Forum Discussion
TLS Deprecation Report always empty
The SecureScore web site shows that we have 31 users and 6 agents using TLS 1.0/1.1. It also provides a link to the following report site that is supposed to show me who the users and agents are:
https://servicetrust.microsoft.com/AdminPage/TlsDeprecationReport/Download
I end up with a page that says "Please click the button to download". When I click the button, it flashes through "Downloading TLS report" and "Downloading 3DES usage report" before showing "Finished" and lovely green check mark. And absolutely nothing else. No report, no download, no instructions.
I've tried it with our own organization and a client's. I've tried multiple browsers. Same results. Has anyone had this work?
Hi Iangoodale,
I have tested this morning on Edge, Chrome and IE and experience the same.
Ryan Heffernanis there anyone you can raise this to? We have multiple reports of community users not being able to download the TLS deprecation report on the service trust page. Nothing downloads. This seems to be a bug as users have tried several browsers including Edge, Chrome and IE. Pretty important to get this report so admins can get users off TLS 1.0/1.1.
Best, Chris
19 Replies
- Hi Guys,
Share my script for monitoring afectation after apply TLS deprecation:
https://github.com/Andresji321/MonitoringTLSErrorAzureAD
Good Luck!!! This seems to still be having issues, I was not able to download the report from Edge, however it did download from IE
unfortunately the report is blank save for the headers
Notice: This report includes 3DES and TLS1.0/1.1 usages.UserName / IP address, Protocol, Agent, Count, Report DateWe it fetches the report it basically provides the public IP address which is basically the ISP. There is no username info, instead of that it has got the public IP address.
It will be difficult to trace down what is the source. Any ideas here ?
Mohammed Ahmed, the reason why report shows IP addresses instead of user name could be those connections were established by anonymous users or users who were not signed in. It is nearly impossible for services to tell the username when there is no user context in connection.
We could ask all users to follow the links below to disable TLS1.0/1.1 and use TLS deprecation report for investigation.
Disable TLS1.0/1.1 and enable only TLS1.2
https://social.technet.microsoft.com/Forums/en-US/0b9b9243-9f8c-4777-b0cd-5777793fae19/disable-tls-10-and-11-and-enable-only-12
How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll
https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc
Hi Iangoodale,
I have tested this morning on Edge, Chrome and IE and experience the same.
Ryan Heffernanis there anyone you can raise this to? We have multiple reports of community users not being able to download the TLS deprecation report on the service trust page. Nothing downloads. This seems to be a bug as users have tried several browsers including Edge, Chrome and IE. Pretty important to get this report so admins can get users off TLS 1.0/1.1.
Best, Chris
- Ryan Heffernan
Microsoft
Sorry for the problems. I'm doing some digging internally to find out who owns this site and will reply back here with an update.
- Ryan Heffernan
Update: We've found the site owner and they are investigating the problem. Thanks for bringing it to our attention.
Same thing is happening to me for multiple tenancies.
Same behavior here, and I'm afraid I have no solution/workaround to offer.
