Microsoft 365 Apps to Soon Restrict File Access via FPRPC by Default for Enhanced Security

Microsoft has announced that starting in late August 2025, Microsoft 365 apps for Windows will block access to files via the insecure FrontPage Remote Procedure Call (FPRPC) legacy authentication protocol by default. This change, applicable only to Microsoft 365 apps for Windows, will not impact Microsoft Teams users across any platform, including Windows, Mac, web, iOS, or Android. With the introduction of version 2508, Microsoft 365 apps will enhance security by reducing exposure to outdated technologies such as FPRPC, FTP, and HTTP. Users will have the option to re-enable FPRPC through new Trust Center settings, unless these settings are managed by Group Policy or the Cloud Policy Service (CPS).

Additionally, administrators will be able to manage authentication protocol settings through the CPS under Microsoft 365 Apps settings. If a protocol is disabled via CPS, users will not have the ability to re-enable it through the Trust Center. This announcement follows a June update regarding security defaults for all Microsoft 365 tenants, aimed at blocking file access via legacy authentication protocols to protect against brute-force and phishing attacks. Furthermore, Microsoft has been actively disabling ActiveX controls in Windows versions of Microsoft 365 and Office 2024 apps, and it plans to block specific file types in Outlook attachments. As cyber threats continue to evolve, these measures are crucial for safeguarding user data and maintaining system integrity. 

Categories: Security Enhancements, Legacy Authentication Protocols, Microsoft 365 Updates 

Tags: Microsoft 365, FPRPC, Legacy Authentication, Security, Trust Center, Cloud Policy Service, File Access, Outdated Technologies, Admins, Protocols