Blog Post

Skype for Business Blog
6 MIN READ

Preparing for TLS 1.0/1.1 Deprecation - O365 Skype for Business

Pamela Arimoto's avatar
Pamela Arimoto
Icon for Microsoft rankMicrosoft
Aug 01, 2018
INTRODUCTION   The purpose of this blog post is to provide the necessary guidance for our Skype for Business Server, Lync Server, and Skype for Business Online customers to prepare for the deprec...
Updated Dec 22, 2021
Version 15.0
rovert506's avatar
rovert506
Iron Contributor
Oct 26, 2018

Deleted, Harald Steindl, et all - Yes, you are 100% correct.  There was a change, made in the 11th hour, by the Product Group and Sustainable Engineering teams that reverted the stance that TLS 1.2 was going to be enforced for connections to Office365 (Skype4B included).  They still however, are moving forward with only "supporting" TLS 1.2 as of 31-Oct-2018.

 

A few thoughts:

  • I do consider it a huge win because there are many customers that simply weren't ready and the potential for large scale production outages resulted in an intense backlash to MSFT.
  • While they aren't technically enforcing a connection via TLS 1.2, they have made a "support" statement that they won't fix new bugs if the client/device/service connects to Office365 via TLS 1.0 or TLS 1.1.
    • This is an interesting wrinkle that could cause additional backlash, especially if this is taken very literally in the sense that any ticket opened with Office365 that is deemed to be connecting with TLS 1.0 is "out of supportability" and thus may not be worked or acknowledged as an issue.
  • Surface Hub and Skype Room System V2 are listed as expecting TLS 1.2 by H1 CY 2019
    • This is a huge change and a significant delay, which to me indicates someone bit off more they could chew.
  • Words matter and clear, concise, accurate explanations can reduce confusion for the betterment of all.
    • The semantics of "supported" is not used consistently within MSFT and published documentation for customers.  Sometimes it means it may work but the Product Group doesn't test it, or other times it means it flat-out won't work, or in this case it more closely aligns with MSFT's usage of "deprecated": "fully functional but will be removed at a future date so we want to you stop using it and start planning for the alternatives we've provided".

 

In the end, this was a colossal boondoggle.  Far too much time spent by customers, consultants, and MSFT employees trying to manage this.  I do believe this change is for the better - especially considering there are current products that aren't yet ready to support these new requirements - but my overall concern is that MSFT could silently decide to change their minds back to their original stance.  After all....if they did it this time....it absolutely could be done in the future.