| Phase | Description | Effective on |
| Phase 1 | GA rollout with an Admin Center setting | January 28, 2026 |
| Phase 2 | Enforcement rollout start and removal of setting | April 28, 2026 |
| Phase 3 | Completion of enforcement rollout | June 30, 2026 |
Starting April 28, 2026, Zendesk will implement a new security standard: Private End-User Attachments. As part of our commitment to platform security and data protection, all file attachments uploaded by end users are now private. If someone clicks on a file, they’ll be asked to sign in first before they can view or download it.
What this means for you:
- Mandatory authentication: All end-user uploads will now be gated by authentication to ensure files remain protected.
- Admin Center update: The manual toggle for this setting will be removed from the Admin Center as this becomes the default, standardized behavior across the platform.
This announcement includes the following topics:
What’s changing?
Zendesk is introducing a new security control: Private end-user attachments. This setting bridges the gap between total public access and strict authentication for every file.
Currently, attachment access is primarily controlled by the Allow secure downloads setting. When this setting is on, all users (agents and customers) must sign in to view any attachments. When this setting is off, all attachments are effectively public, potentially allowing unintended third parties to access sensitive files through direct links.
The new Private end-user attachments setting allows for a hybrid approach:
- End-user-uploaded attachments will require authentication after the initial submission, preventing unauthorized access to customer-provided files.
- Agent-uploaded attachments can remain accessible to end users without requiring a sign-in or a Zendesk account (provided Allow secure downloads is turned off).
For more information, see Allowing end users to attach files to tickets.
What's NOT changing?
While this update enhances security for ticket attachments in Support, existing specialized controls for specific channels remain in place.
This change does not affect the messaging channel. The private attachments in messaging feature remains available and unaffected by this change. You can continue to manage private attachments in messaging via the Admin Center to maintain your existing security configurations for live conversations.
Why is Zendesk making this change?
This update is designed to improve security and privacy by reducing the risk of unintended exposure of customer data. We recognized that while many businesses want to protect the files their customers send them, they also want to keep the "friction" low when agents share helpful documents or resources back to those customers.
By gating access to end-user uploads while keeping agent-shared files easy to access, you get the best of both worlds: enhanced data protection and a smoother customer support experience.
What do I need to do?
While no immediate action is required, we recommend reviewing your attachment settings. The setting is now available in the Admin Center for manual activation.
You can find the new toggle by navigating to: Admin Center > Objects and rules > Tickets > Settings > Downloads and attachments > Private end user attachments. See Allowing end users to attach files to tickets.
If you have feedback or questions related to this announcement, visit our community forum, where we collect and manage customer product feedback. For general assistance with your Zendesk products, contact Zendesk customer support.