Microsoft is strengthening the security posture of enterprise collaboration by automatically enabling critical messaging safety features in Microsoft Teams.
According to a new administrative update, the company will switch several protective settings to “On” by default starting January 12, 2026, affecting tenants who rely on standard configurations.
The initiative represents a shift toward “secure-by-default” principles, aiming to reduce the attack surface for organizations that may have overlooked manual security hardening.
As detailed in administrative advisories MC1148540, MC1148539, and MC1147984, the update targets the Messaging Safety section of the Teams Admin Center.
What Is Changing?
For tenants that have not modified their messaging safety settings, three specific protections will be automatically activated:
- Weaponizable File Type Protection: This feature blocks the transmission of file extensions known to be high-risk vectors for malware execution.
- Malicious URL Protection: Teams will scan shared links in real-time to detect and flag known phishing sites or malicious domains.
- Report Incorrect Security Detections: This feedback mechanism empowers end-users to report false positives, helping Microsoft fine-tune its threat detection algorithms.
This rollout specifically affects tenants utilizing the default configuration. Organizations that have previously customized and saved their messaging safety settings will not be impacted; their established preferences will take precedence over the new defaults.
Once the update takes effect, end-users may notice immediate changes in their daily workflows. Employees sharing content may see warning labels attached to messages containing suspicious URLs.
Furthermore, users attempting to transfer file types deemed “weaponizable” will experience blocked messages. However, the inclusion of the reporting feature ensures that legitimate business workflows are not permanently disrupted by false alarms.
For IT administrators, the window to review these changes is now open. Microsoft advises administrators to navigate to Teams admin center > Messaging > Messaging settings > Messaging safety to inspect current values.
Admins who wish to opt out of these defaults must manually adjust and save their settings before the January 12, 2026, deadline. If no action is taken, the new security protocols will apply automatically.
To ensure a smooth transition, security teams are encouraged to update internal documentation regarding acceptable file types and URL warnings. Microsoft also recommends that organizations inform helpdesk staff about the upcoming changes.
Preparing support teams now will help them differentiate between legitimate security blocks and potential system errors when users begin reporting issues in early 2026.
By standardizing these protections, Microsoft aims to mitigate the growing trend of threat actors utilizing collaboration platforms for lateral movement and malware distribution.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
