Microsoft will block legacy TLS 1.0/1.1 in Exchange Online by July 2026, forcing clients and services to adopt TLS 1.2+ for secure email access.
Outlook is heavily used in both enterprise and personal environments so it’s crucial that Microsoft keeps it updated according to current security and technology standards. We already know that the Redmond tech firm is modernizing some aspects of Outlook through the power of Copilot, the company has now announced some ways it is getting rid of legacy infrastructure too.
Microsoft has revealed that it is deprecating legacy versions of TLS, particularly TLS 1.0 and TLS 1.1 for POP3 and IMAP4 connections in Exchange Online. For those unaware, Outlook in most enterprise environments uses Exchange Online as the backend infrastructure, but some firms who prefer on-premises deployments tend to resort to Exchange Server.
Redmond says that it is making this decision to secure Exchange Online, since these legacy versions of the TLS protocol have been deprecated by most of the industry already. Most email and client libraries today use TLS 1.2 or higher, and the “vast majority” of Exchange Online traffic is routed through this technology too.
Microsoft will begin blocking these legacy connections starting from July 2026, so those who still utlize them will be directly impacted. As such, the company has recommended IT admins to validate that their related infrastructure is not connecting to these deprecated endpoints. Any affected service should be updated to use TLS 1.2 or higher as soon as possible. Keep in mind that Microsoft blocked legacy TLS back in 2023, but allowed customers to opt-in if they wanted to continue using it. However, this protocol is now being completely blocked in a couple of months.
It’s worth noting that Microsoft has been slowly phasing out legacy TLS across it services for quite some time. It was turned off in Internet Explorer in 2022, it’s been removed in Windows 11, and has been disabled across Azure services too. Microsoft believes that sending out this reminder about legacy TLS deprecation in Exchange Online will give customers enough time to prepare a migration plan to TLS 1.2 as well.
