Microsoft will start removing access within O365 and Exchange Online for connectivity using TLS versions 1.0 and 1.1 on 15 October 2020. This means any clients, devices, or services that connect to Office 365 through TLS 1.0 or 1.1 will stop working.
To ensure that there is no impact, all client machines and applications using NHSmail must support TLS 1.2.
What are we asking you to do?
It is important that you carry out a review of your organisation’s use of TLS and upgrade to supported versions where appropriate. The links to external resources below will support you in your review.
Guidance and resources
- Microsoft guidance on TLS deprecation. An overview of TLS 1.0 and 1.1 deprecation.
- Microsoft whitepaper on solving the TLS 1.0 problem. This provides guidance on identifying and removing TLS 1.0 dependencies in software built on top of Microsoft operating systems.
- Guidance on how to check and enforce what version of TLS your browser is using:
- How to enable TLS 1.2 on clients – A Microsoft guide to enabling TLS 1.2 on windows operating systems.
- Microsoft guidance on group policy configuration. TLS can be set via group policy so that TLS 1.0 and 1.1 can be disabled to test the outcome for a subset of users on applications, workflows, functions, tasks etc.Note: It is only Office 365 and NHSmail traffic that needs to be assessed as it is Office 365/ Exchange Online that Microsoft are deprecating TLS 1.0/1.1 support for.
- Handshake simulation at Qualys SSL Labs. This determines which version of TLS will be requested by various clients when connecting to your online services. The simulation covers client OS/browser combinations across manufacturers.