MC1155427 – Legacy TLS cipher suites will be deprecated in M365 services on October 20, 2025

Product:

Microsoft 365 suite, Windows, Windows Server

Platform:

Online, US Instances, Windows Desktop, World tenant

Status:

Change type:

User impact, Admin impact, Retirement

Links:

Details:

Summary:
Microsoft 365 will deprecate legacy TLS cipher suites lacking forward secrecy on October 20, 2025, supporting only specified TLS 1.3 and 1.2 cipher suites. Organizations must update systems and configurations to maintain connectivity and security compliance.

Details:
[Introduction]
To strengthen encryption standards and uphold customer trust, Microsoft is deprecating support for legacy TLS cipher suites that do not offer forward secrecy. This change aligns with our ongoing commitment to security and data protection across Microsoft 365 services.
[When this will happen:]
Starting October 20, 2025, Microsoft 365 services will enforce stricter TLS cipher suite policies.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-09-19

updated:
2025-09-19

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Connection Failures
Connections using deprecated cipher suites will fail, leading to service disruptions for users.
   - roles: IT Admin, End User
   - references: https://learn.microsoft.com/purview/technical-reference-details-about-encryption?view=o365-worldwide

Increased Support Tickets
Helpdesk teams may experience a surge in support tickets due to connectivity issues from unsupported cipher suites.
   - roles: Helpdesk Support, IT Admin
   - references: https://learn.microsoft.com/windows-server/security/tls/manage-tls

Compliance Risks
Organizations may face compliance risks if they fail to update systems to meet new TLS standards, potentially leading to data breaches.
   - roles: Compliance Officer, IT Admin
   - references: https://learn.microsoft.com/purview/technical-reference-details-about-encryption?view=o365-worldwide

User Experience Degradation
Users on legacy systems may experience degraded performance or inability to access services, impacting productivity.
   - roles: End User, IT Admin
   - references: https://learn.microsoft.com/windows-server/security/tls/manage-tls

Increased Downtime
Legacy systems that are not updated may lead to increased downtime for critical services, affecting overall business operations.
   - roles: IT Admin, Business Operations Manager
   - references: https://learn.microsoft.com/purview/technical-reference-details-about-encryption?view=o365-worldwide

Configutation Options**

XXXXXXX ... paid membership only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

Microsoft is making a change to its Microsoft 365 services by phasing out older encryption methods, known as legacy TLS cipher suites, by October 20, 2025. This is similar to how a city might decide to replace older streetlights with newer, more efficient LED lights. The old lights might still work, but the new ones are brighter, more energy-efficient, and better for the environment. In the same way, the new encryption methods are more secure and better protect data.

TLS, or Transport Layer Security, is like a secret code that keeps online communications private and secure. Imagine it as a special lock on a diary that only the owner and trusted friends can open. The older cipher suites are like locks that are easier to pick, while the newer ones are much more secure, making it harder for unauthorized people to access the information.

Organizations using Microsoft 365 need to ensure their systems are compatible with these new "locks." This means updating software and configurations to support the new encryption methods. It's like making sure all the doors in a building have the new, more secure locks installed before the old ones are phased out.

For those managing IT systems, this means checking that all computers and servers are running software versions that support the new encryption. If any systems are using older versions, like Windows 8 or Windows Server 2012, they will need to be upgraded. It's similar to upgrading an old car to meet new emission standards.

By preparing for this change, organizations can ensure they continue to connect securely to Microsoft 365 services without interruption. It's a proactive step to maintain security and trust, much like how a city invests in new infrastructure to keep its residents safe and secure.