An update over the holidays, Microsoft is again pushing towards removing TLS 1.0/1.1 support in Office 365. They have previously set dates for enforcing TLS 1.2 but then backed out:
- Office 365 will Enforce Mandatory use of TLS 1.2 from October 31, 2018, so Lync Phone Edition (which does not support TLS 1.2) will not be able to Connect to Skype for Business Online
- Microsoft no longer enforcing TLS 1.2 in Office 365 from October 31st 2018
Office 365 will not retire TLS 1.0/1.1 on February 28, 2019, even though the reports contain information about both TLS 1.0/1.1 and 3DES connections. However, expect issues connecting to Office 365 services if you are using 3DES from this date onwards. TLS 1.0/1.1 connections without the 3DES cypher will not be affected.
Fortunately, Microsoft has provided some new reports to easily identify user and clients that need updating.
By going to http://securescore.microsoft.com, you can find the overview of your TLS 1.0/1.1 and 3DES usage for Exchange.
Click on ‘Score Analyzer’ and scroll to the – Remove TLS dependencies tab. Here you will see a summary of your TLS 1.0/1.1 and 3DES usage. Click ‘Get Details’ button that will launch a flyout where you can click on ‘Launch now’. This will take you to the Secure Trust Portal (http://servicetrust.microsoft.com) where you can download and excel report of your user and agent information.
For Skype for Business Online users watch out for those Lync Phone Edition Phones.
It will give you a nice excel report of the users/devices/clients that need upgrading
Message Centre Message: https://portal.office.com/adminportal/home#/MessageCenter?id=MC171089
Preparing to use TLS 1.2 in Office 365: https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365
Michael also has a good overview here: https://realtimeuc.com/2019/01/o365tls3des/index.html