Home
%3CLINGO-SUB%20id%3D%22lingo-sub-777041%22%20slang%3D%22en-US%22%3ERe%3A%20End%20of%20support%20for%20TLS%201.0%20and%201.1%20in%20Microsoft%20Cloud%20App%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-777041%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3ELog%20collector%3C%2FSTRONG%3E%3CSPAN%3E%E2%80%93%20versions%20older%20than%200.111.127%20will%20not%20be%20able%20to%20establish%20a%20connection%20to%20Microsoft%20Cloud%20App%20Security.%20If%20you%20are%20using%20an%20older%20version%2C%20you%20need%20to%20update%20by%20following%20the%20instructions%20in%20Microsoft%20Cloud%20APp%20Security%20log%20collector%20%3C%2FSPAN%3E%3CSPAN%3Edocumentation%3C%2FSPAN%3E%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAny%20chance%20to%20give%20some%20concise%20steps%20%22docker%20commands%20%3F%22%20on%20how%20to%20check%20which%20version%20is%20currently%20in%20use%20please%20for%20the%20log%20collectors%20%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-778936%22%20slang%3D%22en-US%22%3ERe%3A%20End%20of%20support%20for%20TLS%201.0%20and%201.1%20in%20Microsoft%20Cloud%20App%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-778936%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Max%2C%3C%2FP%3E%0A%3CP%3EYou%20can%20check%20the%20version%20by%20running%20the%20following%20command%2C%20replace%20with%20your%20collector%20name%3C%2FP%3E%0A%3CDIV%3E%0A%3CDIV%20style%3D%22box-sizing%3A%20border-box%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%22%3E%0A%3CDIV%20data-tid%3D%22messageBodyContainer%22%3E%0A%3CDIV%20data-tid%3D%22messageBodyContent%22%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%20style%3D%22font-size%3A%2014px%3B%22%3E%0A%3CPRE%3Edocker%20exec%20-it%20%26lt%3BLogCollectorName%26gt%3B%20ls%20-l%20%2Fetc%2Fadallom%2Fcomponents%2Fcolumbus%2Fcolumbus.jar%3C%2FPRE%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-779035%22%20slang%3D%22en-US%22%3ERe%3A%20End%20of%20support%20for%20TLS%201.0%20and%201.1%20in%20Microsoft%20Cloud%20App%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-779035%22%20slang%3D%22en-US%22%3E%3CP%3EMany%20thanks%20for%20the%20clarification%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMax.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-770507%22%20slang%3D%22en-US%22%3EEnd%20of%20support%20for%20TLS%201.0%20and%201.1%20in%20Microsoft%20Cloud%20App%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-770507%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20Cloud%20App%20Security%20is%20moving%20to%20Transport%20Layer%20Security%20(TLS)%201.2%2B%20to%20provide%20best-in-class%20encryption%2C%20and%20to%20ensure%20our%20service%20is%20more%20secure%20by%20default.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHow%20does%20this%20affect%20me%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EAs%20of%20September%208%2C%202019%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fwhat-is-cloud-app-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Cloud%20App%20Security%3C%2FA%3Ewill%20no%20longer%20support%20TLS%201.0%20and%201.1.%20This%20means%20that%20any%20connection%20using%20these%20protocols%20will%20no%20longer%20work%20as%20expected%2C%20and%20no%20support%20will%20be%20provided.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20do%20I%20need%20to%20do%20to%20prepare%20for%20this%20change%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EYou%20should%20ensure%20that%20all%20client-server%20and%20browser-server%20combinations%20use%20TLS%201.2%20(or%20a%20later%20version)%2C%20to%20maintain%20the%20connection%20to%20Microsoft%20Cloud%20App%20Security.%3C%2FP%3E%0A%3CP%3EComponents%20that%20may%20be%20affected%20by%20this%20change%20include%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3ESIEM%20Agent%3C%2FSTRONG%3E-%20Versions%20older%20than%200.111.126%20will%20not%20be%20able%20to%20establish%20a%20connection%20to%20Microsoft%20Cloud%20App%20Security.%20If%20you%20are%20using%20an%20older%20version%2C%20you%20need%20to%20update%20by%20following%20the%20instructions%20in%20our%20SIEM%20integration%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fsiem%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E.%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EMicrosoft%20Cloud%20App%20Security%20API%3C%2FSTRONG%3E%E2%80%93%20Custom%20applications%20and%20code%20that%20are%20utilizing%20the%20Microsoft%20Cloud%20App%20Security%20API%20must%20support%20TLS%201.2%20to%20continue%20functioning.%20If%20you%E2%80%99re%20not%20sure%20whether%20your%20application%20supports%20TLS%201.2%20you%20can%20test%20it%20by%20authenticating%20to%20our%20dedicated%20API%20endpoint%20here%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftlsv12.portal-rs.cloudappsecurity.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftlsv12.portal-rs.cloudappsecurity.com%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EApps%20configured%20with%20Conditional%20Access%20App%20Control%3C%2FSTRONG%3E%E2%80%93%20If%20you%20are%20using%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fproxy-intro-aad%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EConditional%20Access%20App%20Control%3C%2FA%3Efor%20any%20web%20or%20native%20client%20applications%2C%20you%20need%20to%20verify%20that%20these%20applications%20support%20TLS%201.2%2C%20or%20access%20to%20these%20apps%20and%20subsequently%20the%20relevant%20controls%20will%20no%20longer%20work.%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3ELog%20collector%3C%2FSTRONG%3E%E2%80%93%20versions%20older%20than%200.111.127%20will%20not%20be%20able%20to%20establish%20a%20connection%20to%20Microsoft%20Cloud%20App%20Security.%20If%20you%20are%20using%20an%20older%20version%2C%20you%20need%20to%20update%20by%20following%20the%20instructions%20in%20Microsoft%20Cloud%20APp%20Security%20log%20collector%20documentation.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhere%20possible%2C%20Microsoft%20recommends%20that%20you%20remove%20all%20TLS%201.0%2F1.1%20dependencies%20in%20your%20environment%20and%20that%20you%20disable%20TLS%201.0%2F1.1%20at%20the%20operating%20system%20level.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBegin%20your%20migration%20to%20TLS%201.2%20today.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E-Microsoft%20Cloud%20App%20Security%20team%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-770507%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20Cloud%20App%20Security%20is%20moving%20to%20Transport%20Layer%20Security%20(TLS)%201.2%2B%20to%20provide%20best-in-class%20encryption%2C%20and%20to%20ensure%20our%20service%20is%20more%20secure%20by%20default.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-770507%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EEnterprise%20Mobility%20%2B%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Cloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

