Re: Seems like a lot of hoops
Your point is well taken about the limitations on sending random messages; that said, there does appear to be a way to grant guest access to Microsoft Teams to folks using their email addresses:
https://docs.microsoft.com/en-us/microsoftteams/communicate-with-users-from-other-organizations
So, theoretically, imagine if someone were able to add themselves to Teams using an external address without admin intervention or approval. Again, possibly limited usefulness in and of itself. Cobbled together, however, might open the door for exactly this type of malicious message vulnerability.