Consistent with our promise to provide best-in-class encryption to our customers, Microsoft is planning to enforce the use of TLS 1.2 soon in Office 365.
The Microsoft TLS 1.0 implementation has no known security vulnerabilities. Because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are disabling the use of TLS 1.0 and 1.1 in the service.
This recently released TLS 1.0 whitepaper can help you to remove TLS 1.0 dependencies.
On March 1, 2018, Microsoft Office 365 will disable support for TLS 1.0 and 1.1. This means that, starting on March 1, 2018, all client-server and browser-server combinations must use TLS 1.2 or later protocol versions to be able to connect without issues to Office 365 services. This may require certain client-server and browser-server combinations to be updated.
Although current analysis of connections to Microsoft Online services shows that very few customers still use TLS 1.0 and 1.1, we are providing notice of this change so that you can update any affected clients or servers as necessary before support for TLS 1.0 and 1.1 is disabled. If you are using any on-premises infrastructure for hybrid scenarios or Active Directory Federation Services, make sure that these infrastructures can support both inbound and outbound connections that use TLS 1.2.
The following resources provide guidance to make sure that clients are using TLS 1.2 or a later version, and to disable TLS 1.0 and 1.1 proactively.
- To start addressing weak TLS use by removing TLS 1.0 and 1.1 dependencies, see TLS 1.2 support at Microsoft.
- A new IIS functionality makes it easier to find clients on Windows Server 2012 R2 and Windows Server 2016 that connect to the service by using weak security protocols.
- Get more information about how you can solve the TLS 1.0 problem.
- For general information about our approach to security, go to the Office 365 Trust Center.