Microsoft is rolling out a wave of privacy and security updates for Microsoft Teams, headlining with a critical new feature that automatically removes EXIF metadata from shared images.
These upcoming changes are designed to protect user privacy by default, streamline biometric data management, and enforce modern browser security standards across the platform.
For cybersecurity professionals and privacy advocates, EXIF (Exchangeable Image File Format) data has long been recognized as a potential security risk.
When users share photos in chats or channels, they often unknowingly share hidden metadata embedded in the file.
This hidden data can include the exact GPS coordinates where the photo was taken, precise timestamps, and the specific smartphone or camera model used.
By automatically stripping this metadata from all uploaded images, Microsoft Teams actively prevents accidental location leaks.
Employees can safely share visual updates or screenshots without giving away private information, effectively closing a common vector used by threat actors for Open-Source Intelligence (OSINT) gathering and targeted social engineering.
Alongside the EXIF data removal, Microsoft is introducing several foundational security and operational updates:
- Biometric Enrollment Oversight: IT administrators are getting a dedicated voice and face profile enrollment dashboard within the Teams Admin Center (TAC). Because voice and facial recognition data are essential for AI-enhanced meeting features, this dashboard gives admins necessary visibility and metrics to audit how biometric data is being adopted and managed across the organization.
- Strict Browser Security Requirements: To maintain a secure operating environment, Teams on the web will enforce a mandatory browser update by May 15, 2026. The web application will only load on modern browsers compliant with ECMAScript 2022 (ES2022), which supports updated security protocols and memory management. Users on outdated browsers will see warning banners leading up to the deadline, followed by a strict blocking page.
- Privacy-Safe Activity Tracking: A new presence setting for Teams on the web will keep a user’s status as “Available” as long as they are active on their device, even if the Teams tab is running in the background. Microsoft strictly notes that this feature only detects raw active or idle states to protect privacy. It does not track which specific applications the user is running, nor does it capture any screen content.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
