Microsoft has introduced that it’s going to begin updating safety defaults for all Microsoft 365 tenants in July to dam entry to SharePoint, OneDrive, and Workplace information by way of legacy authentication protocols.
These modifications may also handle software entry permissions that may expose organizations to pointless safety dangers. The rollout is about to start in mid-July 2025, with an estimated completion date by August 2025.
Microsoft will allow them by default for all Microsoft 365 tenants, throughout Microsoft Entra, Microsoft 365 apps, SharePoint On-line, and Microsoft OneDrive, with no further licensing required.
As the corporate defined in a Microsoft 365 admin heart message on Tuesday, Microsoft 365 will routinely block legacy browser authentication to SharePoint and OneDrive utilizing RPS (Relying Get together Suite) after the modifications roll out, along with FPRPC (FrontPage Distant Process Name) protocol for Workplace file opens.
“Legacy authentication protocols like RPS (Relying Get together Suite) are weak to brute-force and phishing assaults on account of non-modern authentication. Blocking this prevents purposes which might be utilizing outdated strategies from accessing SharePoint and OneDrive by way of browser,” the corporate defined.
“FrontPage Distant Process Name (FPRPC) is a legacy protocol used for distant internet web page authoring. Whereas now not broadly used, Legacy protocols corresponding to FPRPC will be extra inclined to compromise and blocking FPRPC helps scale back publicity to vulnerabilities. With this alteration, FPRPC can be blocked for opening information, stopping using this non-modern protocol in Microsoft 365 purchasers.”
After the brand new safety defaults roll out, Microsoft 365 tenants may also require admin consent for third-party apps to entry information and websites, stopping customers from overexposing their group’s content material.
With this alteration, Microsoft-managed App Consent Insurance policies will stop customers from consenting to third-party purposes accessing their information and websites by default till they’ve admin approval.
For configuring admin consent, you can consult with this Microsoft Entra assist doc. They’ll additionally configure granular entry insurance policies for particular customers or teams, as detailed right here.
“As a part of the Microsoft Safe Future Initiative (SFI) and in alignment with the ‘Safe by Default’ precept, we’re updating default settings in Microsoft 365 that will help you meet the minimal safety benchmark and harden your tenant’s safety posture,” Redmond added.
“This is step one in a broader effort to judge and evolve Microsoft 365 defaults by the lens of safety finest practices.”
For the reason that begin of the 12 months, the corporate has additionally begun disabling all ActiveX controls in Home windows variations of Microsoft 365 and Workplace 2024 purposes and mentioned it’s going to begin rolling out a brand new Groups characteristic designed to block screenshots throughout conferences in July.
Extra not too long ago, Microsoft introduced final week it’s going to add .library-ms and .search-ms file varieties to the record of blocked Outlook attachments beginning subsequent month.
Patching used to imply advanced scripts, lengthy hours, and infinite hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch sooner, scale back overhead, and give attention to strategic work — no advanced scripts required.
