Attackers are actively exploiting cross-tenant Microsoft Teams chats and calls to impersonate IT help desk personnel, trick employees into launching Quick Assist, and gain full control over corporate tenants—then deploy ransomware, Microsoft warned in an urgent security advisory in April 2026. The campaign, tracked by the Microsoft Threat Intelligence team, has already led to multiple confirmed tenant compromises across healthcare, manufacturing, and legal sectors, with ransom demands reaching into the millions. Unlike typical phishing, this technique abuses legitimate Microsoft infrastructure, making it particularly difficult for traditional email filters and endpoint detection to spot.

The attack chain begins with a seemingly innocuous Teams message from an external organization. The attacker, having registered a lookalike domain or compromised a trusted partner tenant, crafts a profile mimicking an IT service desk agent. The message claims the user’s device needs urgent patching or that their account shows suspicious activity, urging the recipient to accept a remote assistance session via Microsoft’s own Quick Assist tool. Because the cross-tenant Teams chat appears in the user’s main chat feed alongside legitimate conversations—and often carries the branding of a known software vendor or support team—employees routinely accept the request without suspicion.

Quick Assist, a built-in Windows remote help application, is the linchpin of the intrusion. Once the user grants screen control, the attacker silently elevates privileges, often by prompting the user to authenticate with Windows Hello or enter credentials into a fake admin prompt that overlays the session. With elevated access, the attacker registers a new device into the victim’s Microsoft Entra ID (formerly Azure AD) tenant, creating a backdoor that persists even after the remote session ends. From there, they exfiltrate sensitive data and, in the final stage, deploy ransomware such as BlackSuit or Royal across the network, leveraging the compromised Entra ID privileges to move laterally through Azure resources and on-premises servers.

How Cross-Tenant Teams Chats Become a Phishing Vector

Microsoft Teams enables external communication by default in most configurations, a setting that many organizations leave unchanged because it facilitates seamless B2B collaboration. While guest access and federation settings can restrict external contacts to specific domains, the default configuration allows any Teams user from a federated domain to initiate a one-on-one chat. Attackers exploit this laxity by purchasing domains that closely resemble legitimate IT service providers or even Microsoft’s own subdomains—for example, “microsoft-support.online” or “contoso-it.help”—and then creating users in their own malicious tenant.

The targeted employee receives a chat notification with a display name like “Contoso Help Desk” and a message claiming their Office 365 account has triggered a security alert. The psychological pressure is amplified by referencing real-sounding ticket IDs and a sense of urgency: “We’ve detected ransomware activity on your endpoint; please accept our remote assistance immediately to quarantine the threat.” Because the message arrives inside Teams, it bypasses the skepticism users have toward email-based phishing. Even the external badge on the message—a small “External” tag—is often overlooked or can be obscured by the attacker using Teams’ own message formatting.

The Attack Flow: From Quick Assist to Total Tenant Ownership

Once the user accepts the Quick Assist session, the attacker sees everything on the victim’s screen. In many cases, they guide the user to open a browser and navigate to what appears to be a Microsoft login page, but is actually a phishing portal designed to capture credentials and multi-factor authentication (MFA) tokens via adversary-in-the-middle. With the session token, the attacker can bypass MFA entirely and gain immediate access to the user’s Microsoft 365 account, including email, SharePoint, and Teams files.

The more sophisticated variant, however, avoids phishing entirely. The attacker uses the remote session to open PowerShell as administrator—often relying on the user’s own elevated permissions if they have local admin rights, which is common in many enterprises. They then run commands to join the device directly to their own Entra ID tenant, effectively hijacking the machine. Because Windows allows a device to be registered in multiple tenants, this does not trigger a visible alert on the victim’s side. With device registration, the attacker can deploy configuration profiles and applications, including remote monitoring and management (RMM) tools, which provide persistent access even after the Quick Assist session closes.

From the compromised device, the attacker enumerates the corporate network, harvests credentials from LSASS memory using tools like Mimikatz, and escalates to domain admin. In several incidents, they have then used the same Quick Assist technique on additional employees by sending Teams messages from the compromised user’s account to internal colleagues—this time with no external badge, making the messages appear completely internal and trustworthy. The chain reaction can compromise an entire tenant within hours.

Microsoft’s Advisories and Mitigations

In its April 2026 advisory (ref: ADV240003), Microsoft confirmed the cross-tenant Teams vector and provided temporary hardening guidance while working on permanent product changes. The advisory explicitly named Quick Assist as the primary tool abused, but also warned that similar legitimate remote help tools, including Remote Desktop Protocol (RDP) launched via Teams screen sharing, could be used in the same manner. The company stressed that this is not a vulnerability in Quick Assist or Teams but rather a social engineering campaign that abuses legitimate collaboration features.

