Microsoft is implementing changes on multiple fronts to improve the security of its products and phase out outdated technologies.
Microsoft has announced that it is removing old drivers from Windows Update. In what it describes as a strategic move to improve the security and compatibility of Windows, Microsoft is cleaning up outdated drivers that it still delivers via Windows Update. The first phase focuses on drivers for which modern replacements are already available in Windows Update.
Feedback from partners important
As part of the cleanup process, Microsoft will allow old drivers to expire so that they are no longer offered to any system. Partners can still republish a driver that Microsoft has marked as obsolete, but the company may ask for justification.
Once Microsoft completes the first phase of this cleanup, partners will have a six-month grace period to share any concerns. However, if no concerns are raised, the drivers will be permanently removed from Windows Update.
Microsoft emphasizes that this will be a recurring activity. According to the company, this measure contributes to better Windows security and an optimized set of drivers for end users. Microsoft therefore urges partners to review their drivers in the Hardware Program to avoid surprises during the cleanup.
Blockages in Microsoft 365
This policy will also be implemented within Microsoft 365. According to The Register, Microsoft warned administrators that it will block outdated authentication protocols by default starting in July 2025. In message MC1097272 in the Microsoft 365 Message Center, the supplier announced that it will adjust the default settings between July and August 2025 to improve security. This will be done by blocking old authentication protocols and setting requirements for administrators to approve access from third-party apps.
These changes are part of the Secure Future Initiative (SFI) and the principles of Secure by Default. Old default settings were attractive to malicious actors in the past. But now that Microsoft is addressing the impact of old design choices, administrators of legacy systems may experience the consequences.
Outdated browser authentication for SharePoint and OneDrive via Remote PowerShell (RPS) will be the first to be discontinued. Microsoft states that protocols such as RPS are vulnerable to brute force and phishing attacks because they do not support modern authentication. Attempts to gain access via a browser using these methods will therefore no longer work.
The FrontPage Remote Procedure Call (RPC) protocol will also be blocked. Although Microsoft discontinued FrontPage as a web design tool almost twenty years ago, the protocol for remote web editing has remained in place. According to Microsoft, protocols such as RPC are more susceptible to compromise, and their use will therefore be blocked within Microsoft 365 clients.
Limited access to third-party apps
Furthermore, third-party apps will only be able to access files and sites if an administrator explicitly grants permission. Microsoft points out that users who grant third-party apps access to files and site content run the risk of overexposing company data.
Making this access dependent on administrators limits this risk. However, moving permission control to administrators may disrupt work processes. Microsoft’s own App Consent Policies will be enabled, which means that users will no longer be able to grant permission to third-party apps by default.