Microsoft no longer enforcing TLS 1.2 in Office 365 from October 31st 2018
In an interesting change of plan, originally Microsoft said in their KB that:
“In line with security best practices, and for very good reasons as Microsoft explain in their advisory, Microsoft is moving Office 365 to mandatory TLS 1.2.”
Now the same KB article has been updated on October 24th and says:
“ As of October 31, 2018, Office 365 will no longer support TLS 1.0 and 1.1. This means that Microsoft will not fix new issues that are found in clients, devices, or services that connect to Office 365 by using TLS 1.0 and 1.1.
Note This doesn’t mean Office 365 will block TLS 1.0 and 1.1 connections. There is no official date for disabling or removing TLS 1.0 and 1.1 in the TLS service for customer connections. The eventual deprecation date will be determined by customer telemetry and is not yet known. After a decision is made, there will be an announcement six months in advance unless we become aware of a known compromise, in which case we may have to act in less than six months to protect customers who use the services. “
I am not a fan of Microsoft changing the text in these KB’s without a clear change log and explanation.
This seems to have been driven not by Lync Phone Edition, but by other Skype for Business endpoints, still in full mainstream support, that do not support TLS 1.2 yet. Microsoft Surface Hub and Skype Room Systems Version 2 (SRS v2) currently use TLS 1.0 or 1.1
Microsoft has committed to updating these before enforcing TLS 1.2 in Office 365.
“Microsoft will update Surface Hub, Skype Room Systems V2, Skype for Business Online, and server products to support TLS 1.2 before TLS 1.0 and 1.1 are deprecated for Office 365.” here
Thanks to some of my colleagues at Modality Systems for catching the change.