Washington, DC - Microsoft has announced plans to enforce TLS 1.2 on its Office 365 platform. Starting on March 1, 2018 all client-server and browser-server combinations must use TLS 1.2 or later protocol versions (1.3) to be able to connect to Office 365 services without issue.
Although current analysis of connections to Microsoft Online services shows that very few customers still use TLS 1.0 and 1.1, we are providing notice of this change so that you can update any affected clients or servers as necessary before support for TLS 1.0 and 1.1 is disabled. If you are using any on-premises infrastructure for hybrid scenarios or Active Directory Federation Services, make sure that these infrastructures can support both inbound and outbound connections that use TLS 1.2.
TLS 1.3 is gaining wider support and the older versions of TLS are beginning to represent a potential security threat. Microsoft was quick to assure people that its TLS 1.0 implementation has no known security vulnerabilities.
Because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are disabling the use of TLS 1.0 and 1.1 in the service.
TLS or Transport Layer Security is successor to SSL. That being said, they’re still colloquially know as SSL certificates, previous versions of the SSL protocol have been found vulnerable to it has no been fully deprecated. And with release of TLS 1.3, you can expect more and more companies to end support for 1.0 and 1.1.
Microsoft provided a link to a recent white paper to help with any TLS 1.0 dependencies.