Microsoft Cloud App Security is moving to Transport Layer Security (TLS) 1.2+ to provide best-in-class encryption, and to ensure our service is more secure by default.

 

How does this affect me?

As of September 8, 2019 Microsoft Cloud App Security will no longer support TLS 1.0 and 1.1. This means that any connection using these protocols will no longer work as expected, and no support will be provided.

 

What do I need to do to prepare for this change?

You should ensure that all client-server and browser-server combinations use TLS 1.2 (or a later version), to maintain the connection to Microsoft Cloud App Security.

Components that may be affected by this change include:

 

  • SIEM Agent - Versions older than 0.111.126 will not be able to establish a connection to Microsoft Cloud App Security. If you are using an older version, you need to update by following the instructions in our SIEM integration documentation.
  • Microsoft Cloud App Security API – Custom applications and code that are utilizing the Microsoft Cloud App Security API must support TLS 1.2 to continue functioning. If you’re not sure whether your application supports TLS 1.2 you can test it by authenticating to our dedicated API endpoint here https://tlsv12.portal-rs.cloudappsecurity.com
  • Apps configured with Conditional Access App Control – If you are using Conditional Access App Control for any web or native client applications, you need to verify that these applications support TLS 1.2, or access to these apps and subsequently the relevant controls will no longer work.
  • Log collector – versions older than 0.111.127 will not be able to establish a connection to Microsoft Cloud App Security. If you are using an older version, you need to update by following the instructions in Microsoft Cloud APp Security log collector documentation.

 

Where possible, Microsoft recommends that you remove all TLS 1.0/1.1 dependencies in your environment and that you disable TLS 1.0/1.1 at the operating system level.

 

Begin your migration to TLS 1.2 today.

 

-Microsoft Cloud App Security team

3 Comments
Occasional Contributor

Log collector – versions older than 0.111.127 will not be able to establish a connection to Microsoft Cloud App Security. If you are using an older version, you need to update by following the instructions in Microsoft Cloud APp Security log collector documentation.

 

Any chance to give some concise steps "docker commands ?" on how to check which version is currently in use please for the log collectors ?

Microsoft

Hi Max,

You can check the version by running the following command, replace with your collector name

docker exec -it <LogCollectorName> ls -l /etc/adallom/components/columbus/columbus.jar
Occasional Contributor

Many thanks for the clarification,

 

Max.