UPDATE: Transport Layer Security 1.0 and 1.1 disablement
Originally published: September 30, 2020
Updated: August 24, 2021
Please go here to search for your product's lifecycle.
Transport Layer Security (TLS) 1.0 and 1.1 are security protocols for establishing encryption channels over computer networks. Microsoft has supported these protocols since Windows XP/Server 2003. However, due to evolving regulatory requirements as well as new security vulnerabilities in TLS 1.0, Microsoft recommends that customers remove TLS 1.0/1.1 dependencies in their environments and disable TLS 1.0 and 1.1 at the operating system level where possible.
Microsoft is taking the following actions to ensure our entire product stack is more secure. We will continue to update this article as new deprecations and disablements are announced.
Deprecation postponed for Microsoft 365. Due to COVID-19, Microsoft postponed the deprecation of TLS 1.0/1.1 for Microsoft 365/Office 365. However, as supply chains have adjusted and certain countries open back up, TLS enforcement has been reset to start October 15, 2020. Go here to learn more.
Deprecation of TLS 1.0/1.1 in Office 365 GCC High and DoD. Microsoft will deprecate TLS 1.0/1.1 in Office 365 in GCC High and DoD environments starting on January 15, 2020. For more information, go here.
Disablement postponed for Internet Explorer. TLS 1.0/1.1 will not be disabled by default for Internet Explorer and EdgeHTML (the rendering engine for the WebView control) until 2022. Organizations that wish to disable TLS 1.0 and TLS 1.1 before that time may do so using Group Policy. TLS 1.0/1.1 will remain disabled by default in Microsoft Edge version 84 and later. Go here to learn more.
Support discontinued on packages.microsoft.com. To support modern security standards, packages.microsoft.com will discontinue support for Linux package download over TLS 1.0/1.1 as of September 24, 2020. This means that any connection using these protocols will no longer work as expected, and no support will be provided. To access Linux packages from packages.microsoft.com after that date, organizations will need to enable TLS 1.2 (or a later version). Where possible, Microsoft recommends that organizations remove all TLS 1.0/1.1 dependencies in their environments and disable TLS 1.0/1.1 at the operating system level.
Support ending for TLS 1.0/1.1 in Teams. Microsoft will no longer support TLS 1.0/1.1 in Microsoft Teams Desktop application starting July 7, 2021. This change will affect Teams third-party extensions, add-ons, and embedded websites that use TLS 1.0/1.1.
End of synchronization and updates for Windows Server Updates Services (WSUS) 3.0. Microsoft is transitioning all endpoints for WSUS to the more secure TLS 1.2 cryptographic protocol. Because WSUS 3.0 does not support this newer protocol, organizations must migrate to newer versions of WSUS by October 31, 2021. Go here to learn more.
Please go here for additional resources and information:
- Update for TLS 1.1/1.2 support in Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1