*Update*
The version 2.149 release is now expected to be deployed from the 30th May, not the 23rd as suggested in the original post. All other information in the original post remains the same.
Microsoft Defender for Identity is removing non-secure cipher suites to provide best-in-class encryption, and to ensure our service is more secure by default. As of version 2.149 (expected to be deployed on the week commencing 23rd May) Microsoft Defender for Identity will no longer support the following cipher suites. From this date forward, any connection using these protocols will no longer work as expected, and no support will be provided.
Non-secure cipher suites:
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Support will continue for the following suites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
What do I need to do to prepare for this change?
Nothing - this change will be automatic and we don't anticipate it affecting customer environments.
For additional inquiries please contact support.
- Microsoft Defender for Identity team.
