I just learned that Teams is set to ‘[Open Federation](https://docs.microsoft.com/en-us/microsoftteams/manage-external-access)’ by default, allowing *any* External org to send chat messages directly to internal users. “Safe links” is a MS URL detonation technology that is available for teams, but is also [disabled by default](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links?view=o365-worldwide).
Am I missing something, or is this a **monumental** phishing attack surface?
Seems like it would be trivial for an attacker to stand up a teams and reach out to users at random pretending to be IT. Does anyone know if the same technologies applied to Outlook email protection are also applied to Teams? To my knowledge, I have not yet seen phishing awareness training that covers teams, and the possibility of being contacted by an external attacker directly either.
Anyone have experience running a Teams phishing incident?