Microsoft will end TLS 1.1 Finally in O365

Microsoft has set the official retirement date for the insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols in Office 365 starting with October 15, 2020, after temporarily halting deprecation enforcement for commercial customers due to COVID-19.

“As companies have pivoted their supply chains and countries have started to re-open we have re-established a retirement date for TLS 1.0 and 1.1 in Office 365 to be October 15, 2020,” the company said in the MC218794 Microsoft 365 admin center announcement on Friday.

“As previously communicated [..], we are moving all of our online services to Transport Layer Security (TLS) 1.2+ to provide best-in-class encryption, and to ensure our service is more secure by default.”

The TLS 1.0/1.1 retirement was first announced in December 2017 and, as explained by Microsoft, the effect of this change for end-users is expected to be minimal.

TLS 1.0 and 1.1 retirement

TLS 1.0/1.1 retirement guidance

IT administrators can use the official KB4057306 documentation to prepare for TLS 1.2 in Office 365 and Office 365 GCC.

They can also download this Office 365 TLS deprecation report to quickly identify the users and devices that connect to Exchange servers via TLS 1.0/1.1.

At the moment, users of the following clients are advised to update to the latest versions as they are known to be unable to use TLS 1.2:

  • Android 4.3 and earlier versions
  • Firefox version 5.0 and earlier versions
  • Internet Explorer 8-10 on Windows 7 and earlier versions
  • Internet Explorer 10 on Windows Phone 8
  • Safari 6.0.4/OS X10.8.4 and earlier versions

Microsoft also provides a whitepaper with guidance on how to identify and remove TLS 1.0 dependencies in software built on top of Microsoft operating systems as a starting point for a migration plan to a TLS 1.2+ environment.

Microsoft recommends including the following:

  • Application code analysis to find/fix hardcoded instances of TLS 1.0/1.1.
  • Network endpoint scanning and traffic analysis to identify operating systems using TLS 1.0/1.1 or older protocols.
  • Full regression testing through your entire application stack with TLS 1.0/1.1 and all older security protocols disabled.
  • Migration of legacy operating systems and development libraries/frameworks to versions capable of negotiating TLS 1.2.
  • Compatibility testing across operating systems used by your business to identify any TLS 1.2 support issues.
  • Coordination with your own business partners and customers to notify them of your move to deprecate TLS 1.0/1.1.
  • Understanding which clients may be broken by disabling TLS 1.0/1.1.

Microsoft has already begun deprecating insecure TLS for any clients, devices, or services connecting to Office 365 through TLS 1.0 or 1.1 DoD or GCC High instances as of January 2020.

The two protocols will also become unsupported for commercial Office 365 customers, with the company recommending “that all client-server and browser-server combinations use TLS 1.2 (or a later version) in order to maintain connection to Office 365 services.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s