<b>Description</b>:<br>To strengthen encryption standards and uphold customer trust, Microsoft is deprecating support for legacy TLS cipher suites that do not offer forward secrecy. This change aligns with our ongoing commitment to security and data protection across Microsoft 365 services.<br><b></b><br><b><font>How this affects your organization:</font></b><br><b>Who is affected:</b><ul><li>Admins managing Microsoft 365 services across commercial, GCC, and GCC High tenants.</li><li>Organizations using legacy operating systems or custom TLS configurations.</li></ul><b>What will happen:</b><br><ul><li>Microsoft 365 services will only support the following TLS cipher suites:</li></ul><ul><li><ul><li>TLS 1.3<ul><li>TLS_AES_256_GCM_SHA384</li><li>TLS_AES_128_GCM_SHA256</li></ul></li></ul></li></ul><ul><li><ul><li>TLS 1.2<ul><li>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</li><li>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</li><li>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</li><li>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</li></ul></li><li><u>Connections using deprecated cipher suites will fail.</u></li><li><u>Clients supporting at least one listed TLS 1.2 cipher suite will continue to connect.</u></li></ul></li></ul><b>What you can do to prepare:</b><br><ul><li>Ensure all client systems are running supported operating systems that include the required cipher suites.</li><li>Upgrade legacy systems (e.g., Windows 8, Windows Server 2012) to supported versions.</li><li>Review and update Group Policy or security configurations to confirm required cipher suites are enabled</li></ul><span><b></b></span><br><b>Performed by:</b><br>Microsoft Corporation