MicrosoftI'll concede the point that the blog post (this one) is primarily about the PCI DSS 3.2 standards. However, I tend to view the PCI DSS 3.2 and the O365 enforcement as one in the same, because many customers are viewing it that way.
For 2010 hybrid, you've really got a few access methods for Hybrid:
Edge Servers to O365 (hybrid and federation)
PowerShell on FE's (for user moves to O365)
Client Access to O365 (S4BO)
Client Access to O365 (ExO)
Client Access to O365 (AzureAD)
Client/Server access to AD-FS
Assuming you've got a Windows Server OS with TLS 1.2 enabled today, you could examine Wireshark/NetMon/MessageAnalyzer for #1 and #2 above for your flows to O365 and determine what TLS protocol is being negotiated. If TLS 1.2 is used, then in theory, you don't have to do anything with on-premises server infrastructure and things will probably remain functional after 31-Oct. If TLS 1.2 is not used (even though the host OS has it enabled), then you have your answer. I actually don't have a 2010 lab to test this with, so I can't tell you authoritatively unfortunately.
Either way, with 2010 out of mainstream support (and the fact that many voice pieces in the hybrid topology now require a 2015 edge server and FE in order to function with all call flows), it likely is not the best approach to leave 2010 in place and a take a gamble.
