Microsoft 365 Message Center Archive

MC1148540 - New file protection in Teams chat and channels blocks unsafe content

Message ID

MC1148540

View in Message Center

Service

Microsoft Teams

Last Updated

Sep 9, 2025

Published Sep 5, 2025

Tag

Updated message
New feature
User impact
Admin impact

Roadmap ID

499892

View in M365 Roadmap

Platforms

Android
Desktop
iOS
Web

Summary

Microsoft Teams will block messages containing weaponizable file types (e.g., executables) in chats and channels to reduce malware risks. This feature starts targeted release in September 2025 (off by default) and general availability in November 2025 (on by default). Admins can enable it via Teams Admin Center or PowerShell.

More information

Updated September 9, 2025: We have updated the content. Thank you for your patience.

Introduction

Microsoft Teams is introducing a new protection feature that blocks messages containing weaponizable file types—such as executables—in chats and channels. This helps reduce the risk of malware and file-based attacks by preventing unsafe content from being shared. This message applies to Teams for Windows desktop, Teams for Mac desktop, Teams for the web, and Teams for iOS/Android.

This message is associated with Roadmap ID 499892.

When this will happen

  • Targeted release (Worldwide): Starts early September 2025; expected to complete by mid-September 2025.
  • General Availability (Worldwide): Starts early November 2025; expected to complete by mid-November 2025.

How this affects your organization

Once enabled, Teams will automatically block messages that include weaponizable file types. This applies to both internal and external conversations.

  • Recipients will see a notification that a message was blocked but cannot access the content.
  • Senders will receive a notification and can edit and resend the message without the unsafe file.

user settings

Targeted release vs. General Availability behavior:

  • Targeted release: Protection is enforced only when all organizations in the conversation have the feature enabled. This feature is off by default and requires admin activation.
  • General Availability: Protection is enforced if at least one participant has the feature enabled. This feature is on by default. Admin settings saved during Targeted Release will remain unchanged.

What you can do to prepare

Admins can enable this protection in the Teams Admin Center:

  1. Go to the Teams Admin Center
  2. Navigate to Messaging Settings
  3. Turn on the setting: Scan messages for file types that are not allowed

user settings

Alternatively, use PowerShell with the -FileTypeCheck parameter.

Once enabled, all users in your tenant will begin seeing file protection applied in their messages.

Blocked file types include:

ace, ani, apk, app, appx, arj, bat, cab, cmd, com, deb, dex, dll, docm, elf, exe, hta, img, iso, jar, jnlp, kext, lha, lib, library, lnk, lzh, macho, msc, msi, msix, msp, mst, pif, ppa, ppam, reg, rev, scf, scr, sct, sys, uif, vb, vbe, vbs, vxd, wsc, wsf, wsh, xll, xz, z

Learn more: 

Compliance considerations

Compliance Area Explanation
Does the change modify how users can access, export, delete, or correct their personal data within Microsoft 365 services? Blocked messages are not delivered, which may affect access to the original message content. Recipients of messages with disallowed file types will not receive the message or its attachments.