Immediate mitigation steps recommended by Microsoft include:

  • Restricting external Teams communication to only trusted domains using the ‘External access’ settings in the Teams admin center. Organizations can create an allow list of domains while blocking all others.
  • Disabling Quick Assist organization-wide through Intune or Group Policy unless it is strictly required for IT support. For organizations that must keep it active, enforce the ‘Require a Microsoft account’ sign-in option and restrict screen sharing to authorized support staff only.
  • Implementing Entra ID conditional access policies that block cross-tenant device registration. Administrators can configure device settings to require devices to be registered only to the corporate tenant, preventing ad-hoc joins to external tenants.
  • Enabling Microsoft Defender for Office 365’s Teams-specific protection, which can flag and quarantine external messages containing suspicious keywords like “help desk,” “remote support,” or “Quick Assist.”

Microsoft also reiterated that the attacks highlight a fundamental risk in the trust model of cross-tenant collaboration: external users can message anyone in a tenant by default. A planned update for late 2026 will introduce an ‘External chat request’ approval flow, similar to LinkedIn connection requests, requiring users to explicitly accept or decline a first-time external message before the conversation can begin.

Real-World Impact and Ransomware Disruption

The advisory came after several high-profile incidents. In one case, a mid-sized law firm lost access to its entire document management system after an attacker used a Quick Assist session on a paralegal’s workstation to encrypt on-premises file servers and Azure Blob Storage backups. The ransom note demanded 2.5 million dollars in Bitcoin for decryption keys. Because the attacker had exfiltrated sensitive client data beforehand, the firm also faced extortion threats of public disclosure separate from the ransomware.

In the healthcare sector, a regional hospital network saw its electronic health records (EHR) system locked for 72 hours, forcing staff to revert to paper records and delaying surgeries. The initial compromise traced back to a nurse who received a Teams message from “Hospital IT Support” requesting a Quick Assist session to fix a printing issue. The attacker maintained access for six days before triggering the ransomware, carefully timing the deployment to maximize disruption—during a shift change when IT staff would be less responsive.

These incidents underscore that the attack is not merely a theoretical proof-of-concept. The combination of a trusted collaboration platform and a built-in remote tool creates an extremely low barrier to entry for attackers; they do not need to develop malware or exploit zero-days, only to craft a convincing persona and register a cheap domain.

Why Traditional Defenses Fail

Most organizations rely on email security gateways, endpoint detection and response (EDR), and security awareness training that focuses on email phishing. Cross-tenant Teams messages circumvent all these layers. Because the message is text-based and contains no malicious links or attachments at first, it sails through Teams’ own safety checks. The remote session itself uses Microsoft’s signed, legitimate binaries—Quick Assist and the Teams client—so EDR tools rarely flag the activity as malicious.

Moreover, security awareness programs rarely prepare employees for a Teams-based phish. In simulated phishing exercises, employees are conditioned to look for bad grammar, suspicious links, or fake login pages; a polite Teams message asking them to accept a support session does not trigger those alarms. The attackers deliberately exploit the etiquette of corporate collaboration: employees are accustomed to receiving quick IT help through Teams and are unlikely to question a request that appears to come from a known department.

Strengthening Your Defenses Beyond Microsoft’s Recommendations

While Microsoft’s guidance is essential, security teams should consider layered protections that address the human factor. Begin by implementing an explicit policy that any IT support request received via external Teams or email must be verified through a separate channel—such as calling a known help desk number—before any remote access is granted. This policy should be communicated through regular, role-specific training and reinforced with simulated Teams phishing campaigns.

Technically, organizations can leverage the Microsoft Graph API to monitor for anomalies: for example, an alert when a user accepts an external Teams chat for the first time and subsequently launches Quick Assist within a short window. Microsoft Sentinel or a third-party SIEM can ingest Teams audit logs and correlate events to flag such patterns in near real time. Additionally, restricting local administrator privileges on user workstations and implementing just-in-time elevation through Privileged Identity Management (PIM) would prevent attackers from easily running PowerShell commands that join devices to external tenants.

For critical infrastructure, consider air-gapping the most sensitive systems from Teams altogether, or deploy a dedicated support channel such as Microsoft Dynamics 365 Remote Assist that operates within a controlled and monitored environment. In the longer term, the industry may need to reevaluate the security model of cross-tenant collaboration across all unified communications platforms, not just Teams.

Looking Ahead

Microsoft has indicated that the cross-tenant messaging default will change, but until then, the attack surface remains wide open. The Quick Assist abuse also highlights a larger dilemma: the same tools that make remote work productive can be weaponized against the enterprise with alarming ease. As collaboration platforms become the new operating system for business, they necessarily blur security boundaries, and threat actors will continue to innovate within those gray areas.

For now, the burden falls on IT administrators and security teams to proactively tighten external access settings and educate users that not everyone in Teams is who they claim to be—even if their name tag says “IT Help Desk.”