Are you running Windows Server 2008 R2 or Windows 7 for use with Office 365? Then read this!

Microsoft has announced its timeline for retiring support for TLS 1.0 and 1.1 with Office 365, making TLS 1.2 mandatory.

If your organisation falls under the requirements of PCI DSS (Payment Card Industry Data Security Standard) then you will likely already have come across this as PCI is requiring earlier protocol suites to be disabled this year.

The TLS, transport layer security, suite of protocols are responsible for the encryption used with HTTPS connections. As time goes on, older encryption standards can become weak due to more compute power being available for brute force attacks, or due to the emergence of previously unknown attacks.

There are two main considerations here for our customers, firstly, how hybrid Exchange organisations running on Windows Server 2008 R2 (or non-R2) can continue to function and, secondly, where Windows 7 clients are in use, how to check that TLS 1.2 is enabled.

When you create a hybrid organisation, where your on-premises Exchange servers communicate with the Exchange Online service, that communication uses HTTPS. Negotiation takes place so that best available encryption standard available at both ends is used.

Different Windows versions support different TLS cipher suites and priority order. If you are running your Exchange servers on Windows Server 2008 R2, then there is likely some work to do.

Windows Server 2008 R2 shipped with support for TLS 1.1 and TLS 1.2, but only TLS 1.0 was enabled by default. In October2018, this configuration would cause an Exchange hybrid organisation to fail.

Similarly, for client computers running Windows 7, the TLS capabilities configured need to be checked otherwise access to Office 365 services will be impaired.

More information can be found here, or talk to ComputerWorld.

Preparing for the mandatory use of TLS 1.2 in Office 365

If you are running the Windows Server 2008 (i.e. non-R2, less likely) then there is an update you need to check is present along with some registry keys to change to enable that support.

Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2…

Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows