Release Version Date Description
MOVEit Transfer 2025 17.0 May 21, 2025 Initial release.
MOVEit Transfer 2025.0.1 17.0.1 July 16, 2025 Service pack. See Fixed Issues in 2025.0.1.
MOVEit Transfer 2025.0.2 17.0.2 September 17, 2025 Service pack. See Fixed Issues in 2025.0.2.
MOVEit Transfer 2025.0.3 17.0.3 September 30, 2025 Hotfix. See Fixed Issues in 2025.0.3.
MOVEit Transfer 2025.0.4 17.0.4 November 17, 2025 Service pack. See Fixed Issues in 2025.0.4.
MOVEit Transfer 2025.0.5 17.0.5 January 21, 2026 Service pack. See Fixed Issues in 2025.0.5.
MOVEit Transfer 2025.0.6 17.0.6 March 18, 2026 Service pack. See Fixed Issues in 2025.0.6.
MOVEit Transfer 2025.0.7 17.0.7 May 20, 2026 Service pack. See Fixed Issues in 2025.0.7.

With the current release, MOVEit Transfer adds the following features and improvements.

New permission level: Audit User

The Audit User level of permission enables you to create users needed for an internal or third-party audit. Audit Users have reporting and log access, which can help validate aspects of policy or periodic compliance. Audit users do not have access to folder data (other than their own) and cannot change file or folder settings.

  • Reviewing system access.
  • Reviewing system activity.
  • Reviewing existing user/group settings.
  • Access to appropriate system and audit logging and reports.
Figure 1. Creating a user with audit-level permissions

Time zone settings for Orgs, Users, and Reports

Users can now configure MOVEit Transfer to display a date and time format that aligns with their preferred time zone. Org admins can specify a time zone for the organization, and users can override this setting to use their local or preferred setting. Additionally, when creating reports, users can specify a specific time zone to be used for filtering and displaying date and time-based data in a report.

  • Org admins can choose between using the default server (database) time zone or specifying a different default time zone for the org.

  • Individual users can use the org-wide time zone (as defined) or choose a display setting according to time zone preference.

  • When creating or editing reports, users can choose to use the server time zone, the org time zone, or specify an alternative time zone.

Figure 2. User can choose specific time zone display preference
Figure 3. Admin can control org and default user settings

SHA-2 file integrity checks

MOVEit Transfer uses SHA-2 algorithms for file integrity checks. The previous standard for end-to-end file integrity checking, SHA-1, is deprecated (maintained for purposes of backward compatibility with older client applications).

Figure 4. File information page (Integrity Verified field highlighted)

WebUI Upload Folder feature

MOVEit Transfer now provides folder upload capability for users (when an admin assigns that user the Subfolder permission for the current Upload To folder). When your user has subfolder permissions, you can upload a folder or folder tree complete with files.

Figure 5. New Upload Folder feature

WebUI Upload Files improvements

MOVEit Transfer provides quota checks from Upload Files view (before upload). This enables users to work through and self-correct scenarios where file size exceeds their account "folder quota" (total on-disk size of files). Users now see a warning and can prune the upload list based on quota and file size.

Figure 6. Upload Files window includes pre-upload checks against user's quota

Whitelisted IP address rules

Whitelisted IP addresses have trusted access without safeguards of IP Lockout policy rules. For example, this case can be useful for scenarios where:
  • Internal clients access MOVEit Transfer from behind a shared firewall.
  • Clients access MOVEit from a properly managed and trusted third-party application.
  • Scenario-based monitoring/testing from a single IP address that would otherwise be locked out.

(This feature is intended to replace Trusted Hosts for any workflows that need to prevent an IP address from being locked out.)

Figure 7. Whitelisted IP Address Entry

SSH keys displayed with SHA fingerprints

MOVEit Transfer now displays SHA-1 and SHA-256 fingerprints for client SSH keys instead of MD5 fingerprints. Admin Web UI improvements were added to the client key holding tank workflow and the client key import UI controls. Users viewing SSH keys through the Java API will now see the full public key instead of the MD5 fingerprint.
Figure 8. Org SSH Key Holding Tank (one key waiting for admin validation/approval)
Note: The upgrade to MOVEit Transfer 2025 will not convert existing MD5 fingerprints to SHA. MD5 fingerprints are converted as users authenticate with them after the upgrade.

SSH and SSL/TLS 'new key/cert in holding tank' notifications

MOVEit Transfer notifies Org and eligible Group admins when an SSH key or SSL (TLS) cert is added to a user's SSH Key Holding Tank or SSL (TLS) holding tank.

Windows Server 2025 support

You can now deploy MOVEit Transfer stand-alone and Web Farm nodes on machines running Windows Server 2025 operating system.

Product Telemetry feature

Product Telemetry SETTINGS > Miscellaneous > Product Experience [In-App Notifications and Product Telemetry] allows users to anonymously share information about how they use the MOVEit Transfer web UI to understand usage trends and better predict where product improvements are most needed. We gather anonymous usage statistics of Web-based UI controls. We collect no information entered through the UI.

Product telemetry is enabled by default, but you can disable this at the System level. Optionally, at the System level, you can allow individual orgs to modify their product telemetry settings.

Figure 9. SETTINGS > Miscellaneous > Product Experience [In-App Notifications and Product Telemetry] (sysadmin view shown)

SFTP and FTP service account run under a non-admin user

For new installations, the MOVEit Transfer Installer configures the SFTP and FTP services to each run in Windows Server OS using non-administrator, virtual accounts. The MOVEit Transfer Installer configures these virtual accounts only with permissions needed to run the services.

Complete version visibility of Outlook Add-in

The complete version (including the year and build number) of the Outlook Add-in application is displayed in the About dialog box.
Note: In order for the version of the Outlook Add-in to be displayed in the About box, you must update the Add-in for your users (version string and visibility source code instructions are contained in the latest XML deployment manifest for the Add-in).

Future retirement of 2018 Outlook Plug-in

As of MOVEit Transfer 2025.1, the Ad Hoc Transfer Plug-in for Outlook will be retired. The application will no longer be available for download.

AS2 default remote access controls (2025.0.3 Hotfix)

As of the 2025.0.3, MOVEit Transfer will Deny remote connections through the AS2 user interface. This is a change from previous behavior. For details, see the section titled Security Policies - Remote Access - Default Rules.