The Short Version
Microsoft is rolling out a security update that blocks File Explorer's Preview Pane from displaying files downloaded from the internet or received via email. Files you create internally or store on your network should continue to preview normally. You may see this soon if you haven't already.
Why it's happening: File preview was being exploited to deliver malware. Cybercriminals discovered they could craft malicious documents that execute harmful code simply by being previewed—no double-click required, no warning, just hover and boom. This change closes that security hole.
Can we turn it off? Technically yes, but doing so removes important protections against ransomware and other attacks. Those security tags aren't just about file preview—they also block dangerous macros in Office documents, warn before opening executables, and enable Protected View modes. The professional IT community consensus is clear: don't disable these protections.
What you should do: Learn to manually "unblock" files you trust (right-click file → Properties → check Unblock → OK), or simply open files directly instead of using preview. If you don't recognize the source, ask before unblocking.
Our position: We cannot recommend disabling these security features to restore old workflows. The risk of a breach—which could shut down your business for weeks, compromise confidential client information, trigger regulatory fines, violate cyber insurance terms, and damage your professional reputation—far outweighs the inconvenience of a few extra clicks. If you decide the business need justifies the risk, we'll need that decision documented in writing.
I've been discussing this with professional colleagues in the MSP community, and everyone agrees: clients will need to adjust to the new reality rather than work around it. This isn't us being difficult—it's us protecting your business, even when that means uncomfortable conversations.
Want to understand the full picture? Keep reading for detailed explanations of what's happening, why we're taking this position, what the real risks are, and what options you have.
The Full Story: We Need to Talk About File Preview
If you've been using Windows File Explorer's Preview Pane to quickly view documents, you may have already noticed some files no longer show a preview—or this change may not have hit your systems yet.
Either way, it's coming.
Microsoft is rolling out a security update that blocks file preview for documents downloaded from the internet or received via email. Files created internally or stored on your network should continue to preview normally. When it arrives, we want you to understand what's happening and why, before it becomes frustrating.
I've been discussing this with professional colleagues in the MSP community—everyone's wrestling with how to handle this kind of security-versus-convenience friction. The consensus is clear: we'll all need to adjust to the new reality rather than work around it.
This isn't a bug, and it's not something broken on your computer. It's a deliberate security change from Microsoft that's creating real workflow problems—particularly for law firms and other businesses that handle high volumes of documents daily.
We need to have an honest conversation about what's happening, why it matters, and what realistic options you have.
What Changed and Why
Microsoft recently strengthened how Windows handles files downloaded from the internet. Files that come from external sources—email attachments, web downloads, client portals—carry an invisible security tag called "Mark of the Web." This tag is Windows saying: "Hey, this file came from outside your trusted network. Proceed carefully." Files created or stored within your organization don't have this tag and should preview normally.
Here's the problem Microsoft was solving: The Preview Pane has been a security weakness for years. Cybercriminals discovered they could craft malicious documents that would execute harmful code simply by being previewed—no double-click required, no warning, just hover and boom.
Microsoft's response was straightforward: block previews of externally-sourced files (those with the Mark of the Web tag) unless someone explicitly tells Windows the file is safe. Your internal documents should continue to work as they always have.
For businesses that process client documents, review court filings, or manage incoming correspondence all day long, this creates significant friction. We get it—it's genuinely disruptive to established workflows.
The Question Everyone's Asking: "Can't You Just Turn This Off?"
Here's where we need to be straight with you.
Technically? Yes. We could write a script that automatically removes those security tags. We could change settings so your browser stops marking downloads as external. These modifications would restore your Preview Pane workflow tomorrow.
But professionally? We can't recommend it, and here's why.
Those security tags aren't just about file preview. When we remove them, we're disabling multiple protection layers:
- Macros in Office documents that would normally be blocked can now run automatically
- Windows won't warn you before opening potentially dangerous executables
- Applications won't open files in restricted "Protected View" modes
Removing the tags to fix Preview Pane is like removing your front door lock because you're tired of fumbling with keys. Yes, it's more convenient. It's also significantly more dangerous.
Understanding What We Can (and Can't) Control
Here's something important about how IT services work in 2024: We don't make Microsoft's security decisions, and honestly, we shouldn't.
Microsoft has thousands of security researchers analyzing threat patterns across millions of systems worldwide. When they implement a change like this, it's usually because they're seeing active exploitation in the wild. They have threat intelligence and resources that individual IT departments—whether in-house or outsourced—simply don't have access to.
