Yes, you heard it right, Microsoft will be retiring TLS 1.0 and 1.1 in Office 365 starting June 1st, 2020. We know Microsoft is not bluffing this time! In this article we’ll quickly discuss what changes are being made and how this could affect your organization!
TLS 1.0 and 1.1 being retired?
It seems like Microsoft has been making this promise for years now… Well actually they have. You may remember MC124104 in Oct 2017, MC126199 in Dec 2017 and MC128929 in Feb 2018 had all mentioned the retirement of TLS 1.0 and 1.1 in Office 365. Unfortunately, due to so many organizations not being ready for this drastic change, Microsoft was met with a great deal of backlash. Thus, here we are a couple years later and still supporting TLS 1.0 and 1.1 in Office 365. However, just because Microsoft was forced to bend the knee in the past, don’t expect them to be so nice this time around. Microsoft is giving organizations plenty of time to plan this time around so you should start preparing now! Starting June 1, 2020 all connections to Office 365 using TLS 1.0 or TLS 1.1 will not work. Microsoft will be moving all of its online services to TLS 1.2+ in an effort to provide best-in-class encryption, and to ensure their service is more secure. So this means starting June 1, 2020 Microsoft will be discontinuing support for TLS 1.0 and 1.1 in Office 365 and Office 365 GCC for any clients, devices, or services that leverage that form of encryption.
What could this mean for you?
So now that you know the deadline, how do you know if this applies to your environment? Well, Microsoft recommends that anyone with the following client versions ensure they apply the latest updates so that these devices can support TLS 1.2:
Clients known not to support TLS 1.2:
- Android 4.3 and earlier versions
- Firefox version 5.0 and earlier versions
- Internet Explorer 8-10 on Windows 7 and earlier versions
- Internet Explorer 10 on Windows Phone 8
- Safari 6.0.4/OS X10.8.4 and earlier versions
In addition, Microsoft Surface Hubs and Microsoft Teams Rooms (also referred to as SRSv2) have supported TLS 1.2 since December of 2018. However, Microsoft recommends that these devices have at least Microsoft Teams Room app version 18.104.22.168 or later. As far as the Surface Hub, Microsoft recently released TLS 1.2 support for these devices (May 2019). On top of that, Microsoft also requires the following server-side changes:
- Skype for Business Server 2015 CU9 (released May 2019)
- Skype for Business Server 2019 CU1 (released July 2019)
Caution: Do not disable TLS 1.0/1.1 before installing the CU’s mentioned above.
Lastly, if you are using any type of on-premises infrastructure for hybrid scenarios or ADFS, make sure your infrastructure supports inbound and outbound connections using TLS 1.2. If you still don’t feel confident I encourage you to check out the additional references that Microsoft provides on this topic here. If you really want to dig into this topic Microsoft has also released a white paper for guidance on removing TLS 1.0/1.1 in your environment which you can check out here. I hope you have found this article helpful and stay tuned, as I have a lot of exciting news coming out from Microsoft Inspire that just wrapped up last week!