Office 365 to drop TLS 1.1 support, starting October 15

Don Sharpe
by Don Sharpe
Author
Affiliate Disclosure
Share this article:

  • Enterprises using Transport Layer Security (TLS) 1.1 and 1.0 won’t be able to connect to Office 365 and Office 365 GCC, starting October 15, 2020.
  • Microsoft has notified Office 365 users to start upgrading to TLS 1.2 (or later).
  • For tips on how to secure your Office 365 network connectivity, visit the Office 365 Security section.
  • We have more fresh content on Microsoft 365 products and Windows 10 apps. Visit the News page to learn more!
Office 365 users to upgrade to TLS 1.2

Enterprises using Transport Layer Security (TLS) 1.1 and 1.0 won’t be able to connect to Office 365 and Office 365 GCC, starting October 15, 2020.

Just like the Secure Sockets Layer (SSL), TLS has had its share of vulnerabilities, including protocol downgrade attacks. It’s why Microsoft is asking Office 365 users to upgrade to a safer protocol.

Office 365 to discontinue TLS 1.1 support

According to Computer Business Review, Microsoft sent emails to Office 365 users advising them to migrate to TLS 1.2

As supply chains have adjusted and certain countries open back up, we are resetting the TLS enforcement to start Oct 15, 2020.

The original plan was to end support for TLS 1.1 and 1.0 or older versions from June this year. But Microsoft put a pause on it in consideration of the COVID-19 crisis around the world.

So, it let business users that haven’t yet upgraded to a more recent version of the protocol continue accessing the cloud-based platform.

Microsoft believes that its current implementation of TLS 1.0 has no discovered security weaknesses yet. But at the same time, the protocol isn’t immune to future protocol downgrade attacks.

The Microsoft TLS 1.0 implementation has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are discontinuing support for TLS 1.0 and 1.1 in Microsoft Office 365 and Office 365 GCC.

In a typical downgrade attack, threat actors trick your client/web server into using an older, vulnerable protocol for your TLS connection. They may then send multiple requests to decrypt messages after downgrading the connection.

But before you can update to TLS 1.2, you may need to upgrade your client. That’s because the protocol doesn’t support certain platforms, for example, Android 4.3 and Firefox 5.0 (and older versions).

Are you an Office 365 user, and have you upgraded to TLS 1.2? If you’ve experienced any issues with the upgrade process, let us know in the comments section below.