Microsoft Making TLS 1.2 Mandatory for Office 365
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Microsoft Making TLS 1.2 Mandatory for Office 365

The company is quietly deprecating TLS 1.0 and TLS 1.1

Microsoft has announced plans to enforce TLS 1.2 on its Office 365 platform. Starting on March 1, 2018 all client-server and browser-server combinations must use TLS 1.2 or later protocol versions (1.3) to be able to connect to Office 365 services without issue.

Although current analysis of connections to Microsoft Online services shows that very few customers still use TLS 1.0 and 1.1, we are providing notice of this change so that you can update any affected clients or servers as necessary before support for TLS 1.0 and 1.1 is disabled. If you are using any on-premises infrastructure for hybrid scenarios or Active Directory Federation Services, make sure that these infrastructures can support both inbound and outbound connections that use TLS 1.2.

TLS 1.3 is gaining wider support and the older versions of TLS are beginning to represent a potential security threat. Microsoft was quick to assure people that its TLS 1.0 implementation has no known security vulnerabilities.

Because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are disabling the use of TLS 1.0 and 1.1 in the service.

TLS or Transport Layer Security is successor to SSL. That being said, they’re still colloquially know as SSL certificates, previous versions of the SSL protocol have been found vulnerable to it has no been fully deprecated. And with release of TLS 1.3, you can expect more and more companies to end support for 1.0 and 1.1.

Microsoft provided a link to a recent white paper to help with any TLS 1.0 dependencies.

If you’d like to know more about cipher suites and TLS versions, you can find it here.

Author

Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.