(Updated) New file protection in Teams chat and channels blocks unsafe content

Updated November 17, 2025: The rollout of Weaponizable file type protection in Microsoft Teams is expected to finish before the end of November 2025 for General Availability (Worldwide). The previously announced update to make Weaponizable file protection setting in Messaging settings ON by default has been postponed to early 2026. A separate communication will be issued detailing the roll out schedule for the default-on change in advance.

Thank you for your patience.

Introduction

Microsoft Teams is introducing a new protection feature that blocks messages containing weaponizable file types—such as executables—in chats and channels. This helps reduce the risk of malware and file-based attacks by preventing unsafe content from being shared. This message applies to Teams for Windows desktop, Teams for Mac desktop, Teams for the web, and Teams for iOS/Android.

This message is associated with Roadmap ID 499892.

When this will happen

General Availability begins November 3 and will complete by end of November. At GA, "Scan messages for file types that are not allowed" will default to ON, and protection will apply if any participant in a conversation has it enabled.

To use a different setting, go to Teams admin center → Messaging settings → Scan messages for file types that are not allowed, select your preference, and click Save before GA.

Note: Simply viewing the page without saving will not override the default, but settings already saved during Targeted Release will persist.

• Targeted release (Worldwide): Starts early September 2025; expected to complete by mid-September 2025.
• General Availability (Worldwide): Starts early November 2025; expected to complete by end of November 2025 (previously mid-November).

How this affects your organization

Once enabled, Teams will automatically block messages that include weaponizable file types. This applies to both internal and external conversations.

• Recipients will see a notification that a message was blocked but cannot access the content.
• Senders will receive a notification and can edit and resend the message without the unsafe file.

Targeted release vs. General Availability behavior:

• Targeted release: Protection is enforced only when all organizations in the conversation have the feature enabled. This feature is off by default and requires admin activation.
• General Availability: Protection is enforced if at least one participant has the feature enabled. This feature is on by default. Admin settings saved during Targeted Release will remain unchanged.

What you can do to prepare

Admins can enable this protection in the Teams Admin Center:

1. Go to the Teams Admin Center
2. Navigate to Messaging Settings
3. Turn on the setting: Scan messages for file types that are not allowed

Alternatively, use PowerShell with the -FileTypeCheck parameter.

Once enabled, all users in your tenant will begin seeing file protection applied in their messages.

Blocked file types include:

ace, ani, apk, app, appx, arj, bat, cab, cmd, com, deb, dex, dll, docm, elf, exe, hta, img, iso, jar, jnlp, kext, lha, lib, library, lnk, lzh, macho, msc, msi, msix, msp, mst, pif, ppa, ppam, reg, rev, scf, scr, sct, sys, uif, vb, vbe, vbs, vxd, wsc, wsf, wsh, xll, xz, z

Learn more: 

• Weaponizable File Protection in Microsoft Teams

Compliance considerations

Updated October 30, 2025: We have updated the content. Thank you for your patience.

Introduction

Microsoft Teams is introducing a new protection feature that blocks messages containing weaponizable file types—such as executables—in chats and channels. This helps reduce the risk of malware and file-based attacks by preventing unsafe content from being shared. This message applies to Teams for Windows desktop, Teams for Mac desktop, Teams for the web, and Teams for iOS/Android.

This message is associated with Roadmap ID 499892.

When this will happen

General Availability begins November 3 and will take 2-3 weeks to complete. At GA, "Scan messages for file types that are not allowed" will default to ON, and protection will apply if any participant in a conversation has it enabled.

To use a different setting, go to Teams admin center → Messaging settings → Scan messages for file types that are not allowed, select your preference, and click Save before GA.

Note: Simply viewing the page without saving will not override the default, but settings already saved during Targeted Release will persist.

• Targeted release (Worldwide): Starts early September 2025; expected to complete by mid-September 2025.
• General Availability (Worldwide): Starts early November 2025; expected to complete by mid-November 2025.

How this affects your organization

Once enabled, Teams will automatically block messages that include weaponizable file types. This applies to both internal and external conversations.

• Recipients will see a notification that a message was blocked but cannot access the content.
• Senders will receive a notification and can edit and resend the message without the unsafe file.

Targeted release vs. General Availability behavior:

• Targeted release: Protection is enforced only when all organizations in the conversation have the feature enabled. This feature is off by default and requires admin activation.
• General Availability: Protection is enforced if at least one participant has the feature enabled. This feature is on by default. Admin settings saved during Targeted Release will remain unchanged.

What you can do to prepare

Admins can enable this protection in the Teams Admin Center:

1. Go to the Teams Admin Center
2. Navigate to Messaging Settings
3. Turn on the setting: Scan messages for file types that are not allowed

Alternatively, use PowerShell with the -FileTypeCheck parameter.

Once enabled, all users in your tenant will begin seeing file protection applied in their messages.

Blocked file types include:

ace, ani, apk, app, appx, arj, bat, cab, cmd, com, deb, dex, dll, docm, elf, exe, hta, img, iso, jar, jnlp, kext, lha, lib, library, lnk, lzh, macho, msc, msi, msix, msp, mst, pif, ppa, ppam, reg, rev, scf, scr, sct, sys, uif, vb, vbe, vbs, vxd, wsc, wsf, wsh, xll, xz, z

Learn more: 

• Weaponizable File Protection in Microsoft Teams

Compliance considerations

Updated September 9, 2025: We have updated the content. Thank you for your patience.

Introduction

Microsoft Teams is introducing a new protection feature that blocks messages containing weaponizable file types—such as executables—in chats and channels. This helps reduce the risk of malware and file-based attacks by preventing unsafe content from being shared. This message applies to Teams for Windows desktop, Teams for Mac desktop, Teams for the web, and Teams for iOS/Android.

This message is associated with Roadmap ID 499892.

When this will happen

• Targeted release (Worldwide): Starts early September 2025; expected to complete by mid-September 2025.
• General Availability (Worldwide): Starts early November 2025; expected to complete by mid-November 2025.

How this affects your organization

Once enabled, Teams will automatically block messages that include weaponizable file types. This applies to both internal and external conversations.

• Recipients will see a notification that a message was blocked but cannot access the content.
• Senders will receive a notification and can edit and resend the message without the unsafe file.

Targeted release vs. General Availability behavior:

• Targeted release: Protection is enforced only when all organizations in the conversation have the feature enabled. This feature is off by default and requires admin activation.
• General Availability: Protection is enforced if at least one participant has the feature enabled. This feature is on by default. Admin settings saved during Targeted Release will remain unchanged.

What you can do to prepare

Admins can enable this protection in the Teams Admin Center:

1. Go to the Teams Admin Center
2. Navigate to Messaging Settings
3. Turn on the setting: Scan messages for file types that are not allowed

Alternatively, use PowerShell with the -FileTypeCheck parameter.

Once enabled, all users in your tenant will begin seeing file protection applied in their messages.

Blocked file types include:

ace, ani, apk, app, appx, arj, bat, cab, cmd, com, deb, dex, dll, docm, elf, exe, hta, img, iso, jar, jnlp, kext, lha, lib, library, lnk, lzh, macho, msc, msi, msix, msp, mst, pif, ppa, ppam, reg, rev, scf, scr, sct, sys, uif, vb, vbe, vbs, vxd, wsc, wsf, wsh, xll, xz, z

Learn more: 

• Weaponizable File Protection in Microsoft Teams

Compliance considerations