ℹ️ Many blog posts do not include full scripts. If you require a complete version, please use the Support section in the menu.
Disclaimer: I do not accept responsibility for any issues arising from scripts being run without adequate understanding. It is the user's responsibility to review and assess any code before execution. More information

Upcoming : Microsoft Teams Messaging Safety Defaults Enablement

byartic6 -
0


From 12 January 2026, Microsoft will enable Teams messaging safety protections by default, this applies only to tenants that Microsoft determines have not previously modified or saved these settings.

Tenants with an explicitly saved configuration will not be overridden.

Why the Settings Are Disabled Today?

If you look in:

Teams Admin Center → Messaging → Messaging settings → Messaging safety

you may see:

  • File type checking: Disabled
  • URL reputation checking: Disabled

That looks like this:

⚠️ Important
Seeing these settings as Disabled does not confirm that the configuration has been explicitly saved.

Why “Disabled” Does Not Automatically Mean “Safe”

Microsoft distinguishes between tenants that have never modified or saved messaging safety settings and tenants that have explicitly saved a configuration (enabled or disabled) but.....

The issue is:

  • Microsoft does not expose a clear indicator showing whether a tenant is considered “previously modified”
  • PowerShell and TAC show the current value only, not whether it was ever saved

This means a tenant can:

  • Appear disabled today
  • Still be treated as unsaved
  • Have the defaults automatically enabled in January 2026

How to Check the Current Configuration with PowerShell

You can confirm the current effective values using the Teams PowerShell module as below:

Connect-MicrosoftTeams
Get-CsTeamsMessagingConfiguration
Identity            : Global
FileTypeCheck       : Disabled
UrlReputationCheck  : Disabled

What does this tell me?

  • FileTypeCheck : Disabled
    → Teams is not currently blocking weaponisable file types

  • UrlReputationCheck : Disabled
    → Teams is not currently performing URL reputation checks

There is currently no PowerShell property that exposes “saved vs never modified” state.

Recommended Action

Because Microsoft does not provide a definitive way to prove whether settings were previously saved, the safest approach is to explicitly save the configuration.

Recommended steps

  • Go to
    Teams Admin Center → Messaging → Messaging settings → Messaging safety
  • Toggle the relevant settings On
  • Toggle them Off again (if you want them disabled)
  • Click Save

This ensures Microsoft treats the tenant as explicitly configured and therefore excluded from automatic default enforcement.

What Users May Experience If Defaults Are Enforced

If the defaults are applied in January 2026, users may experience:

Messaging behaviour changes

  • Script-based or executable attachments being blocked in chat
  • Warning banners appearing on messages containing suspicious URLs
  • New “Report incorrect detection” options in Teams

User perception

  • Files that previously worked may suddenly fail
  • Users may believe Teams is “broken” or “regressed”
  • Security warnings may appear without prior explanation

Summery

The Messaging Safety settings are currently disabled because enforcement has not yet started. However, being disabled today does not guarantee that the tenant will remain unaffected when Microsoft begins applying the defaults in January 2026.

Microsoft will automatically enable these protections for tenants it considers to have not previously modified their settings, and there is no reliable indicator exposed to show whether a tenant qualifies for this automatic update. The lowest-risk defensive action is to explicitly save the current configuration now, which ensures the tenant is treated as “customized.”
Tags
Previous Post Next Post

نموذج الاتصال