are Turning Microsoft Tools Into Attack Vectors

Read More >
A man with confusion on his face, sitting at a desk and looking at a laptop screen in an office environment. Promoting the idea of Encouraging Employees to Report Security Issues.
Blog
Building a ‘Speak Up’ Culture: How to Encourage Employees to Report Security Issues 

Read More >
A diagram illustrating the Ontinue ION Detection Stack, divided into four quadrants labeled Endpoints, Identities, Network, and Cloud, with details about various security solutions like Defender for Endpoint and IAM solutions.
Blog
Comprehensive Coverage with the ION Detection Stack

Read More >
A person viewed from behind, wearing headphones, sitting at a desk with multiple computer screens displaying data and graphs, with the text "ION Threat Advisory" prominently shown in white.
Blog
Customer Advisory: New Remote Code Execution Vulnerability in printing facility (‘CUPS’) commonly found on Linux and similar systems 

Read More >
A colorful logo featuring intertwined shapes in gradient shades of blue, yellow, and pink, set against a purple background. This logo represents Microsoft Copilot for Security.
Webinar
Demystifying Microsoft Copilot for Security

Watch Webinar >
A man wearing glasses, looking intently at a computer screen in a dimly lit room, with blurred figures seated behind him, focused on their own screens. A colorful logo appears in the lower left corner.
Blog
Exploring the Future of Cybersecurity with Microsoft Copilot for Security 

Read Blog >