SOLVED

TLS 1.2 Office 365 Mandatory - Couple of thoughts

%3CLINGO-SUB%20id%3D%22lingo-sub-201822%22%20slang%3D%22en-US%22%3ETLS%201.2%20Office%20365%20Mandatory%20-%20Couple%20of%20thoughts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-201822%22%20slang%3D%22en-US%22%3E%3CP%3ERather%20than%20going%20to%20do%20the%20dirty%20work%20myself%20and%20check%2C%20I%20am%20wondering%20if%20someone%20already%20has%20the%20answers...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20connecting%20to%20Office%20365....%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EDoes%20Outlook%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3E2010%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3Bon%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EWindows%207%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3Bsupport%20TLS%201.2%20by%20default%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EDoes%20Outlook%20%3CSTRONG%3E2013%3C%2FSTRONG%3E%20on%20%3CSTRONG%3EWindows%207%3C%2FSTRONG%3E%26nbsp%3Bsupport%20TLS%201.2%20by%20default%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EDoes%20Outlook%20%3CSTRONG%3E2016%2F365%3C%2FSTRONG%3E%20on%20%3CSTRONG%3EWindows%207%3C%2FSTRONG%3E%26nbsp%3Bsupport%20TLS%201.2%20by%20default%3F%3C%2FP%3E%3CP%3EDoes%20Skype%20for%20Business%20365%20on%20%3CSTRONG%3EWindows%207%3C%2FSTRONG%3E%26nbsp%3Bsupport%20TLS%201.2%20by%20default%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eif%20the%20answer%20is%20no%20what%20is%20the%20windows%207%20upgrade%20path%20to%20support%20the%20use%20of%20TLS%201.2%20in%20the%20above%20applications%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EExchange%20Online%20will%20support%20opportunistic%20TLS%20with%20version%201.2%20the%20only%20supported%20version.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20the%20minimum%20%3CSTRONG%3EExchange%3C%2FSTRONG%3E%20and%20%3CSTRONG%3EOS%20version%3C%2FSTRONG%3E%26nbsp%3Bcombination%20to%20natively%20(default)%20support%20TLS%201.2%20for%20SMTP%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ee.g.%26nbsp%3Bout%20of%20the%20Box%20Exchange%202010%20on%20Server%202012%20R2%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20planning%20to%20put%20together%20some%20comms%20for%20our%20customers%20still%20on%20Windows%207%20and%20will%20try%20and%20put%20a%20matrix%20together%20from%20the%20above%20information.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-201822%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-262594%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.2%20Office%20365%20Mandatory%20-%20Couple%20of%20thoughts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-262594%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20it%20about%3A%3CBR%20%2F%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20The%201.1.614.0%20version%20of%20Azure%20AD%20Connect%20defaults%20to%20TLS%201.2%2C%20however%20the%20older%20versions%20will%20still%20work%20or%20we%20have%20to%20enable%20TLS%201.2%20(enable%20on%20the%20system%20if%20not%20and%20by%20following%20this%20doc%3A%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fhow-to-connect-install-prerequisites%23enable-tls-12-for-azure-ad-connect%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%20https%3A%2F%2Fdocs.microsoft.com%2Fen-%20us%20%2F%20azure%20%2F%20active-directory%20%2F%20hybrid%20%2F%20how-to-connect-install-prerequisites%20%23%20enable-tls-12-for-azure-ad-connect%3C%2FA%3E)%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-Applications%20(others%20than%20.NET%2C%20for%20example%20a%20Java%20application%20on%20a%20Linux%20server)%20that%20would%20use%20the%20Microsoft%20APIs%20to%20do%20actions%20on%20Office%20365%20(assign%20license%2C%20user%20management%2C%20etc.)%20should%20they%20support%20TLS%201.2%20(and%20also%20the%20OS%2C%20which%20is%20sometimes%20not%20at%20all%20from%20Microsoft%20..)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20If%20all%20PCs%20go%20through%20a%20proxy%20(which%20is%20able%20to%20TLS%201.2%20to%20Microsoft)%2C%20do%20you%20need%20to%20put%20TLS%201.2%20on%20computers%20or%20not%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-202346%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.2%20Office%20365%20Mandatory%20-%20Couple%20of%20thoughts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-202346%22%20slang%3D%22en-US%22%3E%3CP%3EThose%20products%20are%20all%20out%20of%20support%20now%2C%20so%20I%20highly%20doubt%20we%20will%20see%20any%20more%20patches...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-202235%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.2%20Office%20365%20Mandatory%20-%20Couple%20of%20thoughts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-202235%22%20slang%3D%22en-US%22%3E%3CP%3EAlso...%3C%2FP%3E%3CP%3EIE%208%2C%209%20%26amp%3B%2010%20will%20not%20connect%20to%20Office%20365%20on%20Windows%207%20at%20all%20right%3F%20i.e.%20no%20remediation%20or%20patch%20possible%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-202136%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.2%20Office%20365%20Mandatory%20-%20Couple%20of%20thoughts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-202136%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Vasil%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei'm%20just%20surprised%20by%20the%20below%20statement%20considering%20how%20many%20organisations%20are%20still%20on%20Windows%207%20or%20Exchange%202010%20on%20Server%202008%20R2...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-gb%2Fhelp%2F4057306%2Fpreparing-for-tls-1-2-in-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-gb%2Fhelp%2F4057306%2Fpreparing-for-tls-1-2-in-office-365%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22%3CSPAN%3EAlthough%20current%20analysis%20of%20connections%20to%20Microsoft%20Online%20services%20shows%20that%20most%20services%2Fendpoints%20see%20very%20little%20TLS%201.0%20and%201.1%20usage%2C%20we%20are%20providing%20notice%20of%20this%20change%20so%20that%20you%20can%20update%20any%20affected%20clients%20or%20servers%20as%20necessary%20before%20support%20for%20TLS%201.0%20and%201.1%20ends.%20If%20you%20are%20using%20any%20on-premises%20infrastructure%20for%20hybrid%20scenarios%20or%20Active%20Directory%20Federation%20Services%2C%20make%20sure%20that%20the%26nbsp%3Binfrastructure%26nbsp%3Bcan%20support%20both%20inbound%20and%20outbound%20connections%20that%20use%20TLS%201.2.%3C%2FSPAN%3E%22%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-201908%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.2%20Office%20365%20Mandatory%20-%20Couple%20of%20thoughts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-201908%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20Exchange%20team%20has%20published%20guidance%20on%20this%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fexchange%2F2018%2F01%2F26%2Fexchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fexchange%2F2018%2F01%2F26%2Fexchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOffice%20applications%20on%20Windows%207%20require%20additional%20(OS)%20patch%20for%20TLS%201.2%20as%20detailed%20for%20example%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fschrimsher%2F2016%2F07%2F08%2Fenabling-tls-1-1-and-1-2-in-outlook-on-windows-7%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fschrimsher%2F2016%2F07%2F08%2Fenabling-tls-1-1-and-1-2-in-outlook-on-windows-7%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

