Microsoft 365 to Block insecure FPRPC Authentication
Table of Contents
Microsoft is taking steps to enhance the security of Microsoft 365 applications by blocking access to files thru the File Transfer Protocol over Remote Procedure Call (FPRPC) legacy authentication protocol. This change aims to mitigate the risk of credential theft adn unauthorized access. The blocking will occur in phases, starting with specific apps and gradually expanding to the entire microsoft 365 suite.
What is FPRPC and Why is it Insecure?
FPRPC is an older authentication protocol used by some applications to access files on network shares. It relies on transmitting credentials in a way that is vulnerable to interception and exploitation, especially through techniques like NTLM relay attacks. Thes attacks allow malicious actors to impersonate legitimate users and gain access to sensitive data. Microsoft details the risks of NTLM and FPRPC and recommends modern authentication methods.
Which Apps are Affected and When?
Microsoft is implementing the block in stages. HereS a breakdown of the timeline:
- October 13, 2024: blocking began for new tenants.
- January 13, 2025: Blocking will extend to existing tenants.
- March 13, 2025: Blocking will be enforced for all remaining tenants.
Initially,the following apps will be affected:
- Access
- Excel
- PowerPoint
- Word
- outlook
- OneNote
- Publisher
- SharePoint Designer
microsoft plans to expand the blocking to other apps in the future. The official Microsoft documentation provides the moast up-to-date list of affected applications.
What Do users Need to Do?
Users accessing files through FPRPC will likely encounter errors when the blocking is enforced. To resolve this, organizations should transition to more secure authentication methods, such as:
- Modern Authentication: Utilizing protocols like OAuth 2.0 and OpenID connect.
- Kerberos Constrained Delegation (KCD): A more secure method for delegating authentication.
- removing reliance on FPRPC: Identifying and updating applications or processes that still rely on this protocol.
Microsoft recommends disabling FPRPC entirely to eliminate the risk. The Microsoft Security blog offers detailed guidance on how to prepare for and mitigate the impact of this change.
Identifying FPRPC Usage
Organizations can use tools like Microsoft 365 Audit (formerly Office 365 Security & Compliance Centre) to identify applications and users currently utilizing FPRPC. Analyzing audit logs can reveal which processes are relying on the insecure protocol, allowing administrators to prioritize remediation efforts.
Key Takeaways
- Microsoft is blocking FPRPC authentication to improve security.
- The blocking will occur in phases throughout 2024 and 2025.
- Users may encounter errors if they rely on FPRPC.
- Organizations should transition to modern authentication methods.
- Disabling FPRPC entirely is the recommended solution.
This change represents a significant step towards a more secure Microsoft 365 environment. By proactively addressing FPRPC vulnerabilities, organizations can significantly reduce their risk of credential theft and data breaches. Continued monitoring and adaptation to Microsoft’s security updates will be crucial for maintaining a robust security posture.
Keep reading