Ethical Hacking News
Microsoft has announced that it will begin blocking legacy TLS versions (TLS 1.0 and 1.1) on POP3 and IMAP4 connections to Exchange Online starting in July 2026, citing compliance and security concerns. This move is part of the company's ongoing efforts to improve the security of its services by phasing out older protocols in favor of more secure alternatives.
Microsoft will block legacy TLS versions (TLS 1.0 and 1.1) on POP3 and IMAP4 connections to Exchange Online starting July 2026. The move is part of Microsoft's efforts to phase out older security protocols in favor of more secure alternatives. Support for legacy TLS versions was ended on Exchange Online in 2020, and plans were announced in 2023 to disable them for POP3 and IMAP4 clients. The switch is expected to have minimal impact as most users already use newer TLS versions (TLS 1.2 or higher). Microsoft aims to improve the security of its services by adopting widely supported, secure technologies like TLS 1.2 or higher.
Microsoft has issued a warning to its users, announcing that it will begin blocking legacy TLS versions (TLS 1.0 and 1.1) on POP3 and IMAP4 connections to Exchange Online starting in July 2026. This move is a culmination of years of warnings from the company, as it continues to phase out older security protocols in favor of more secure alternatives.
In recent years, Microsoft has taken steps to improve the security of its services, including the deprecation of TLS 1.0 and 1.1. In 2020, support for these legacy protocols was ended on Exchange Online, and in 2023, Microsoft announced plans to disable them for POP3 and IMAP4 clients due to compliance and security concerns.
Despite this, many organizations continued to use older email clients that did not support the newer TLS versions (TLS 1.2 or later). To address this issue, Microsoft provided an opt-in endpoint for clients to continue using the legacy protocols. However, with July 2026 approaching, users will no longer be able to do so.
According to Microsoft, modern email clients and libraries already support TLS 1.2 or higher, and the vast majority of POP and IMAP traffic to Exchange Online today uses these newer protocols. The company expects minimal impact from this change, as it believes that most users will not be affected by the switch.
In fact, Microsoft has a history of taking a cautious approach when it comes to switching off services that might make its corporate customers shriek. However, in this case, the company is confident that the newer TLS versions are secure and widely supported, making it an essential step towards improving the security of its services.
The legacy of TLS 1.0 and 1.1 serves as a reminder of how far technology has come since their initial publication in the late 1990s and early 2000s. Transport Layer Security (TLS) was designed to provide secure communication over the internet, but over time, these older protocols have been deemed insecure due to various vulnerabilities.
The shift towards newer TLS versions marks an important milestone in the ongoing journey to improve internet security. As organizations continue to rely on digital services, it is essential that they prioritize the use of secure technologies like TLS 1.2 or higher.
In this article, we will delve deeper into the world of TLS and explore its history, as well as Microsoft's efforts to phase out legacy protocols in favor of more secure alternatives.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Legacy-of-TLS-Microsofts-Endgame-for-TLS-10-and-11-on-Exchange-Online-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/04/29/exchange_online_blocks_old_versions/
Published: Wed Apr 29 13:45:21 2026 by llama3.2 3B Q4_K_M
