Not too long ago, I remember making the announcement at our user group that come October 31st, TLS 1.0 would no longer work in Office 365. “That’s ages away Craig!” was the cry from the audience. Well, in just under a months time, it’ll be upon us. The question is, are you ready?
What’s the deal with TLS 1.0 anyway?
Transport Layer Security version 1.0 is being removed as a supported secure protocol for connecting to Office 365. It’s being replaced with a new minimum requirement of at least TLS 1.2.
Am I affected?
If you’re running any of the following, you’re affected by this mandatory change.
- Windows 7 or earlier
- Windows 2008r2 or earlier
- Office 2007 or earlier
- Android 4.3 and earlier versions
- Firefox version 5.0 and earlier versions
- Internet Explorer 8-10 on Windows 7 and earlier versions
- Internet Explorer 10 on Win Phone 8.0
- Safari 6.0.4/OS X10.8.4 and earlier versions
- Lync for Mac 2011
- Lync 2013 for Mobile – iOS, iPad, Android or Windows Phone
- Lync “MX” Windows Store client
- All Lync 2010 clients
- Lync Phone Edition. There is further guidance provided for these devices is located here.
- Lync Room System (a.k.a. SRSv1)
- LRS Options – Upgrading SRSv1 (LRS) Systems to SRS v2 – Further guidance provided for these devices is located here
I’ve got devices or OS’s on that list, what can I do?
In short, disable, upgrade or replace.
You’re going to want to disable TLS 1.0 as the default security protocol within older versions of Windows. Microsoft has published the steps here: https://support.microsoft.com/en-au/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in
If you’re running older versions of Internet explorer, firefox, safari, or an older Lync client on your desktops or mobile devices you’re going to need to update them to newer supported versions.
Install Internet Explorer 11 for Windows 7 – https://www.microsoft.com/en-au/download/Internet-Explorer-11-for-Windows-7-details.aspx
Install the latest version of Microsoft Office on your end user devices
Ensure users are running the latest version of Skype for Business on their mobile devices
If you happen to have a deployment of Lync Phone Edition (LPE) handsets, you’re going to need to replace these with newer, supported devices.
LPE handsets include:
- HP 4110 and 4120
- Polycom CX500, CX600 and CX3000
- Aastra 6721ip, 6725ip
The main reason for this change is that these devices run a version of Windows CE that does not support TLS 1.2.
Microsoft has published a list of supported devices here: https://partnersolutions.skypeforbusiness.com/solutionscatalog/ip-phones
Is the 31st October 2018 a hard deadline?
Microsoft has said that come the 31st of October, devices that do not support TLS 1.2 may experience issues connecting to Office 365 and that no support tickets will be generated for devices that do not support TLS 1.2.
This does NOT mean that the 1st of November 2018, your TLS 1.0 devices will spontaneously combust, and they may continue to work for a while afterwards. TLS 1.0 will be decommissioned from Office 365 though, and so they will stop working at some point.
I still need help.
Microsoft has a whole heap of information available to assist you with the transition. You can check it out here: https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365