Microsoft Teams To Introduce Mandatory Messaging Safety Defaults Beginning January 2026

Microsoft has announced that it will significantly tighten default messaging security protections in Microsoft Teams beginning in January 2026, a move aimed at reducing the growing risk of phishing, malware distribution, and other social-engineering attacks targeting workplace collaboration platforms.

According to an update published in the Microsoft 365 Message Center, the company will automatically enable enhanced messaging safety features for Teams tenants that are still running with default configurations and have not previously customized their security settings. The rollout is scheduled to begin on January 12, 2026, giving organizations roughly a year to review and adjust their configurations if they wish to opt out or apply alternative controls.

“We’re improving messaging security in Microsoft Teams by enabling key safety protections by default,” Microsoft said in its notice to administrators. “This update helps safeguard users from malicious content and provides options to report incorrect detections.”

Three Core Protections Enabled Automatically

Under the new default configuration, Microsoft Teams will activate three major security mechanisms designed to limit the spread of harmful content through chat and channel messages:

Weaponizable file type protection, which blocks file formats commonly abused to deliver malware or execute malicious code.
Malicious URL detection, which flags or warns users when links in messages are identified as potentially dangerous.
False-positive reporting, allowing end users to notify administrators when legitimate content is incorrectly flagged or blocked.

Microsoft emphasized that organizations that have already customized their Teams messaging safety settings will not be affected by the change. Only tenants still relying on Microsoft’s out-of-the-box defaults will see the automatic activation.

Once the protections are enabled, users may begin to notice visible warning labels attached to messages containing suspicious URLs, as well as new options to report security detections they believe are inaccurate. Messages containing blocked file types, however, will not be delivered at all.

Growing Threats to Collaboration Platforms

The move comes amid heightened concern across the cybersecurity industry about attackers increasingly targeting collaboration tools such as Microsoft Teams, Slack, and Zoom. Security firms including Proofpoint, Palo Alto Networks, and Check Point have reported a steady rise in phishing campaigns that exploit Teams chats, often impersonating IT support staff or external partners to trick employees into clicking malicious links.

Because Teams is deeply integrated into many organizations’ daily workflows—and often trusted more than email—attackers view it as a high-value vector. Analysts have warned that default configurations, while convenient, may leave organizations exposed if not hardened over time.

Microsoft has acknowledged this trend in recent months, rolling out additional protections designed to curb abuse from external domains and suspicious tenants. One such feature alerts administrators when unusual or potentially malicious traffic patterns are detected coming from outside an organization, a tactic commonly used in account compromise and credential-harvesting campaigns.

Guidance for IT Administrators

Microsoft is urging IT administrators to review their current Teams messaging safety settings well in advance of the January 2026 deadline. Those wishing to maintain their existing configurations must explicitly adjust and save their preferred settings before January 12 to prevent automatic activation of the new defaults.

Administrators can review and modify the relevant options by navigating to Teams Admin Center > Messaging > Messaging settings > Messaging safety.

The company also recommended that organizations update internal documentation and notify helpdesk and security teams about the upcoming changes, particularly to prepare for potential user questions related to blocked messages or flagged links.

Part of a Broader Teams Security and Performance Push

The messaging security update is part of a broader effort by Microsoft to strengthen Teams as both a secure and performant enterprise platform. In recent weeks, the company has introduced a feature that automatically blocks screen-capture attempts during meetings, addressing concerns around sensitive data leakage during presentations and calls.

Microsoft has also announced work on a new call handler designed to improve the performance of the Teams desktop client, particularly on Windows 11 systems. Early testing indicates faster launch times and reduced memory usage, addressing long-standing complaints from enterprise users about resource consumption.

At the Enterprise Connect conference last year, Microsoft disclosed that Teams has grown to more than 320 million monthly active users, underscoring the platform’s central role in modern workplace communication—and the importance of securing it against evolving threats.

As regulatory scrutiny and real-world cyberattacks continue to intensify, Microsoft’s decision to strengthen default protections reflects a broader industry shift toward “secure by default” configurations, reducing the burden on organizations to manually harden critical collaboration tools.

💡 Learn why focusing on CVSS scores isn’t enough and how seeing risk like an attacker – focusing on attack paths and choke points – helps you prioritize what truly matters.Stop chasing alerts, start reducing real risk. Read more by clicking below 👇🏻