Microsoft has introduced that it’s going to begin updating safety defaults for all Microsoft 365 tenants in July to dam entry to SharePoint, OneDrive, and Workplace recordsdata by way of legacy authentication protocols.
These adjustments will even tackle utility entry permissions that may expose organizations to pointless safety dangers. The rollout is ready to start in mid-July 2025, with an estimated completion date by August 2025.
Microsoft will allow them by default for all Microsoft 365 tenants, throughout Microsoft Entra, Microsoft 365 apps, SharePoint On-line, and Microsoft OneDrive, with no extra licensing required.
As the corporate defined in a Microsoft 365 admin heart message on Tuesday, Microsoft 365 will mechanically block legacy browser authentication to SharePoint and OneDrive utilizing RPS (Relying Celebration Suite) after the adjustments roll out, along with FPRPC (FrontPage Distant Process Name) protocol for Workplace file opens.
“Legacy authentication protocols like RPS (Relying Celebration Suite) are susceptible to brute-force and phishing assaults because of non-modern authentication. Blocking this prevents functions which are utilizing outdated strategies from accessing SharePoint and OneDrive by way of browser,” the corporate defined.
“FrontPage Distant Process Name (FPRPC) is a legacy protocol used for distant internet web page authoring. Whereas now not extensively used, Legacy protocols reminiscent of FPRPC will be extra inclined to compromise and blocking FPRPC helps cut back publicity to vulnerabilities. With this variation, FPRPC shall be blocked for opening recordsdata, stopping the usage of this non-modern protocol in Microsoft 365 purchasers.”
After the brand new safety defaults roll out, Microsoft 365 tenants will even require admin consent for third-party apps to entry recordsdata and websites, stopping customers from overexposing their group’s content material.
With this variation, Microsoft-managed App Consent Insurance policies will stop customers from consenting to third-party functions accessing their recordsdata and websites by default till they’ve admin approval.Â
For configuring admin consent, you can discuss with this Microsoft Entra assist doc. They’ll additionally configure granular entry insurance policies for particular customers or teams, as detailed right here.
“As a part of the Microsoft Safe Future Initiative (SFI) and in alignment with the ‘Safe by Default’ precept, we’re updating default settings in Microsoft 365 that will help you meet the minimal safety benchmark and harden your tenant’s safety posture,” Redmond added.
“This is step one in a broader effort to judge and evolve Microsoft 365 defaults by the lens of safety greatest practices.”
For the reason that begin of the yr, the corporate has additionally begun disabling all ActiveX controls in Home windows variations of Microsoft 365 and Workplace 2024 functions and stated it is going to begin rolling out a brand new Groups function designed to block screenshots throughout conferences in July.
Extra lately, Microsoft introduced final week it is going to add .library-ms and .search-ms file varieties to the listing of blocked Outlook attachments beginning subsequent month.
Patching used to imply advanced scripts, lengthy hours, and limitless fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, cut back overhead, and deal with strategic work — no advanced scripts required.
