Preparing to use TLS 1.2 in Azure ATP

%3CLINGO-SUB%20id%3D%22lingo-sub-285065%22%20slang%3D%22en-US%22%3EPreparing%20to%20use%20TLS%201.2%20in%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-285065%22%20slang%3D%22en-US%22%3E%3CP%3ETo%20provide%20best-in-class%20encryption%20to%20our%20customers%2C%20in%20the%20near%20future%20we%20plan%20to%20discontinue%20the%20support%20for%20Transport%20Layer%20Security%20(TLS)%20versions%201.0%20and%201.1%20in%20Azure%20ATP.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESensors%20running%20on%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EWindows%202008%20R2%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ehave%20a%20potential%20impact%26nbsp%3Bsince%20TLS%201.2%20is%20disabled%20by%20default.%3C%2FP%3E%0A%3CP%3EFollow%20this%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fprevious-versions%2Fwindows%2Fit-pro%2Fwindows-server-2012-R2-and-2012%2Fdn786418(v%3Dws.11)%23tls-12%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Einstructions%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eto%20enable%20TLS%201.2%20in%20Windows%202008%20R2%20(Client%20TLS%201.2%20is%20mandatory%2C%20Server%20is%20optional)%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESensors%20running%20on%20Windows%202012%20or%20newer%20support%20TLS%201.2%20by%20default.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20ATP%2C%20giving%20you%20more%20to%20protect%20your%20environment.%3C%2FP%3E%0A%3CP%3EAs%20always%2C%20your%20feedback%20is%20welcome.%20Stay%20tuned%20for%20additional%20updates.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1057503%22%20slang%3D%22en-US%22%3ERe%3A%20Preparing%20to%20use%20TLS%201.2%20in%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1057503%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F98230%22%20target%3D%22_blank%22%3E%40Itay%20Argoety%3C%2FA%3E%3C%2FP%3E%3CP%3EHi%20Itay%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20thought%20of%20checking%20with%20you%2C%20if%20the%20Azure%20ATP%20started%20to%20use%20TLS%201.2.%20If%20not%2C%20may%20I%20know%20from%20when%20are%20we%20planning%20to%20use%20TLS%201.2%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20reason%20why%20I%20am%20asking%20this%20is%20because%2C%20I%20have%20configured%20the%20Syslog%20server%20in%20my%20ATP%20console%20to%20use%20the%20protocol%20as%20%22%3CSTRONG%3ETLS%20(Secured%20Syslog)%3C%2FSTRONG%3E%22%20and%20it%20looks%20like%20the%20%3CSTRONG%3Elogs%20are%20not%20being%20received%3C%2FSTRONG%3E%20on%20the%20syslog%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUpon%20further%20troubleshooting%2C%20we%20got%20to%20know%20that%20the%20ATP%20is%20trying%20to%20use%20TLS%201.0%20for%20encryption.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EP.S%3A%20We%20have%20TLS%201.2%20enabled%20on%20the%20DC%20on%20which%20the%20ATP%20Sensor%20is%20running%20and%20configured%20for%20forwarding%20the%20logs%20to%20the%20syslog%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHence%2C%20thought%20of%20getting%20some%20clarity%20on%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E--%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3EKarthik.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1057608%22%20slang%3D%22en-US%22%3ERe%3A%20Preparing%20to%20use%20TLS%201.2%20in%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1057608%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F416206%22%20target%3D%22_blank%22%3E%40Karthik1600%3C%2FA%3E%26nbsp%3B%20See%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Advanced-Threat-Protection%2FTLS-version-used-by-Azure-ATP%2Fm-p%2F1057540%2Fhighlight%2Ffalse%23M962%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Advanced-Threat-Protection%2FTLS-version-used-by-Azure-ATP%2Fm-p%2F1057540%2Fhighlight%2Ffalse%23M962%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

To provide best-in-class encryption to our customers, in the near future we plan to discontinue the support for Transport Layer Security (TLS) versions 1.0 and 1.1 in Azure ATP.

 

Sensors running on Windows 2008 R2 have a potential impact since TLS 1.2 is disabled by default.

Follow this instructions to enable TLS 1.2 in Windows 2008 R2 (Client TLS 1.2 is mandatory, Server is optional) 

 

Sensors running on Windows 2012 or newer support TLS 1.2 by default.

 

Azure ATP, giving you more to protect your environment.

As always, your feedback is welcome. Stay tuned for additional updates.

2 Replies
Highlighted

@Itay Argoety

Hi Itay,

 

Just thought of checking with you, if the Azure ATP started to use TLS 1.2. If not, may I know from when are we planning to use TLS 1.2?

 

The reason why I am asking this is because, I have configured the Syslog server in my ATP console to use the protocol as "TLS (Secured Syslog)" and it looks like the logs are not being received on the syslog server.

 

Upon further troubleshooting, we got to know that the ATP is trying to use TLS 1.0 for encryption.

 

P.S: We have TLS 1.2 enabled on the DC on which the ATP Sensor is running and configured for forwarding the logs to the syslog server.

 

Hence, thought of getting some clarity on it.

 

Thank you.

 

--

Regards,

Karthik.