Microsoft 365's 'Secure by Default' Enhances Security with Admin Control Changes
Microsoft is set to enhance security in Microsoft 365 with significant changes rolling out from late October to late November 2025. Dubbed 'Secure by Default', these updates aim to give administrators more control over data access, following a similar move for SharePoint and OneDrive.
Organizations using Microsoft 365, particularly those managing Exchange and Teams, will be affected. The changes require administrators to authorize third-party application access to content from these platforms. Existing apps with consent will continue to function, but new user authorizations or additional permissions will trigger an admin consent requirement.
Microsoft advises administrators to assess their environment, configure admin consent workflows, and create granular app access policies for trusted apps. This aligns with industry best practices and strengthens the security posture of Microsoft 365 tenants. Organizations with custom user consent policies will not be impacted.
Starting late October 2025, Microsoft will update its security policies to require administrator consent for new third-party applications seeking access to Exchange and Teams content. Effective communication of these changes to IT teams, app owners, and security personnel is recommended to ensure a smooth transition.
Read also:
- Pablo Escobar's Former Estate 'Hacienda Nápoles' to Be Transformed by Women's Organization
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- SonicWall executive Michael Crean discusses the current state of managed security
- Companies exercise prudence towards AI adoption, ensuring secure implementation: Exploring safeguards and strategies.
