Microsoft 365 is about to disable outdated file access authentication protocols

Microsoft regularly disables outdated protocols for accessing its services. Over the past few years, the Redmond company has removed Basic Auth in Exchange Online and blocked access to Outlook for third-party apps that use it. Now, Microsoft is continuing its decision to remove legacy authentication protocols for accessing files across its entire Microsoft 365 service.

 

According to the official information posted on Microsoft 365 Admin Center. Starting in mid-July 2025, the company will disable legacy authentication protocols used to access files on Microsoft 365, Office applications, SharePoint, and OneDrive.

Specifically, applications or services that use Relying Party Suite (RPS) or FrontPage Remote Procedure Call (FPRPC) to perform browser authentication to open Office files will no longer be able to do so. As expected, this move is mainly to improve the security of Microsoft services.

 

Microsoft says RPS is vulnerable to brute-force and phishing attacks due to its age. Similarly, FPRPC (used for remote web page editing) is vulnerable to multiple vulnerabilities. As a result, both protocols will be disabled by default starting in mid-July 2025, with the implementation expected to be completed by August 2025.

The Redmond tech giant will update the default protocol standard without requiring customers to change any licensing terms. Additionally, after the changes are rolled out, Microsoft 365 will require admin consent to allow third-party access to files and sites. System administrators can view instructions here to configure admin consent workflows.

Microsoft says these changes are in line with the principles of the Secure Future Initiative (SFI). Earlier in the day, they also announced the rollout of enhanced security defaults for Windows 365 for the same reason.