Microsoft 365 Message Center Archive

MC1130392 - Microsoft 365 apps | New Trust Center settings to block insecure file open protocols

Message ID

MC1130392

View in Message Center

Service

Microsoft 365 suite
Microsoft 365 apps

Published

Aug 6, 2025

Tag

Major change
New feature
User impact
Admin impact

Roadmap ID

497299

View in M365 Roadmap

Platforms

Desktop

Summary

Microsoft 365 apps will block insecure file open protocols like FPRPC by default starting version 2508, with new Trust Center settings to manage these protocols. Admins can control settings via Group Policy or Cloud Policy service. Changes apply only to Microsoft 365 apps for Windows, not Teams.

More information

Introduction

To help protect users from legacy protocol vulnerabilities, we’re introducing new Trust Center settings in Microsoft 365 apps that block file opens using insecure protocols by default. These changes enhance security by reducing exposure to outdated technologies like FrontPage Remote Procedure Call (FPRPC), FTP, and HTTP.

This message is associated with Microsoft 365 Roadmap ID 497299.

When this will happen

  • Public Preview (Worldwide): We began rolling out in late July 2025 and expect to complete by late August 2025.
  • General Availability (Worldwide, GCC, GCC High, and DoD): We will begin rolling out in late August 2025 and expect to complete by late September 2025.

How this will affect your organization

Starting with version 2508 of Microsoft 365 apps:

  • File opens using the legacy FPRPC protocol will be blocked by default. Files will instead open using a more secure fallback protocol.
  • A new Trust Center setting will allow users to re-enable FPRPC, unless the setting is centrally managed via Group Policy or the Cloud Policy service (CPS).
  • New Trust Center settings will also allow users to disable FTP and HTTP file opens, which remain allowed by default. If these settings are managed by admins, the corresponding Trust Center options will be greyed out.

Note: This change applies only to Microsoft 365 apps for Windows. There is no impact on Microsoft Teams across any platform (Windows, Mac, web, iOS, or Android).

What you need to do to prepare

  • Review current configurations to determine if FPRPC is already blocked via Group Policy or CPS.
  • If needed, configure policies to allow specific groups to continue using FPRPC (not recommended).
  • Inform users that:
    • They may see changes in how files open.
    • Trust Center settings may be unavailable if managed centrally.
  • Admins can manage these settings through Cloud Policy service (CPS). If an admin disables a protocol via CPS, users will not be able to re-enable it through Trust Center.
  • While there is no explicit documentation for CPS policies related to these settings, admins can locate the relevant controls in CPS under Microsoft 365 Apps settings.

Compliance considerations

Does the change include an admin control and, can it be controlled through Entra ID group membership?Admins can manage protocol settings via CPS or Group Policy, which can be scoped to Entra ID groups.
Does the change allow a user to enable and disable the feature themselves? Users can re-enable FPRPC and disable FTP/HTTP unless the settings are managed centrally.