I've dove deep into something I shouldn't have spent that much time on.

While researching implications caused by domain takeovers in M365, I wanted to try a new approach - leveraging the new Teams invite feature, where users do not need to have a (business) Microsoft account, just an e-mail address.

I was hoping I could 'hop back' into my home tenant with a user whose domain has been taken over (simulated in my lab environment).

That was not the case, but I did found out you'll get a user that can only join via e-mail, and there is a guest (or external) user made in the resource tenant. The home tenant does not exist.

Which makes sense, but is an interesting sight. #microsoft365 #entraID #m365 #security