MC1130392 - Microsoft 365 apps | New Trust Center settings to block insecure file open protocols

Introduction

To help protect users from legacy protocol vulnerabilities, weâ€™re introducing new Trust Center settings in Microsoft 365 apps that block file opens using insecure protocols by default. These changes enhance security by reducing exposure to outdated technologies like FrontPage Remote Procedure Call (FPRPC), FTP, and HTTP.

This message is associated with Microsoft 365 Roadmap ID 497299.

When this will happen

Public Preview (Worldwide): We began rolling out in late July 2025 and expect to complete by late August 2025.
General Availability (Worldwide, GCC, GCC High, and DoD): We will begin rolling out in late August 2025 and expect to complete by late September 2025.

How this will affect your organization

Starting with version 2508 of Microsoft 365 apps:

File opens using the legacy FPRPC protocol will be blocked by default. Files will instead open using a more secure fallback protocol.
A new Trust Center setting will allow users to re-enable FPRPC, unless the setting is centrally managed via Group Policy or the Cloud Policy service (CPS).
New Trust Center settings will also allow users to disable FTP and HTTP file opens, which remain allowed by default. If these settings are managed by admins, the corresponding Trust Center options will be greyed out.

Note: This change applies only to Microsoft 365 apps for Windows. There is no impact on Microsoft Teams across any platform (Windows, Mac, web, iOS, or Android).

What you need to do to prepare

Review current configurations to determine if FPRPC is already blocked via Group Policy or CPS.
If needed, configure policies to allow specific groups to continue using FPRPC (not recommended).
Inform users that:
- They may see changes in how files open.
- Trust Center settings may be unavailable if managed centrally.
Admins can manage these settings through Cloud Policy service (CPS). If an admin disables a protocol via CPS, users will not be able to re-enable it through Trust Center.
While there is no explicit documentation for CPS policies related to these settings, admins can locate the relevant controls in CPS under Microsoft 365 Apps settings.

Compliance considerations

Does the change include an admin control and, can it be controlled through Entra ID group membership?	Admins can manage protocol settings via CPS or Group Policy, which can be scoped to Entra ID groups.
Does the change allow a user to enable and disable the feature themselves?	Users can re-enable FPRPC and disable FTP/HTTP unless the settings are managed centrally.

Introduction

This message is associated with Microsoft 365 Roadmap ID 497299.

When this will happen

Public Preview (Worldwide): We began rolling out in late July 2025 and expect to complete by late August 2025.
General Availability (Worldwide, GCC, GCC High, and DoD): We will begin rolling out in late August 2025 and expect to complete by late September 2025.

How this will affect your organization

Starting with version 2508 of Microsoft 365 apps:

File opens using the legacy FPRPC protocol will be blocked by default. Files will instead open using a more secure fallback protocol.
A new Trust Center setting will allow users to re-enable FPRPC, unless the setting is centrally managed via Group Policy or the Cloud Policy service (CPS).
New Trust Center settings will also allow users to disable FTP and HTTP file opens, which remain allowed by default. If these settings are managed by admins, the corresponding Trust Center options will be greyed out.

Note: This change applies only to Microsoft 365 apps for Windows. There is no impact on Microsoft Teams across any platform (Windows, Mac, web, iOS, or Android).

What you need to do to prepare

Review current configurations to determine if FPRPC is already blocked via Group Policy or CPS.
If needed, configure policies to allow specific groups to continue using FPRPC (not recommended).
Inform users that:
- They may see changes in how files open.
- Trust Center settings may be unavailable if managed centrally.
Admins can manage these settings through Cloud Policy service (CPS). If an admin disables a protocol via CPS, users will not be able to re-enable it through Trust Center.
While there is no explicit documentation for CPS policies related to these settings, admins can locate the relevant controls in CPS under Microsoft 365 Apps settings.

Compliance considerations

Does the change include an admin control and, can it be controlled through Entra ID group membership?	Admins can manage protocol settings via CPS or Group Policy, which can be scoped to Entra ID groups.
Does the change allow a user to enable and disable the feature themselves?	Users can re-enable FPRPC and disable FTP/HTTP unless the settings are managed centrally.

Microsoft 365 apps | New Trust Center settings to block insecure file open protocols

Message ID

Roadmap ID

Services

Affected Platforms

Summary

Details