Exchange Online relies on successful TLS negotiations and certificates to identify and use the correct inbound connector. However, your on-premises or partner email servers are easily identified because their connections to and from Exchange Online use mail flow connectors. Third-party email servers sending and receiving email to and from our customers are normally beyond our control (or even the control of our customers). Emails between your on-premises or partner email servers and Exchange Online These reports can be found in the Security and Compliance Center under the Mail Flow Dashboard. You can use these reports to help determine which clients and servers are still using TLS1.0 and TLS1.1 to connect to the various email protocol endpoints in Exchange Online. To help you identify if your organization is contributing to those numbers, we have developed several reports for Exchange Online. These are likely old printers or legacy applications that either have not or cannot be updated to use TLS1.2. For the SMTP Auth protocol, just less than 50% of connections are still using TLS1.0. Even worse are the legacy SMTP Auth client submissions that are used by multi-function printers and applications that need to send email. For example, over 10% of connections from customer on-premises email servers and devices still use TLS1.0. There are certain scenarios where TLS is mandatory, and if TLS1.0 is turned off in Exchange Online, mail flow will be affected. In most cases, TLS usage is optional for messages that are sent and received on the internet.
For inbound and outbound connections with email servers and devices that are exposed to the internet, TLS1.0 usage is still around 5%. Therefore, we urge you to be proactive by verifying TLS1.2 support for all of your email clients and servers as soon as possible. In the case of SS元.0, we disabled it in the service just over a month after the compromise was disclosed. Should TLS1.0 be compromised, we will have to act quickly to disable it in our service to protect our customers. That said, we are working towards disabling these TLS versions for Exchange Online endpoints. While 3DES is currently in the process of being disabled, there is no date set for disabling TLS1.0 and TLS1.1. As a result, TLS1.0, TLS1.1, and 3DES were deprecated in the Office 365 service. Microsoft is committed to enforcing the best security for our services. These dates are subject to change so please consult the links above for the latest information. The date for Office 365 GCC-High and DOD customers is January 2020 and more information can be found here. As things stand, the date for Office 365 WW and GCC customers is June 2020. UPDATE: The dates for disabling of TLS1.0 and TLS1.1 in Office 365 have been set.
0 kommentar(er)
