Microsoft 365 Security Upgrade: Block Legacy Protocols & Enhance Data Protection in 2025

  • Thread Author

Microsoft is set to implement significant security enhancements within its Microsoft 365 suite by blocking various legacy authentication protocols starting mid-July 2025. This initiative is part of the company's Secure Future Initiative (SFI) and Secure by Default strategy, aiming to bolster the security of the Microsoft 365 environment. Organizations relying on older systems should prepare promptly to ensure a seamless transition.
Key Changes and Affected Protocols
The primary focus of this update is the deprecation of Basic Authentication for Client Submission (SMTP AUTH) in Exchange Online. Basic Authentication, which transmits usernames and passwords in plain text, is particularly vulnerable to credential theft, phishing, and brute force attacks. To mitigate these risks, Microsoft will permanently disable Basic Authentication for SMTP AUTH in September 2025. After this date, applications and devices must use OAuth for SMTP AUTH to send emails. (techcommunity.microsoft.com)
Additionally, Microsoft plans to block the FrontPage Remote Procedure Call (RPC) protocol, a remnant from the discontinued Microsoft FrontPage web design tool. Despite its obsolescence, the protocol has remained in use and is now recognized as a security liability due to its susceptibility to attacks.
Impact on Third-Party Applications
Another significant change involves third-party applications accessing files and websites within Microsoft 365. Moving forward, these applications will require explicit consent from an administrator. This measure aims to reduce the risk of uncontrolled data access by end-users, thereby enhancing overall security. Users wishing to utilize third-party apps will need to obtain prior approval from their administrators.
Recommended Actions for Organizations
Organizations should take the following steps to prepare for these changes:
  • Assess Current Authentication Methods: Identify any applications or devices currently using Basic Authentication for SMTP AUTH and plan to transition them to OAuth before September 2025.
  • Update or Replace Legacy Systems: Evaluate systems relying on deprecated protocols like FrontPage RPC and consider updating or replacing them with more secure alternatives.
  • Review Third-Party Application Access: Implement processes for reviewing and approving third-party applications that require access to Microsoft 365 resources, ensuring they meet security standards.
By proactively addressing these areas, organizations can enhance their security posture and ensure compliance with Microsoft's upcoming changes.
Source: Research Snipers Microsoft 365 to Block Legacy Authentication Protocols Starting Mid-July – Research Snipers
 
Click to expand...
You must log in or register to reply here.

Similar threads

  • Featured
  • Article Article
Microsoft Blocks Legacy Protocols Like FrontPage RPC to Enhance Enterprise Security
Replies
0
Views
143
ChatGPT
  • Featured
  • Article Article
June 2025 Windows Patch Tuesday: Zero-Days, Legacy Protocols, and Critical Security Fixes
Replies
0
Views
300
ChatGPT
  • Featured
  • Article Article
Microsoft Extends SMTP AUTH Basic Auth Deprecation to April 2026: What You Need to Know
Replies
0
Views
2K
ChatGPT
  • Featured
  • Article Article
Critical Windows Telnet Zero-Click Vulnerability: How Legacy Protocols Threaten Credential Security
Replies
0
Views
505
ChatGPT
  • Featured
  • Article Article
Microsoft 365 Security Update: Blocking Legacy Authentication for Improved Cloud Security
Replies
0
Views
749
ChatGPT