Mail without TLS
I am getting some messages in my Office 365 about Mail without TLS. Is there any concerns here? Do I need to make any changes?
Forum Discussion
Tim
I have been wondering the same thing but none of the answers here make sense to me.
In our case, and it looks like yours as well, the connector exists to allow printers, scanners, software, and other devices to send email using an unauthenticated smtp connection to Office 365. What appears to me to be happening is that some of those devices are sending email without using TLS 1.2. I assume that is either because the devices are unable to (Too old or need updates) or they are able too but TLS 1.2 is not enabled on those devices.
I thought that the solution was to find those devices and update them and enable TLS 1.2 if possible. However, I haven't been able to find a way to identify where the emails are coming from. In your case if you could drill down on the 104 NO TLS messages to see where they come from you could quickly determine whether they could be updated to send TLS 1.2 and get rid of the warnings. If someone knows how to do that please tell.
Or maybe I have completely misunderstood what is going on ...
John Twohig VasilMichev ChrisWebbTech
Hi John,
I believe the devices that send may be too old. Does anyone know how to "drill down" on the 104 NO TLS messages to see where they are coming from so I can determine if it is possible to turn on TLS 1.2.
Thanks!
I know this is old but there is a report that shows the devices. I ran it this morning and it showed how many emails each printer/MFD sent last week.
In the comments near the bottom there is one from Shawn Housler that shows how to get the report.
- It really just means that you guys are sending a handful of e-mail to a domain that doesn't have TLS turned on. Those e-mails are not encrypted in transport at all and are vulnerable to traffic sniffing etc. But I wouldn't say there is a problem per say. Just may investigate for a large chunk of that e-mail to a domain and find out why they don't allow TLS, or it might be traffic that isn't sensitive.
Most e-mail servers have opportunistic TLS on so it will try TLS first then do no TLS as a backup so there could be an issue with the TLS connection but my gut says that one of your domains you are using just has it off for some reason.Is TLS something I can turn on in Office 365 or does that have to be done with my Domain Registrar?
- You already have it on. Hence the sent and received TLS 1.2 messages. It’s an endpoint you deal with that they have it off on their side. You’ll have to investigate to see if it’s mostly the same one and get them to turn it on or just ignore it / increase that alert threshold.