Rather than going to do the dirty work myself and check, I am wondering if someone already has the answers...

 

When connecting to Office 365....

 

Does Outlook 2010 on Windows 7 support TLS 1.2 by default?

Does Outlook 2013 on Windows 7 support TLS 1.2 by default?

Does Outlook 2016/365 on Windows 7 support TLS 1.2 by default?

Does Skype for Business 365 on Windows 7 support TLS 1.2 by default?

 

if the answer is no what is the windows 7 upgrade path to support the use of TLS 1.2 in the above applications?

 

Also...

 

Exchange Online will support opportunistic TLS with version 1.2 the only supported version.

 

What is the minimum Exchange and OS version combination to natively (default) support TLS 1.2 for SMTP

 

e.g. out of the Box Exchange 2010 on Server 2012 R2?

 

I am planning to put together some comms for our customers still on Windows 7 and will try and put a matrix together from the above information.

 

Thanks!

5 Replies
Highlighted
Best Response confirmed by Mitch King (Frequent Contributor)
Solution

The Exchange team has published guidance on this here: https://blogs.technet.microsoft.com/exchange/2018/01/26/exchange-server-tls-guidance-part-1-getting-...

 

Office applications on Windows 7 require additional (OS) patch for TLS 1.2 as detailed for example here: https://blogs.technet.microsoft.com/schrimsher/2016/07/08/enabling-tls-1-1-and-1-2-in-outlook-on-win...

Highlighted

Thanks Vasil,

 

i'm just surprised by the below statement considering how many organisations are still on Windows 7 or Exchange 2010 on Server 2008 R2...

 

https://support.microsoft.com/en-gb/help/4057306/preparing-for-tls-1-2-in-office-365

 

"Although current analysis of connections to Microsoft Online services shows that most services/endpoints see very little TLS 1.0 and 1.1 usage, we are providing notice of this change so that you can update any affected clients or servers as necessary before support for TLS 1.0 and 1.1 ends. If you are using any on-premises infrastructure for hybrid scenarios or Active Directory Federation Services, make sure that the infrastructure can support both inbound and outbound connections that use TLS 1.2."

Highlighted

Also...

IE 8, 9 & 10 will not connect to Office 365 on Windows 7 at all right? i.e. no remediation or patch possible

Highlighted

Those products are all out of support now, so I highly doubt we will see any more patches...

Highlighted

Hello,

 

What is it about:
 

- The 1.1.614.0 version of Azure AD Connect defaults to TLS 1.2, however the older versions will still work or we have to enable TLS 1.2 (enable on the system if not and by following this doc: https://docs.microsoft.com/en- us / azure / active-directory / hybrid / how-to-connect-install-prer...) ?

 

-Applications (others than .NET, for example a Java application on a Linux server) that would use the Microsoft APIs to do actions on Office 365 (assign license, user management, etc.) should they support TLS 1.2 (and also the OS, which is sometimes not at all from Microsoft ..)?

 

- If all PCs go through a proxy (which is able to TLS 1.2 to Microsoft), do you need to put TLS 1.2 on computers or not?

 

Thanks