Are you running Windows Server 2008 R2 or Windows 7 for use with Office 365? Then read this!

Microsoft has announced its timeline for retiring support for TLS 1.0 and 1.1 with Office 365, making TLS 1.2 mandatory.

If your organisation falls under the requirements of PCI DSS (Payment Card Industry Data Security Standard) then you will likely already have come across this as PCI is requiring earlier protocol suites to be disabled this year.

The TLS, transport layer security, suite of protocols are responsible for the encryption used with HTTPS connections. As time goes on, older encryption standards can become weak due to more compute power being available for brute force attacks, or due to the emergence of previously unknown attacks.

There are two main considerations here for our customers, firstly, how hybrid Exchange organisations running on Windows Server 2008 R2 (or non-R2) can continue to function and, secondly, where Windows 7 clients are in use, how to check that TLS 1.2 is enabled.

When you create a hybrid organisation, where your on-premises Exchange servers communicate with the Exchange Online service, that communication uses HTTPS. Negotiation takes place so that best available encryption standard available at both ends is used.

Different Windows versions support different TLS cipher suites and priority order. If you are running your Exchange servers on Windows Server 2008 R2, then there is likely some work to do.

Windows Server 2008 R2 shipped with support for TLS 1.1 and TLS 1.2, but only TLS 1.0 was enabled by default. In October2018, this configuration would cause an Exchange hybrid organisation to fail.

Similarly, for client computers running Windows 7, the TLS capabilities configured need to be checked otherwise access to Office 365 services will be impaired.

More information can be found here, or talk to ComputerWorld.

Preparing for the mandatory use of TLS 1.2 in Office 365

https://support.microsoft.com/en-gb/help/4057306/preparing-for-tls-1-2-in-office-365

If you are running the Windows Server 2008 (i.e. non-R2, less likely) then there is an update you need to check is present along with some registry keys to change to enable that support.

Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2…

https://support.microsoft.com/en-gb/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows

Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows

https://support.microsoft.com/en-za/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Mar 25, 2024

Essential Tips for Mastering Microsoft Loop

In this episode, we're unravelling the mysteries of the latest Microsoft 365: Loop. Join us as we equip you with all the essential details to transform from a Loop novice to a Loop legend.

Feb 5, 2024

The power of Copilot: tips, tricks and real world wins

Join us as we explore the innovative world of Copilot, diving into its various versions, standout features, and the benefits they bring. Consider this episode your guide to integrating Copilot seamlessly into your organisation, equipped with essential tips on data governance and organisation-wide templates.

Oct 2, 2023

Navigating the Modern Management Maze: A Deep Dive into Intune and Autopilot

In this tech-packed conversation, we demystify the intricacies of modern management and unveil the power duo – Microsoft Intune and Windows Autopilot.

Blog

TLS

More information can be found here, or talk to ComputerWorld.

Read more of our blog posts below...

Define Tomorrow™

Our latest blog posts