As part of Microsoft’s Secure Future Initiative and its “Secure by Default” approach, Microsoft will begin automatically blocking legacy authentication protocols-specifically RPS (for SharePoint and OneDrive browser access) and FPRPC (used for opening Office files)-across all Microsoft 365 tenants. This change rolls out from mid-July 2025 and completes by August 2025, with no additional licensing required.
Why This Change Matters
Legacy protocols like Relying Party Suite (RPS) and FrontPage Remote Procedure Call (FPRPC) lack modern security protections such as:
- Multi-Factor Authentication (MFA)
- Encrypted token exchange
These outdated methods remain a major threat vector. Microsoft reports that over 97 percent of credential-stuffing attacks exploit these insecure protocols.
By blocking legacy authentication by default and requiring administrator consent for third-party apps, Microsoft aims to significantly reduce credential-based attacks across its ecosystem.
What’s Impacted
- SharePoint and OneDrive Access: RPS-based browser logins will no longer function.
- Office File Handling: FPRPC will be disabled, halting older file-access methods.
- Third-Party Applications: Users will no longer be able to grant app permissions without administrator approval.
What IT Teams Should Do Now
1. Inventory and Audit
- Use Azure AD sign-in logs and Basic Authentication Reporting to identify any legacy authentication dependencies.
2. Notify and Update Documentation
- Inform internal teams and application owners of upcoming changes.
- Update security policies, help guides, and user training documentation.
3. Migrate to Modern Authentication
- Upgrade systems and applications to OAuth 2.0, MSAL, or Microsoft Graph API.
- Ensure MFA and Conditional Access policies are enforced organization-wide.
4. Implement Admin Consent Policies
- Use Microsoft-managed consent frameworks to govern app access.
- Guide users through the appropriate approval workflow.
5. Test and Protect Critical Accounts
- Run policies in report-only mode to evaluate impact.
- Exclude essential service and break-glass accounts to prevent accidental lockout.
Final Thoughts
This shift away from legacy protocols is a critical step toward securing Microsoft 365 environments. While any system change introduces short-term challenges, organizations that audit, plan, and communicate effectively will see major long-term gains in security, compliance, and user safety.
Proactive preparation today eliminates exposure to well-known attack vectors tomorrow.
About COE Security
COE Security partners with clients across sectors-including healthcare, finance, legal, manufacturing, and retail-to strengthen cloud environments and maintain regulatory compliance.
We offer:
- Legacy to modern authentication transitions
- Azure AD and Conditional Access strategy
- Admin consent implementation and policy guidance
- End-user training and stakeholder communication planning
Follow COE Security on LinkedIn to stay informed on securing your Microsoft 365 infrastructure.
Click to read our LinkedIn feature article
v