Our role as your IT partner is to:
- Implement security best practices and explain what they mean for you
- Help you understand why changes are happening
- Find solutions that balance usability with protection
- Be honest about risk when asked to work around security features
What we can't do—and what you shouldn't want us to do—is bypass security controls just because they're inconvenient. Not because we're being difficult, but because the consequences of getting this wrong affect both of us.
If we deliberately disable security features and you experience a breach as a result, we're not just talking about your business interruption and data loss. We're also talking about:
- Our professional liability and errors & omissions insurance claims
- Potential regulatory scrutiny if protected data is compromised
- Questions about whether we met our duty of care as your IT provider
- Documentation that we knowingly weakened security controls
As IT professionals, we have a duty to advise you honestly about security risks, and that means we can't recommend solutions we know are fundamentally unsafe, even if you ask us to.
Let's Talk About Real Risk
We're not trying to scare you, but you deserve to understand what's actually at stake.
If you keep the security protections in place:
- Trade-off: Users must manually "unblock" files for preview, or just open them directly
- Benefit: Protection against malicious documents stays intact
- Result: Workflow friction and some annoyed employees
If we remove the security protections:
- Benefit: Preview Pane works exactly like it always has
- Trade-off: Files that should be flagged as potentially dangerous won't be
- Result: Increased vulnerability to ransomware, data breaches, system compromise
Now let's be honest about consequences:
Workflow friction is genuinely annoying. Nobody enjoys extra clicks.
But a security breach could:
- Shut down your business for days or weeks during recovery
- Compromise confidential client information you're legally obligated to protect
- Trigger regulatory notification requirements and potential fines
- Result in malpractice claims or lost clients
- Violate cyber insurance policy terms (meaning they won't cover the incident)
- Damage your professional reputation in ways that take years to rebuild
We're not being alarmist—we're describing what we've seen happen to other small businesses and professional practices.
Why This Especially Matters for You
Law firms, accounting practices, medical offices, and financial services firms are high-value targets. You handle sensitive information, you have money, and frankly, you often have less sophisticated security than Fortune 500 companies.
Attackers know this. They specifically design attacks that look like your normal business documents:
- "Court filing" PDFs with embedded exploits
- "Client correspondence" Word documents with malicious macros
- "Invoice" spreadsheets that download ransomware
These attacks rely on trusted document formats being opened without scrutiny. The Preview Pane restrictions are specifically designed to interrupt this attack pattern by forcing a conscious decision: "Do I trust this file enough to unblock it?"
It's inconvenient by design, because that inconvenience might save you from catastrophe.
What We Actually Recommend
Instead of fighting Microsoft's security decision, we think the better path is adaptation:
Things You Can Do Right Now:
- Learn the "Unblock" process (right-click file → Properties → check Unblock → OK)
- Use "Open" instead of Preview for files that need immediate review
- Establish a quick protocol: "If I don't recognize the source, I ask before unblocking"
Things We Can Help Investigate:
- Whether your internal files are incorrectly being marked as external (a configuration problem we can actually fix)
- If certain trusted sources (court e-filing systems, regular client portals) can be configured differently
- Whether email security solutions could scan and pre-clear legitimate attachments
- If it's time to look at document management systems designed for secure preview
What We Won't Do:
We won't implement blanket removal of security tags or disable Mark of the Web protections without a documented conversation where we've explained the specific risks and you've made an informed decision to accept them in writing.
This isn't us being stubborn. It's us taking our responsibility to protect your business seriously, even when that means uncomfortable conversations.
The Bottom Line
Look, we know this change is frustrating. Technology updates are rarely convenient when they happen, and this one hit workflows that have been stable for years.
But Microsoft didn't do this to make your life harder. They did it because file preview was being actively exploited to compromise businesses. The inconvenience you're experiencing is the side effect of closing a security hole that was actually being used against organizations like yours.
As your IT partner, we're going to tell you the truth even when that truth isn't what you want to hear: Some security measures really are more important than convenience. The risk of weakening these protections is greater than the benefit of seamless file preview.
We're here to help you adapt in ways that keep you secure. We'll provide training, explore alternatives, and work through the adjustment period with you.
What we can't do is take on the liability of knowingly weakening your security because Microsoft made a design choice we don't control.
Your security matters too much for shortcuts, and your trust in us means we'll be honest about risk—even when you'd prefer a different answer.
Want to Discuss Your Specific Situation?
Every business has different workflows and different tolerance for friction. If you're wrestling with this change and want to talk through your options, I'm available. We can look at your specific setup, see if there are legitimate configuration improvements we can make, and help your team adjust to the new normal.
Just reach out—we'll figure it out together.
