Jason Parms

If your company is one of those millions of enterprises which rely on Office 365 to get things done, this is some serious news that you can’t afford to ignore. Microsoft has decided to pull the plug on TLS 1.0 and 1.1 for Office 365, so if your business has still not switched to TLS 1.2 then you must do that now. Don’t worry – you still have time till March 1, 2018, but when it has to be done, you’ll be better off if you get it done soon.

The move was announced by the Microsoft in a blog post which goes on to say:

Consistent with our promise to provide best-in-class encryption to our customers, we are planning to enforce the use of TLS 1.2 soon in Office 365.

We understand that the security of your data is important, and we are committed to transparency about changes that could affect your use of the service.

The Microsoft TLS 1.0 implementation has no known security vulnerabilities. Because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are disabling the use of TLS 1.0 and 1.1 in the service.

On the subject of deadline the post says:

On March 1, 2018, Microsoft Office 365 will disable support for TLS 1.0 and 1.1. This means that, starting on March 1, 2018, all client-server and browser-server combinations must use TLS 1.2 or later protocol versions to be able to connect without issues to Office 365 services.

The post also mentioned that company’s analysis of connections to Office 365 servers shows very few businesses still using TLS 1.0 or 1.1, but still this advance notification was being released to give everyone the enough time for switching to better TLS protocols.

I’d suggest you to switch to TLS 1.2, as it’s gaining wider support and adoption. Being the latest standard of TLS protocol, it will be able to protect your business against all well-known as well as not-so-well-known security vulnerabilities.

What you should know before upgrading to TLS 1.2

There’re a few things that you should know before upgrading to TLS 1.2. First of all you’ll need a browser that supports this protocol. The good news is that latest versions of almost all major browsers come with this support. However, if you still use Windows 7 then you need to ensure that your browser is more recent than the ones given below:

  • Google Chrome 29
  • Internet Explorer 10
  • Firefox 26
  • Apple Safari 8.

The browsers mentioned above DO NOT support TLS 1.2 or higher. If you use mobile devices to access Office 365, you should have smart phones/tablets running higher than iOS 4 and Android 4.

Also if you’ve code that connects to Office 365, REST API or Graph API then you need to ensure that it uses .NET version 4.5 or higher. It’ll be best if it relies on .NET 4.6 or 4.7, because in these libraries TLS 1.2 is used by default. But even if it relies on .NET 4.5 you’ll be able to make it work by changing the SecurityProtocolType enumeration to Tls12.

Helpful Resources: