Microsoft Deprecation Alert: Legacy TLS Ending Support in Exchange Online July 2023
Microsoft announces plan to deprecate legacy TLS versions 1.0 and 1.1 for POP3 and IMAP4 connections in Exchange Online.
Microsoft Deprecates Legacy TLS Support in Exchange Online
As part of its efforts to enhance security and protect user data, Microsoft announced plans to deprecate legacy Transport Layer Security (TLS) versions 1.0 and 1.1 for Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4 (IMAP4) connections in Exchange Online starting in July.
Background on Legacy TLS Versions
Legacy TLS versions, which were introduced in the late 1990s, have been widely recognized as insecure due to vulnerabilities that could allow attackers to intercept and manipulate sensitive information.
Impact on Users
Most users will not be significantly impacted by this change, as the majority of POP and IMAP traffic to Exchange Online already utilizes TLS 1.2 or higher. However, customers who rely on custom or embedded systems that do not support modern TLS versions may experience disruptions once legacy TLS is deprecated.
Preparation for the Change
Microsoft advises Exchange Online customers to verify that their clients and applications support TLS 1.2 or later, and to refrain from using legacy endpoints to connect to the service.
Collaboration Efforts
This move is part of a larger effort by major technology companies, including Microsoft, Apple, Google, and Mozilla, to retire insecure TLS 1.0 and TLS 1.1 protocols in favor of more secure alternatives.
Conclusion
By deprecating legacy TLS support in Exchange Online, Microsoft aims to further enhance the security and resilience of its services, protecting users’ sensitive information from unauthorized access and manipulation.