Microsoft has announced that, starting late August 2025, Microsoft 365 apps for Windows will block file access through the legacy FrontPage Remote Procedure Call (FPRPC) protocol by default. This move is part of a broader initiative to enhance security and minimize exposure to outdated technologies, following earlier steps that disabled ActiveX controls and strengthened attachment restrictions in Outlook. The FPRPC protocol, once widely used for remote file operations and site management, is considered insecure and susceptible to modern cyber threats. With the release of app version 2508, any attempt to category Cyber security open files using FPRPC will be blocked automatically, switching to a more secure alternative protocol where available. The rollout is expected to reach all Microsoft 365 tenants by the end of September 2025.
New Trust Center features will permit users to re-enable FPRPC if their environment allows, unless settings are managed centrally through Group Policy or the Cloud Policy Service (CPS). Admins can further restrict or allow legacy protocols and manage authentication settings through CPS, ensuring organizations retain control over their security posture.
These changes only affect Microsoft 365 apps for Windows and do not impact Microsoft Teams or other platforms. Organizations are encouraged to assess any legacy dependencies and notify IT teams about adjustments that may be necessary for older workflows or app integrations
Source: BleepingComputer reports that starting with version 2508, Microsoft 365 apps will block file access via the insecure FPRPC legacy authentication protocol by default as part of its Secure by Default initiative.
Leave a comment