Microsoft Teams will automatically enable new messaging safety features on January 12, 2026, for organizations using default settings.
The update activates protections against weaponizable file types, malicious links, and incorrect security detections, reducing common attack vectors in collaboration environments. Tenants with custom configurations will see no changes.
Microsoft describes the update as a proactive measure to strengthen security across Teams, reflecting a broader push toward secure-by-default collaboration.
Administrators should review settings and prepare helpdesk staff to guide users in organizations with default protections through warnings or blocked content.
Key Messaging Safety Features and How They Protect Teams Users
The new messaging safety features on Microsoft Teams target the common risks:
- Weaponizable file type protection blocks attachments that could deliver malware, stopping potentially dangerous files before they reach users.
- Malicious URL protection scans links in chats and channels in real time, alerting users to phishing attempts or unsafe websites.
- Incorrect detection reporting allows users to flag false positives, helping IT teams fine-tune security while minimizing workflow disruption.
This update will close previously exposed attack vector gaps for organizations relying on default settings. It also moves Teams toward a secure-by-default environment for all users.
Cybersecurity teams should benefit from reduced manual monitoring and improved baseline protection. However, end users in organizations where the default protections are enabled may encounter warning messages or blocked content, requiring adjustments to sharing files and links. Preparing helpdesk staff remains critical to guide these users through alerts and maintain operational continuity following the update on January 12.
Evolving Threats Driving Secure-by-Default Protections
In a recent blog, Microsoft Threat Intelligence reported that malware delivery, credential theft, and lateral movement through Teams were becoming more common. The team uncovered several campaigns targeting organizations using Teams to deliver malware, steal credentials, and move laterally within networks.
These findings demonstrate that attackers are targeting collaboration platforms in structured, repeatable ways: reconnaissance, initial access, persistence, lateral movement, and post-compromise activity. AI-driven phishing and deepfake social engineering are contributing to both the frequency and sophistication of these attacks.
Organizations relying on default settings were previously exposed to these risks.
The January 12 update changes this by automatically enabling protections against weaponizable files and malicious URLs. Users can report messages, files, or links incorrectly flagged as unsafe. This helps IT teams fine-tune protections while maintaining normal workflows and reducing exposure for at-risk organizations.
The default-to-on model reflects a proactive security posture. Administrators can opt out, but inaction applies protections automatically.
What This Means for ERP Insiders
Prepare for Teams default-setting security changes. Security managers must review settings and ready helpdesk staff for alerts affecting only users on default protections. Proactive action ensures smooth adoption, minimizes disruption, and keeps workflows running as Teams enforces messaging safety for default tenants.
Microsoft is raising baseline security standards. Automatic enforcement of protections against malware, phishing, and risky files is a proactive, secure-by-default approach for Teams users. This ensures organizations using default settings are immediately safer, reducing manual security tasks for admins and minimizing risk exposure for users.
Teams faces increasingly sophisticated cyberattacks. AI-driven phishing, deepfakes, and lateral movement campaigns show attackers are targeting collaboration platforms in structured, repeatable ways. Organizations should combine baseline protections with proactive monitoring, endpoint controls, and layered defenses to address evolving threats.
