Microsoft last week revealed plans to move forward with the retirement of the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Office 365, starting October 15, 2020.
Decades old, these protocol versions are considered obsolete, especially since the newer, safer TLS 1.2 and TLS 1.3 have been available for years. In fact, plans for their removal from major browsers and online services have been announced several years ago.
The deprecation of TLS 1.0 and 1.1 in major browsers has been delayed earlier this year, due to the COVID-19 pandemic, but others have already resumed plans in this direction, to ensure the security of their users.
In October 2018, Microsoft confirmed plans to remove support for the older protocols from its browsers, and also moved to deprecate TLS 1.0 and 1.1 for the Office 365 service.
Now, the company says it is ready to make the change in Office 365 clients as well, and plans to enforce the decision starting in the fall.
“We temporarily halted deprecation enforcement of TLS 1.0 and 1.1 for commercial customers due to covid-19, but as supply chains have adjusted and certain countries open back up, we are resetting the TLS enforcement to start Oct 15, 2020,” the company announced.
The Office client can leverage TLS 1.2, as long as the web service of the machine supports it. Windows 8 and newer include support for TLS 1.2, but Windows 7 devices require the KB 3140245 update to use the TLS 1.1 and 1.2 protocols, Microsoft also explains.
Microsoft is also moving forth with the deprecation of TLS 1.0 and 1.1 in Office 365 GCC, citing known vulnerabilities in the TLS 1.0 implementation. The software giant also published a whitepaper to provide guidance on how organizations can identify and remove TLS dependencies in Windows applications.
Related: Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout
Related: Browser Makers Delay Removal of TLS 1.0 and 1.1 Support
Related: Firefox 74 Patches Vulnerabilities, Disables TLS 1.0 and 1.1