Microsoft to Remove EXIF Data from Images Shared on Teams

Microsoft is rolling out a significant set of privacy and security enhancements for Microsoft Teams, with the most notable update being the automatic removal of EXIF metadata from images shared within the platform.

EXIF (Exchangeable Image File Format) data is hidden metadata embedded inside image files.

When a user takes a photo on a smartphone or camera, the device silently records sensitive details into the file including the exact GPS coordinates of where the photo was taken, precise timestamps, and the device model used.

For cybersecurity professionals, this is a well-known threat vector. Threat actors routinely harvest EXIF metadata from shared images to perform Open-Source Intelligence (OSINT) gathering and craft highly targeted social engineering attacks against individuals and organizations.

Teams Will Now Strip Metadata Automatically

Microsoft Teams will now automatically strip all EXIF metadata from every image uploaded to chats or channels.

This means employees can safely share screenshots, workplace photos, or visual updates without unknowingly leaking their location or device information.

The feature works silently in the background, requiring no action from end users, effectively closing a passive but dangerous data exposure gap that many organizations have historically overlooked.

Three Additional Security Updates

Alongside EXIF stripping, Microsoft is introducing three foundational security updates:

• Biometric Enrollment Dashboard: IT admins will gain a dedicated voice and face profile enrollment dashboard inside the Teams Admin Center (TAC), allowing them to audit and monitor how biometric data is being collected and used across the organization for AI-enhanced meeting features.
• Mandatory Browser Modernization (Deadline: May 15, 2026): Teams on the web will require browsers compliant with ECMAScript 2022 (ES2022). Users on outdated browsers will first see warning banners, followed by a hard blocking page after the deadline, enforcing stronger security protocols and modern memory management.
• Privacy-Safe Presence Detection: A new web presence setting will keep a user’s status as “Available” when they are active on their device, even with Teams running in the background. Microsoft explicitly states this feature detects only raw active or idle states; it does not track which apps the user runs or capture any screen content.

These updates reflect a broader industry push toward privacy-by-default design.

The automatic EXIF removal is particularly impactful for organizations where field employees, remote workers, or on-site staff regularly share photos, inadvertently exposing sensitive location data.

Security teams should update browser compliance policies ahead of the May 15, 2026, deadline and leverage the new biometric dashboard to ensure responsible AI feature governance within Teams.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Microsoft to Remove EXIF Data from Images Shared on Teams appeared first on Cyber Security News.