Excel Consulting

Microsoft TLS 1.2 Migration

On October 25, 2018, Microsoft published Message MC152261 in the Office 365, urging customers to plan for change, and to begin the migration to the new TLS 1.2 security protocol.

Please call or email us if you have any questions or concerns about your readiness for the move to TLS 1.2.

 

Action required by October 31, 2018
As previously communicated (MC124102 in Oct 2017, MC126199 in Dec 2017 and MC128929 in Feb 2018), Microsoft is moving all online services to Transport Layer Security (TLS) 1.2+ to provide best-in-class encryption, and to ensure that our service is more secure by default.

How does this affect me?
As of October 31, 2018, Microsoft Office 365 will no longer support TLS 1.0 and 1.1.  That means Microsoft will not provide any further software updates to fix new issues discovered in the older TLS 1.0 and 1.1 encryption software used by client devices or servers that connects to Office 365. TLS 1.0 and 1.1 protocol connections will continue to function until further notice.  Some day, when the the time is right for most customers, TLS 1.0 and 1.1 will be completely retired.

How can I prepare for this change?
You should review all of the Server and Desktop Operating Systems in your environment, and ensure that all client-server and browser-server combinations are capable of using TLS 1.2 (or later) and that TLS 1.2 is the default protocol for all network services connections. This may require you to update certain server, desktop, or browser combinations. Microsoft recommends that it is time to move to TLS 1.2 or later for improved data security. We must eliminate TLS 1.0/1.1 dependencies, and then disable TLS 1.0/1.1 in the operating system. Please click here for Additional information.

How will you be impacted?
Moving to TLS 1.2 or newer encryption protocols now could help to avoid an urgent call to action if new threats and vulnerabilities are discovered after support for TLS 1.1 ends on October 31, 2018.  It will also help us to be ready for the inevitable day when Office 365 Exchange and Web Portal, stop accepting connections using the older TLS 1.x protocols.

How can I be sure I’m ready?
Are you wondering if your current OS and browser will support TLS 1.2?  You find out right now by visiting Qualys SSL Labs test site.  Test all of your devices and browsers to see which TLS versions are supported, and if you are are at risk from one of a few known vulnerabilities.  Qualys SSL/TLS Browser Test

Some Product Information to Assist with Migration Planning.

Internet Explorer versions with TLS 1.2 enabled by default, manually, or not supported.

Internet Explorer Win 8.1 or newer Win 8 and 7 Win Vista, XP

11

Enabled by default Enabled by default Enabled by default

10, 9 and 8

Enabled by default Enable manually Not supported

Supported versions of Microsoft Office

  • Microsoft Office 365
  • Microsoft Office 2016
  • Microsoft Office 2013
  • Microsoft Office 2010

Supported non-Internet Explorer web browsers

  • Mozilla Firefox (latest release) on Win 10, Win 8.1, Win 8, or Win 7
  • Google Chrome
  • Google Chrome (latest release) on Win 10, Win 8.1, Win 8, Win 7, and Android 10 tablet
  • Google Chrome (latest release) on Mac OS X 10.8, 10.9, or 10.10
  • Apple Safari (latest release) on Mac OS X 10.8, 10.9, 10.10, or Apple iPad

Clients with No Support for  TLS 1.2.

Update your unsupported software to ensure uninterrupted access to the Internet services.

  • Android 4.3 and earlier versions
  • Firefox version 5.0 and earlier versions
  • Internet Explorer 8-10 on Windows 7 and earlier versions
  • Internet Explorer 10 on Win Phone 8.0
  • Safari 6.0.4/OS X10.8.4 and earlier versions

Ensuring support for TLS 1.2 across deployed operating systems

Many operating systems have outdated TLS version defaults or support ceilings that need to be accounted for.  Usage of Windows 8/Server 2012 or later means that TLS 1.2 will be the default security protocol.  Windows 7 and Server 2008 R2 support TLS 1.1 and 1.2, but it is disabled by default.  Windows Vista and Server 2008 do not support TLS 1.2 at all.

How to Enable TLS 1.x support in IE?
Follow the steps below to enable TLS 1.0, TLS 1.1, and TLS 1.2:

  • Open     Internet Explorer
  • Click      Tools button, and then click Internet Options
  • Click      Advanced tab.
  • Check   Under Security section:  “Use TLS 1.0, TLS 1.1, and TLS 1.2”

TLS Browser Errors
Some errors that you might encounter when TLS 1.2 security protocol is not available:

  • Can’t connect securely to this page
  • This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.

Stay tuned for more updates on this topic.