Microsoft has introduced that it’ll begin updating safety defaults for all Microsoft 365 tenants in July to dam entry to SharePoint, OneDrive, and Workplace information through legacy authentication protocols.
These modifications may even deal with utility entry permissions that may expose organizations to pointless safety dangers. The rollout is ready to start in mid-July 2025, with an estimated completion date by August 2025.
Microsoft will allow them by default for all Microsoft 365 tenants, throughout Microsoft Entra, Microsoft 365 apps, SharePoint On-line, and Microsoft OneDrive, with no extra licensing required.
As the corporate defined in a Microsoft 365 admin heart message on Tuesday, Microsoft 365 will routinely block legacy browser authentication to SharePoint and OneDrive utilizing RPS (Relying Occasion Suite) after the modifications roll out, along with FPRPC (FrontPage Distant Process Name) protocol for Workplace file opens.
“Legacy authentication protocols like RPS (Relying Occasion Suite) are weak to brute-force and phishing assaults on account of non-modern authentication. Blocking this prevents functions which are utilizing outdated strategies from accessing SharePoint and OneDrive through browser,” the corporate defined.
“FrontPage Distant Process Name (FPRPC) is a legacy protocol used for distant internet web page authoring. Whereas not extensively used, Legacy protocols similar to FPRPC might be extra prone to compromise and blocking FPRPC helps cut back publicity to vulnerabilities. With this modification, FPRPC can be blocked for opening information, stopping the usage of this non-modern protocol in Microsoft 365 shoppers.”
After the brand new safety defaults roll out, Microsoft 365 tenants may even require admin consent for third-party apps to entry information and websites, stopping customers from overexposing their group’s content material.
With this modification, Microsoft-managed App Consent Insurance policies will forestall customers from consenting to third-party functions accessing their information and websites by default till they’ve admin approval.
For configuring admin consent, you can confer with this Microsoft Entra assist doc. They will additionally configure granular entry insurance policies for particular customers or teams, as detailed right here.
“As a part of the Microsoft Safe Future Initiative (SFI) and in alignment with the ‘Safe by Default’ precept, we’re updating default settings in Microsoft 365 that can assist you meet the minimal safety benchmark and harden your tenant’s safety posture,” Redmond added.
“This is step one in a broader effort to judge and evolve Microsoft 365 defaults by the lens of safety greatest practices.”
Because the begin of the 12 months, the corporate has additionally begun disabling all ActiveX controls in Home windows variations of Microsoft 365 and Workplace 2024 functions and mentioned it would begin rolling out a brand new Groups characteristic designed to block screenshots throughout conferences in July.
Extra lately, Microsoft introduced final week it would add .library-ms and .search-ms file varieties to the listing of blocked Outlook attachments beginning subsequent month.
Patching used to imply complicated scripts, lengthy hours, and countless hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, cut back overhead, and concentrate on strategic work — no complicated scripts required.