Microsoft 365 apps will block insecure file open protocols like FPRPC by default starting version 2508, with new Trust Center settings to manage these protocols. Admins can control settings via Group Policy or Cloud Policy service. Changes apply only to Microsoft 365 apps for Windows, not Teams.
Introduction
To help protect users from legacy protocol vulnerabilities, we’re introducing new Trust Center settings in Microsoft 365 apps that block file opens using insecure protocols by default. These changes enhance security by reducing exposure to outdated technologies like FrontPage Remote Procedure Call (FPRPC), FTP, and HTTP.
This message is associated with Microsoft 365 Roadmap ID 497299.
When this will happen
How this will affect your organization
Starting with version 2508 of Microsoft 365 apps:
Note: This change applies only to Microsoft 365 apps for Windows. There is no impact on Microsoft Teams across any platform (Windows, Mac, web, iOS, or Android).
What you need to do to prepare
Compliance considerations
Does the change include an admin control and, can it be controlled through Entra ID group membership? | Admins can manage protocol settings via CPS or Group Policy, which can be scoped to Entra ID groups. |
Does the change allow a user to enable and disable the feature themselves? | Users can re-enable FPRPC and disable FTP/HTTP unless the settings are managed centrally. |