Home

Mandatory use of TLS 1.2 in Office 365

%3CLINGO-SUB%20id%3D%22lingo-sub-154601%22%20slang%3D%22en-US%22%3EMandatory%20use%20of%20TLS%201.2%20in%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-154601%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20will%26nbsp%3Breject%20connections%20to%20Office%20365%20that%20don't%20use%20TLS%201.2%20later%20in%20the%20year.%20The%20deadline%20for%20mandatory%20use%20of%20TLS%201.2%20in%20Office%20365%20has%20been%20extended%2C%20it%20was%20originally%26nbsp%3BMarch%201%2C%202018%20now%20its%20October%2031%2C%202018.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%22%3CEM%3EBy%20October%2031%2C%202018%2C%20all%20client-server%20and%20browser-server%20combinations%20should%20use%20TLS%20version%201.2%20(or%20a%20later%20version)%20to%20ensure%20connection%20without%20issues%20to%20Office%20365%20services.%20This%20may%20require%20updates%20to%20certain%20client-server%20and%20browser-server%20combinations.%3C%2FEM%3E%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20is%20welcome%20as%20I%20think%20this%20issue%20was%20confusing%20some%20customers%20and%20what%20specific%26nbsp%3Bactions%20they%26nbsp%3Bshould%20take.%20The%20revised%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4057306%2Fpreparing-for-tls-1-2-in-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Esupport%20article%3C%2FA%3E%20now%20has%20more%20details%20with%20specific%20scenarios%20that%20will%20fall%20foul%20of%20this%20stipulation%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F28313i1EE5795C844F73F9%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22Preparing%20for%20the%20mandatory%20use%20of%20TLS%201.2%20in%20Office%20365.png%22%20title%3D%22Preparing%20for%20the%20mandatory%20use%20of%20TLS%201.2%20in%20Office%20365.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EI'd%20like%20to%20have%20seen%20this%20taken%20a%20step%20further%2C%20where%20Microsoft%20detected%20which%20customers%20have%20been%20using%20TLS%201.0%20or%201.1%20and%20notified%20them%20accordingly.%26nbsp%3B%20This%20approach%20was%20recently%20used%20with%20the%20retirement%20of%20the%20Outlook%20Groups%20app.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECustomers%20using%20Windows%207%20should%20take%20special%26nbsp%3Bnote%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%20class%3D%22ng-scope%22%3E%0A%3CLI%3EIf%20you%20have%20Windows%207%20clients%20connected%20to%20Office%20365%2C%20make%20sure%20that%20TLS%201.2%20is%20the%20default%20secure%20protocols%20in%20WinHTTP%20in%20Windows.%20For%20more%20information%20see%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fhelp%2F3140245%2Fupdate-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in%22%20target%3D%22%22%20data-content-id%3D%22%22%20data-content-type%3D%22%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EKB%203140245%3C%2FA%3E.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EIf%20you%20think%20this%20issue%20may%20be%20relevant%26nbsp%3Bat%20all%2C%20keep%20an%20eye%20out%20for%20further%20updates%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%22%3CEM%3EWe%20will%20be%20providing%20specific%20guidance%20on%20removing%20TLS%201.0%2F1.1%20dependencies%20soon.%20Check%20back%20here%20for%20more%20information.%3C%2FEM%3E%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFinally%2C%20this%20article%20might%20be%20of%20interest%20as%20well%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fexchange%2F2018%2F01%2F26%2Fexchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EExchange%20Server%20TLS%20guidance%2C%20part%201%3A%20Getting%20Ready%20for%20TLS%201.2%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-154601%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EChange%20Alerts%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-155395%22%20slang%3D%22en-US%22%3ERe%3A%20Mandatory%20use%20of%20TLS%201.2%20in%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-155395%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20sharing%20this.%20I%20know%20there%20is%20a%20great%20deal%20of%20concern%20in%20our%20org%20about%20what%20is%20affected%20by%20this%20change%20and%20finding%20an%20article%20like%20this%20is%20a%20fantastic%20reference%20point.%20Very%20helpful%20post%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Cian Allner
Trusted Contributor

Microsoft will reject connections to Office 365 that don't use TLS 1.2 later in the year. The deadline for mandatory use of TLS 1.2 in Office 365 has been extended, it was originally March 1, 2018 now its October 31, 2018.

 

"By October 31, 2018, all client-server and browser-server combinations should use TLS version 1.2 (or a later version) to ensure connection without issues to Office 365 services. This may require updates to certain client-server and browser-server combinations."

 

This is welcome as I think this issue was confusing some customers and what specific actions they should take. The revised support article now has more details with specific scenarios that will fall foul of this stipulation:

 

Preparing for the mandatory use of TLS 1.2 in Office 365.png


I'd like to have seen this taken a step further, where Microsoft detected which customers have been using TLS 1.0 or 1.1 and notified them accordingly.  This approach was recently used with the retirement of the Outlook Groups app. 

 

Customers using Windows 7 should take special note:

 

  • If you have Windows 7 clients connected to Office 365, make sure that TLS 1.2 is the default secure protocols in WinHTTP in Windows. For more information see KB 3140245.

If you think this issue may be relevant at all, keep an eye out for further updates:

 

"We will be providing specific guidance on removing TLS 1.0/1.1 dependencies soon. Check back here for more information."

 

Finally, this article might be of interest as well:

 

Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2

1 Reply

Thank you for sharing this. I know there is a great deal of concern in our org about what is affected by this change and finding an article like this is a fantastic reference point. Very helpful post

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
16 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
11 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
*Updated 9/3* Syncing in Microsoft Edge Preview Channels
Elliot Kirk in Articles on
217 Replies