Disabling TLS 1.0 and 1.1 in Microsoft 365 GCC High and DoD
Article
Applies to:
Office 365 Business
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.
Summary
In order to comply with the latest compliance standards for the Federal Risk and Authorization Management Program (FedRAMP), we are disabling Transport Layer Security (TLS) versions 1.1 and 1.0 in Microsoft 365 for GCC High and DoD environments. This change was previously announced through Microsoft Support in Preparing for the mandatory use of TLS 1.2 in Office 365.
The security of your data is important, and we are committed to transparency about changes that could affect your use of the service.
Although the Microsoft TLS 1.0 implementation has no known security vulnerabilities, we remain committed to the FedRAMP compliance standards. Therefore, we disabled TLS 1.1 and 1.0 in Microsoft 365 in GCC High and DoD environments on January 15, 2020.
More information
Starting on January 15, 2020, Microsoft 365 in the GCC High and DoD environments will disable TLS 1.1 and 1.0.
By January 15, 2020, all combinations of client servers and browser servers should use TLS version 1.2 (or a later version) to make sure that all connections can be made without issues to Microsoft 365. This may require updates to certain combinations of client servers and browser servers.
For SharePoint and OneDrive, you'll need to update and configure .NET to support TLS 1.2. For information, see How to enable TLS 1.2 on clients.
You must update your client computers to make sure that you maintain uninterrupted access to Office 365 GCC High and DoD.
We know that the following client applications cannot use TLS 1.2:
Android 4.3 and earlier versions
Firefox version 5.0 and earlier versions
Internet Explorer 8-10 on Windows 7 and earlier versions
Internet Explorer 10 on Windows Phone 8.0
Safari 6.0.4/OS X 10.8.4 and earlier versions
Although current analysis of connections to Microsoft Online services shows that most services and endpoints see little TLS 1.1 and 1.0 usage, we're providing notice of this change so that you can update any affected clients or servers as necessary before support for TLS 1.1 and 1.0 ends. If you are using any on-premises infrastructure for hybrid scenarios or Active Directory Federation Services (AD FS), make sure that the infrastructure can support both inbound and outbound connections that use TLS 1.2 (or a later version).
In addition to the outages that you might experience if you use the listed clients that cannot use TLS 1.2, removing TLS 1.1 and 1.0 will prevent you from being able to use the following Microsoft product:
This learning path examines the key Microsoft 365 security and compliance features that administrators must prepare in order to successfully implement Microsoft 365 Copilot.