Wednesday, January 12, 2022

Support Tip: Final disablement of TLS 1.0 and TLS 1.1 in Intune

Microsoft Intune has moved to support Transport Layer Security (TLS) 1.2+, as we communicated in previous message center posts and blog posts such as Intune moving to TLS 1.2 for encryption and Support Tip: How to update your Intune Exchange Connector to use TLS 1.2. Office 365 has also been communicating this change since 2018 across multiple channels, including these updated docs:


The majority of the service now connects through TLS 1.2+ to provide best-in-class encryption. A very small number of Intune customers received MC305713 recently. In that message, we describe the steps to take – below – to update your connection to TLS 1.2 for the Exchange Connector.


To ensure our service is more secure by default, we are continuing with the final steps to move fully to TLS 1.2+. If you have not yet updated your on-premises Intune Exchange connector to TLS 1.2, your connectivity to Intune and email access might be impacted.


How this will affect your organization

If you are still using an on-premises Intune Exchange connector with TLS 1.0, you will see the recent message center post MC305713 - Prevent/Fix: Update your Exchange Connector to support TLS 1.2 detailing this action item. Note that the Exchange connector overall is deprecated. However, starting on or soon after January 15th, we will roll out changes to remove connectivity below TLS 1.2. Since the Exchange connector works with Conditional Access, if you don’t update the connector, your users may not be appropriately blocked or allowed access to email based on the conditions you’ve defined.


What you need to do to prepare

Move to the Hybrid Modern Authentication, update to the latest Exchange connector, or use the registry setting change to move to TLS 1.2 for your connector. Inform your helpdesk so they can prepare for potential impact to email access.


Many Microsoft services, including Microsoft 365 and all associated apps, have moved to TLS 1.2 or are finalizing their last steps to be fully using TLS 1.2 and higher. For specific details, see Disabling TLS 1.0 and 1.1 for Microsoft 365 and Enable support for TLS 1.2 in your environment for Azure AD TLS 1.1 and 1.0 deprecation.


We will continue to update this post as new information becomes available. If you have questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter.

Posted at