Get ready to upgrade your email, web browsers, and more
By Ken Michael
With security at the forefront and changes in regulatory requirements, Microsoft has announced that it is updating its security requirements. What this means for businesses as well as individuals is that it is time to make some upgrades to everything from exchange servers to mobile devices in order to prevent issues with your email and accessing Office 365 services.
Microsoft wants businesses, organizations, and individuals across the board to stop using the Transport Layer Security (TLS) 1.0 and 1.1 protocols. The technology giant has even given Office 365 users a deadline of Oct. 31, 2018, warning them to prepare for the mandatory use of TLS 1.2 in the program. According to the Microsoft Support Summary, the change is being implemented to support the company’s “promise to provide best-in-class encryption” to its customers.
What Does It All Mean?
Transport Layer Security is the language that software uses to “talk” to one another through encrypting and translating messages. For example, if you send an email to someone, it is encrypted before traveling through the internet. The message then interfaces with other systems such exchange servers, web browsers, workstation operating systems, and/or server operating systems where it is “decoded,” for lack of a better term. If the recipient checks their email on their smartphone or tablet, it must also connect smoothly with those mobile devices.
If the TLS is a different generation between web browsers or servers, say the old 1.0 version versus the new 1.2 version, then you will be unable to web-browse to Office 365 services or an on-premises Exchange Server won’t be able to communicate with Office 365 hosted exchange. The two endpoints will be “speaking” different languages and the encryption process won’t work. Thus, all of these pieces of the IT puzzle must now employ TLS 1.2 prior to Oct. 31 or your access and email will likely come to a screeching halt.
Though Microsoft is reporting most services/endpoints use little of the TLS 1.0 and 1.1 protocols, it is important that everyone double check what they are using. If your business is utilizing any on-premises infrastructure with hybrid scenarios or Active Directory Federation Services, you’ll want to ensure your infrastructure can support both inbound and outbound connections that employ TLS 1.2.
The following clients have been identified as those who are definitely impacted by the new TLS protocol:
• Android 4.3 and earlier versions
• Firefox version 5.0 and earlier versions
• Internet Explorer 8-10 on Windows 7 and earlier versions
• Internet Explorer 10 on Win Phone 8.0
• Safari 6.0.4/OS X10.8.4 and earlier versions
• Exchange Servers 2007 and below will need to be upgraded to new versions of Exchange Server in order to send email via SMTP to Office 365 services.
• Exchange Servers 2010 and later versions will need to get the latest Exchanger Server patches to ensure no loss of access.
Why All the Fuss?
The older version of TLS 1.0 has some security issues that could lead to a system breach and the loss of proprietary data. In addition, regulatory requirements have changed over the years leading to more stringent security measures being implemented. The new TLS 1.2 will address not only the security flaws in the older protocol but will also meet today’s more stringent security regulations. The new protocol simply adds better security for businesses and individuals alike which is important given that the cost of cybercrime in 2017 exceeded $600 billion globally.
What to Do
First, your business or organization will need to scan your IT environment to determine if and where the older TLS protocols are being used. Be aware they may even be hardcoded into software applications so upgrades or plugins may need to be employed. The underlying operating system may require an upgrade to a version that uses the new TLS 1.2.
Your business may not necessarily have to disable your TLS 1.0 or 1.1 versions to upgrade to 1.2. You simply must enable TLS 1.2 and use it when communicating with Office 365 to prevent communication issues. You’ll want to confirm that TLS 1.2 is operational in supported exchange server deployments once you have made the upgrade.
There is an exception to the disabling of TLS 1.0 and 1.1. Anyone using Windows 7 connected to Office 365 will need to ensure that TLS 1.2 is the default secure protocol in WinHTTP in Windows.
For further guidance in getting ready to make the transition to TLS 1.2, check out this Microsoft article or contact Dox at (585) 473-7766 for assistance. Our experts are available to ensure your business continuity and continued success.