Legacy TLS cipher suites will be deprecated in M365 services on October 20, 2025 [MC1155427]

Message ID: MC1155427

[Introduction]

To strengthen encryption standards and uphold customer trust, Microsoft is deprecating support for legacy TLS cipher suites that do not offer forward secrecy. This change aligns with our ongoing commitment to security and data protection across Microsoft 365 services.

[When this will happen:]

Starting October 20, 2025, Microsoft 365 services will enforce stricter TLS cipher suite policies.

[How this affects your organization:]

Who is affected:

• Admins managing Microsoft 365 services across commercial, GCC, and GCC High tenants.
• Organizations using legacy operating systems or custom TLS configurations.

What will happen:

• Microsoft 365 services will only support the following TLS cipher suites:
• TLS 1.3
  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256
• TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• Connections using deprecated cipher suites will fail.
• Clients supporting at least one listed TLS 1.2 cipher suite will continue to connect.

[What you can do to prepare:]

• Ensure all client systems are running supported operating systems that include the required cipher suites.
• Upgrade legacy systems (e.g., Windows 8, Windows Server 2012) to supported versions.
• Review and update Group Policy or security configurations to confirm required cipher suites are enabled.
• Communicate this change to helpdesk and infrastructure teams.
• Reference the following resources for configuration guidance:
  • Manage Transport Layer Security (TLS)
  • Technical reference details about encryption

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Source: Microsoft

Latest Posts