NewApp Digest
search bot

legacy protocols

Microsoft to disable NTLM by default in future Windows releases
Winsage
January 30, 2026

Microsoft to disable NTLM by default in future Windows releases

Microsoft will disable the NTLM authentication protocol by default in the next major Windows Server release and associated Windows client versions. NTLM, introduced in 1993, has been vulnerable to various cyberattacks, including NTLM relay and pass-the-hash attacks. The transition plan includes three phases: enhanced auditing tools in Windows 11 24H2 and Windows Server 2025, new features like IAKerb and a Local Key Distribution Center in late 2026, and eventually disabling network NTLM by default in future releases. NTLM will remain in the operating system but will not be used automatically. Microsoft deprecated NTLM authentication in July 2024 and has encouraged developers to transition to Kerberos or Negotiation authentication.
Microsoft Ends FrontPage RPC in Secure 365 Update
Winsage
June 20, 2025

Microsoft Ends FrontPage RPC in Secure 365 Update

Microsoft plans to block outdated protocols, including FrontPage Remote Procedure Call, as part of its "Secure by Default" initiative to enhance cybersecurity within its Microsoft 365 ecosystem. This decision aims to phase out legacy technologies that pose security risks, reflecting a broader industry trend toward prioritizing robust cybersecurity over maintaining older systems. The impact will be significant in enterprise environments, where legacy systems are often critical, requiring IT teams to identify dependencies on these protocols. While Microsoft provides guidance for migration, the responsibility lies with customers, which may strain relationships with long-time clients.
Old apps and third-party providers blocked: Major Microsoft 365 security impact
Winsage
June 20, 2025

Old apps and third-party providers blocked: Major Microsoft 365 security impact

Microsoft is implementing default blocks on legacy protocols and third-party applications for Microsoft 365 to enhance security. This includes deactivating the RPS protocol for SharePoint and OneDrive, as well as blocking the FPRPC protocol. Administrators will now need to give explicit approval for third-party applications to access files and pages, limiting user consent. These changes will begin in mid-July 2025 and are expected to be completed by August. Additionally, new security settings for Windows 365 will disable clipboard, storage, USB device, and printer linking by default on newly set up cloud PCs, with VBS, Credential Guard, and HVCI activated by default for those using a Windows 11 Gallery image. These updates for Windows 365 are planned for the latter half of 2025.
Search