MC258228: Azure Active Directory – Enable support for TLS 1.2 protocol to avoid service impact

As previously announced Microsoft will soon begin to retire support for following protocols and ciphers, in Azure Active Directory:

  • TLS 1.1, TLS 1.0 , 3DES cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA)

These protocols and ciphers are being retired to improve security when users/services interact with Microsoft’s cloud services.

Multiple announcements have been made via public articles “What’s new in Azure Active Directory?” (Oct 2020, Nov 2020), emails to Azure subscription owners and Message center posts. This is a final reminder.

Updated June 22, 2021: Microsoft has extended the rollout timeline below. Thank you for your patience.

Note: If you have already transitioned to TLS 1.2, you can safely disregard this message.

MC258228: Azure Active Directory – Enable support for TLS 1.2 protocol to avoid service impact

Key points

  • TLS 1.0, 1.1 and 3DES cipher suite in U.S. government instances starting on March 31, 2021 – on going in phases.
  • TLS 1.0, 1.1 and 3DES cipher suite in public instances starting January 31, 2022. (This date has been postponed from 30th June 2021 to 31st Jan 2022, to give Administrators more time to remove the dependency on legacy TLS protocols and ciphers (TLS 1.0,1.1 and 3DES)).

How this will affect your organization

Applications that are communicating with or authenticating against Azure Active Directory, may not work as expected if they are NOT able to use TLS 1.2 to communicate.

What you need to do to prepare

Use TLS 1.2 and modern cipher suites on client/server applications/OS, communicating with Azure Active Directory, for Azure workloads or Microsoft 365 services.

For more information/guidance related to this retirement, please refer to:

If you have any questions or concerns, please contact us.

Message ID: MC258228
Effective: January 31, 2022