Skip to main content
🦉
Message CenterMicrosoft 365 Updates
HomePermissionsTenant FinderPortfolio
🦉
M365 Message Centerby Cengiz YILMAZ

Track the latest updates, features, and announcements for Microsoft 365 services. Comprehensive archive of service updates and important changes.

Quick Links

HomePermissionsTenant FinderPortfolio

Connect

© 2026 M365 Message Center. Created with ❤️ by Cengiz YILMAZ

Data sourced from Microsoft 365 Message Center • Not affiliated with Microsoft

  1. Home
  2. /
  3. MC1155427

Legacy TLS cipher suites will be deprecated in M365 services on October 20, 2025

Plan for Change
Major Change

Message ID

MC1155427
View in Admin Center

Services

Microsoft 365 suite

Summary

Microsoft 365 will deprecate legacy TLS cipher suites lacking forward secrecy on October 20, 2025, supporting only specified TLS 1.3 and 1.2 cipher suites. Organizations must update systems and configurations to maintain connectivity and security compliance.

Details

Introduction

To strengthen encryption standards and uphold customer trust, Microsoft is deprecating support for legacy TLS cipher suites that do not offer forward secrecy. This change aligns with our ongoing commitment to security and data protection across Microsoft 365 services.

When this will happen:

Starting October 20, 2025, Microsoft 365 services will enforce stricter TLS cipher suite policies.

How this affects your organization:

Who is affected:

  • Admins managing Microsoft 365 services across commercial, GCC, and GCC High tenants.
  • Organizations using legacy operating systems or custom TLS configurations.

What will happen:

  • Microsoft 365 services will only support the following TLS cipher suites:
    • TLS 1.3
      • TLS_AES_256_GCM_SHA384
      • TLS_AES_128_GCM_SHA256
    • TLS 1.2
      • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
      • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    • Connections using deprecated cipher suites will fail.
    • Clients supporting at least one listed TLS 1.2 cipher suite will continue to connect.
What you can do to prepare:

  • Ensure all client systems are running supported operating systems that include the required cipher suites.
  • Upgrade legacy systems (e.g., Windows 8, Windows Server 2012) to supported versions.
  • Review and update Group Policy or security configurations to confirm required cipher suites are enabled.
  • Communicate this change to helpdesk and infrastructure teams.
  • Reference the following resources for configuration guidance:
    • Manage Transport Layer Security (TLS)
    • Technical reference details about encryption
Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

Timeline

📅
Published
Sep 18, 2025
Message published to Message Center
✏️
Updated
Sep 18, 2025
Message content updated
🏁
End Date
Dec 29, 2025
Message timeline ends

Tags

#User impact#Admin impact#Retirement

Category

📋Plan for Change

Related Messages

Similar updates

MC1158908●

(Update)Support for Events from email in Outlook is changing—Schema.org markup required for reliable calendar extraction

Sep 24, 2025
MC1154299●

Reminder - Support for Office 2016, Office 2019, and additional apps will end on October 14, 2025

Sep 16, 2025
MC1182696●

Microsoft Defender: Application Guard for Office is being removed

Nov 4, 2025
MC1184647

Retirement of Assignments and Courses adaptive card extensions (ACE) in Viva Connections and SharePoint

Nov 11, 2025
MC1163760●

New support for HR and employee profile data in Microsoft 365 Copilot connectors

Oct 1, 2025