Microsoft has introduced that it’ll begin updating safety defaults for all Microsoft 365 tenants in July to dam entry to SharePoint, OneDrive, and Workplace recordsdata by way of legacy authentication protocols.
These adjustments may even deal with software entry permissions that may expose organizations to pointless safety dangers. The rollout is ready to start in mid-July 2025, with an estimated completion date by August 2025.
Microsoft will allow them by default for all Microsoft 365 tenants, throughout Microsoft Entra, Microsoft 365 apps, SharePoint On-line, and Microsoft OneDrive, with no extra licensing required.
As the corporate defined in a Microsoft 365 admin middle message on Tuesday, Microsoft 365 will routinely block legacy browser authentication to SharePoint and OneDrive utilizing RPS (Relying Social gathering Suite) after the adjustments roll out, along with FPRPC (FrontPage Distant Process Name) protocol for Workplace file opens.
“Legacy authentication protocols like RPS (Relying Social gathering Suite) are weak to brute-force and phishing assaults because of non-modern authentication. Blocking this prevents purposes which might be utilizing outdated strategies from accessing SharePoint and OneDrive by way of browser,” the corporate defined.
“FrontPage Distant Process Name (FPRPC) is a legacy protocol used for distant net web page authoring. Whereas now not extensively used, Legacy protocols corresponding to FPRPC could be extra inclined to compromise and blocking FPRPC helps scale back publicity to vulnerabilities. With this alteration, FPRPC shall be blocked for opening recordsdata, stopping the usage of this non-modern protocol in Microsoft 365 purchasers.”
After the brand new safety defaults roll out, Microsoft 365 tenants may even require admin consent for third-party apps to entry recordsdata and websites, stopping customers from overexposing their group’s content material.
With this alteration, Microsoft-managed App Consent Insurance policies will stop customers from consenting to third-party purposes accessing their recordsdata and websites by default till they’ve admin approval.Â
For configuring admin consent, you can discuss with this Microsoft Entra help doc. They’ll additionally configure granular entry insurance policies for particular customers or teams, as detailed right here.
“As a part of the Microsoft Safe Future Initiative (SFI) and in alignment with the ‘Safe by Default’ precept, we’re updating default settings in Microsoft 365 that can assist you meet the minimal safety benchmark and harden your tenant’s safety posture,” Redmond added.
“This is step one in a broader effort to judge and evolve Microsoft 365 defaults via the lens of safety finest practices.”
For the reason that begin of the yr, the corporate has additionally begun disabling all ActiveX controls in Home windows variations of Microsoft 365 and Workplace 2024 purposes and mentioned it is going to begin rolling out a brand new Groups function designed to block screenshots throughout conferences in July.
Extra lately, Microsoft introduced final week it is going to add .library-ms and .search-ms file sorts to the listing of blocked Outlook attachments beginning subsequent month.
Patching used to imply advanced scripts, lengthy hours, and infinite hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, scale back overhead, and deal with strategic work — no advanced scripts required.
