Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

3des / TLS Deprecation recommendations table

Iron Contributor

Hi all

 

I'm looking across all my customers' tenant at the deprecation report and seeing various values in the "Agent" column, including some ones that surprise me. Does anyone know if Microsoft, or a third-party, has provided a table of what actions are needed for the the various 'Agents'.

 

e.g. I see:

secretary@example.comTLS1.0/1.1Microsoft+Office/16.0+(Windows+NT+6.3;+Microsoft+Outlook+16.0.11029;+Pro)2 
scott@example.comTLS1.0/1.1Microsoft+BITS/7.513 

 

So I had the latter explained to me. BITS it used by Outlook for OAB download, so that's likely Windows 7. So need to do the kb3140245 actions I guess.

 

The former is more confusing to me. That's Windows 8.1 with Office C2R. That platform should be all compliant, no?

 

Alan

2 Replies
best response confirmed by Deleted
Solution

The platform having all the necessary controls to disable TLS 1.0/1.1 doesn't necessarily mean that they are actually disabled, so check for the relevant reg keys.

 

As for the "Agent" column, it can be anything really, it's fairly easy to put a custom string there. Generally speaking, you can use one of the many "user agent list" sites as a reference.

Hi Guys,

Share my script for monitoring afectation after apply TLS deprecation:
https://github.com/Andresji321/MonitoringTLSErrorAzureAD

Good Luck!!!
1 best response

Accepted Solutions
best response confirmed by Deleted
Solution

The platform having all the necessary controls to disable TLS 1.0/1.1 doesn't necessarily mean that they are actually disabled, so check for the relevant reg keys.

 

As for the "Agent" column, it can be anything really, it's fairly easy to put a custom string there. Generally speaking, you can use one of the many "user agent list" sites as a reference.

View solution in original post