Connect with us

Hi, what are you looking for?


Data Protection

Microsoft to Retire TLS 1.0/1.1 in Office 365 Starting October 15

Microsoft last week revealed plans to move forward with the retirement of the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Office 365, starting October 15, 2020.

Microsoft last week revealed plans to move forward with the retirement of the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Office 365, starting October 15, 2020.

Decades old, these protocol versions are considered obsolete, especially since the newer, safer TLS 1.2 and TLS 1.3 have been available for years. In fact, plans for their removal from major browsers and online services have been announced several years ago.

The deprecation of TLS 1.0 and 1.1 in major browsers has been delayed earlier this year, due to the COVID-19 pandemic, but others have already resumed plans in this direction, to ensure the security of their users.

In October 2018, Microsoft confirmed plans to remove support for the older protocols from its browsers, and also moved to deprecate TLS 1.0 and 1.1 for the Office 365 service.

Now, the company says it is ready to make the change in Office 365 clients as well, and plans to enforce the decision starting in the fall.

“We temporarily halted deprecation enforcement of TLS 1.0 and 1.1 for commercial customers due to covid-19, but as supply chains have adjusted and certain countries open back up, we are resetting the TLS enforcement to start Oct 15, 2020,” the company announced.

The Office client can leverage TLS 1.2, as long as the web service of the machine supports it. Windows 8 and newer include support for TLS 1.2, but Windows 7 devices require the KB 3140245 update to use the TLS 1.1 and 1.2 protocols, Microsoft also explains.

Advertisement. Scroll to continue reading.

Microsoft is also moving forth with the deprecation of TLS 1.0 and 1.1 in Office 365 GCC, citing known vulnerabilities in the TLS 1.0 implementation. The software giant also published a whitepaper to provide guidance on how organizations can identify and remove TLS dependencies in Windows applications.

Related: Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout

Related: Browser Makers Delay Removal of TLS 1.0 and 1.1 Support

Related: Firefox 74 Patches Vulnerabilities, Disables TLS 1.0 and 1.1

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.