Microsoft is strengthening collaboration security in Microsoft Teams by enabling key messaging safety features by default. Starting January 12, 2026, these protections will help safeguard users from malicious files and links —all without requiring manual configuration for most organizations.
New “Messaging Safety” settings in Microsoft Teams
As announced by Microsoft, the following “Messaging safety” settings will be turned ON by default for tenants that have not previously customized these settings:
- Weaponizable File Type Protection
Blocks messages containing file types that could be weaponized for attacks.
- Malicious URL Protection
Detects and warns users about potentially harmful links in messages.
- Report Incorrect Security Detections
Allows end users to report false positives, improving detection accuracy over time.
Malicious URL Protection in Microsoft Teams helps prevent phishing and link-based threats by scanning URLs shared in chats, channels, and meetings. If a link is flagged as harmful, Teams shows warnings to both sender and recipients. Senders can edit or delete the message, while recipients see alerts before interacting with the link. In external conversations, if any organization has URL protection enabled, warnings apply to all participants.
Weaponizable File Protection in Microsoft Teams blocks messages containing file types commonly linked to malware or exploits, preventing unsafe content from being shared. When a user tries to send a message with a disallowed file type, Teams scans the attachment, blocks the entire message, and notifies both sender and recipients. Senders see a clear warning and can edit the message to remove the file, while recipients only see that the message was blocked for security reasons. In external conversations, if any organization has file protection enabled, the rule applies to all participants.
How This Affects Your Organization?
For tenants still using the default configuration, these protections will automatically apply starting January 12, 2026. End users may notice:
- Warning labels on messages containing suspicious URLs.
- The ability to report false positives directly in Teams.
- Blocked messages if they include weaponizable file types.
These changes aim to reduce phishing, malware, and other security threats while maintaining a smooth collaboration experience.
Enabling Malicious URL Protection and Weaponizable File Protection in Microsoft Teams is essential for keeping your organization secure. These features help prevent two major attack vectors—phishing links and malicious file attachments—by scanning messages and blocking harmful content before it reaches users in real time. This reduces the risk of malware infections, credential theft, and ransomware attacks, while educating users with clear warnings. Unlike advanced security tools such as Safe Links and Zero-hour Auto Purge (ZAP), that offer deeper protection like blocking links at click or removing malicious content entirely, these Teams settings provide strong, built-in protection at no extra cost. Enabling them ensures a safer collaboration environment without complexity.
How can Administrators enable Messaging Safety Features?
Administrators can enable these Messaging Safety features as follow:
- Navigate to Teams Admin Center > Messaging > Messaging Settings > Messaging Safety
- Enable the following options:
- Weaponizable file protection
- Malicious URL protection
- Report incorrect security detections
Conclusion
Enabling the “Messaging Safety” features in Microsoft Teams is a simple way to create a safer, smarter collaboration experience. By enabling Malicious URL Protection and Weaponizable File Protection options, the organization gains proactive defense against phishing and malicious files—at no extra cost. Helient encourages all customers to review their Teams settings and turn on these protections before January 12, 2026. For assistance or best practices, reach out to our Industry-Leading experts at service@helient.com.
2 minute read
