Microsoft to Block Legacy TLS Versions in Exchange Online Starting July 2026
Severity: Low (Score: 30.9)
Sources: Bleepingcomputer, knowledge.workspace.google.com, Theregister
Summary
Microsoft announced that it will block legacy TLS 1.0 and 1.1 connections for POP3 and IMAP4 clients accessing Exchange Online starting July 2026. This decision follows years of warnings about the insecurity of these older protocols, which were initially deprecated in 2021. The majority of users are expected to be unaffected as most email traffic currently uses TLS 1.2 or higher. However, users who have opted into using legacy endpoints may experience disruptions if they do not update their email clients. Microsoft has advised users to ensure their applications support modern TLS versions to avoid connectivity issues. The change is part of a broader initiative to enhance security against potential eavesdropping and tampering. While the legacy protocols have been largely phased out, some users may still rely on outdated systems that could fail after the deprecation. The company emphasizes that only those who explicitly opted into legacy protocols will be impacted. Key Points: • Microsoft will block TLS 1.0 and 1.1 for Exchange Online starting July 2026. • Most users are not expected to be affected as they already use TLS 1.2 or higher. • Users must update their email clients to avoid disruptions in service.
Key Entities
- Gmail (tool)
- Google Admin Console (platform)
- Google Workspace (platform)