Microsoft Teams: Weaponizable File Type Protection for Teams Chat and Channels

🚨 The Signal: Microsoft Teams now automatically blocks messages containing weaponizable file types like executables in chats and channels. This enhances protection against malware and file-based attacks, reducing the risk of compromise through collaboration tools.

The Impact

All Teams users are affected by enhanced malware protection, reducing the risk of file-based attacks.

• End Users: Cannot share executables directly, reducing malware infection risk.
• Security Teams: Reduced attack surface for file-based threats in Teams.
• Admins: Less need for manual intervention on blocked malicious files.
• Organisations: Improved overall security posture against malware.

The Action

1. Review existing Teams data loss prevention (DLP) policies for potential overlap or conflicts with this new native blocking capability.
2. Communicate to end-users about the new file blocking behaviour and approved alternative methods for sharing necessary executable files securely.
3. Monitor Microsoft 365 Message Center for any future configuration options related to this feature.
4. Verify that Microsoft Defender for Cloud Apps (MDCA) policies are configured to detect and alert on attempts to bypass this control.

Domain: Teams · Impact: medium · Workload: Teams · Essential Eight: Application Control · ISM: ISM-0843, ISM-1490, ISM-1544, ISM-1582, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1870, ISM-1871