Microsoft is taking significant steps to enhance the security of its products while phasing out outdated technologies.
In a strategic initiative aimed at bolstering both security and compatibility, Microsoft has announced the removal of obsolete drivers from Windows Update. This first phase of the cleanup targets drivers that already have modern replacements available within the Windows Update ecosystem.
Feedback from partners important
As part of this initiative, Microsoft will allow older drivers to expire, ensuring they are no longer available to any system. While partners retain the option to republish a driver deemed obsolete, they may be required to provide justification for doing so. Following the completion of this initial phase, partners will be granted a six-month grace period to voice any concerns. Should no issues be raised during this timeframe, the outdated drivers will be permanently eliminated from Windows Update.
Microsoft underscores that this cleanup will be a recurring process, contributing to enhanced security for Windows and a more streamlined driver set for end users. The company encourages its partners to review their drivers within the Hardware Program to avoid unexpected disruptions during the cleanup.
Blockages in Microsoft 365
This policy extends to Microsoft 365 as well. According to reports from The Register, Microsoft has alerted administrators that outdated authentication protocols will be blocked by default starting in July 2025. In a communication labeled MC1097272 within the Microsoft 365 Message Center, the company outlined plans to adjust default settings between July and August 2025, aiming to enhance security by restricting access through older authentication methods and requiring administrator approval for third-party app access.
These changes are part of the Secure Future Initiative (SFI) and align with the principles of Secure by Default. Historically, older default settings have posed attractive targets for malicious actors. As Microsoft addresses the implications of these outdated design choices, administrators managing legacy systems may face challenges.
The first protocols to be discontinued will be outdated browser authentication methods for SharePoint and OneDrive accessed via Remote PowerShell (RPS). Microsoft has noted that such protocols are vulnerable to brute force and phishing attacks due to their lack of support for modern authentication methods. Consequently, attempts to access these services through outdated methods will no longer be viable.
Additionally, the FrontPage Remote Procedure Call (RPC) protocol will be blocked. Despite the discontinuation of FrontPage as a web design tool nearly two decades ago, the remote web editing protocol has persisted. Microsoft has indicated that protocols like RPC are more prone to security compromises, leading to their removal from Microsoft 365 clients.
Limited access to third-party apps
Moreover, third-party applications will only be permitted to access files and sites if explicit permission is granted by an administrator. Microsoft highlights that users who authorize third-party apps to access sensitive company data risk overexposing that information. By making access contingent on administrative approval, the company aims to mitigate this risk. However, this shift in permission control may disrupt existing workflows. Microsoft’s own App Consent Policies will be activated, meaning users will no longer have the ability to grant permissions to third-party applications by default.
