MC240160 – Updated May 12, 2021: Microsoft has updated this post with additional details and resources.
In the upcoming days, Microsoft will be completing the changes to disable TLS1.0/1.1 protocols for OneDrive and SharePoint in M365 as they have previously communicated via multiple Message Center posts. If you experience any of the following error messages, It might be related to this change. Please take immediate action to complete the remediation steps as soon as possible to avoid usage interruption. Here is a list of common error codes likely caused by incomplete remediation to prepare for the TLS enforcement change.
- Window 7 and Window 8 Machine or Window 2018 server OneDrive Sync Client error: 0x8004de40 when log in or try to connect via OneDrive. Error Code: 0x8004deb4 when signing in to OneDrive and Authentication errors when connecting to SharePoint or OneDrive from Windows 8 or 7
- Application error: System.Net.WebException: The underlying connection was closed: Preparing for TLS 1.2 in Office 365 and Office 365 GCC
- An existing connection was forcibly closed by the remote host: Preparing for TLS 1.2 in Office 365 and Office 365 GCC
- Connection disconnected: Unexpected error occurred when sending: Preparing for TLS 1.2 in Office 365 and Office 365 GCC
- Token request failed: Authentication errors occur when client doesn’t have TLS 1.2 support
- Authentication error: Authentication errors occur when client doesn’t have TLS 1.2 support
This message post is a reminder of the ongoing progress of retiring TLS 1.0 and TLS 1.1 protocols in Microsoft 365.
As previously communicated (MC126199 in Dec 2017, MC128929 in Feb 2018, MC186827 in July 2019, and MC218794 in July 2020), Microsoft is moving all their online services to Transport Layer Security (TLS) 1.2+ to provide best in class encryption, and to ensure our services is more secure by default. The changes to enforce TLS1.2+ in Microsoft’s service started on October 15, 2020 and will continue to propagate through all Microsoft 365 environments for the next few months. If you have not taken steps to prepare for this change, your connectivity to Microsoft 365 might be impacted.
Note: If your organization has already taken steps to migrate from TLS 1.0 and 1.1, you can safely disregard this message
- Major: Retirement of TLS1.0/1.1 protocols. All requests with TLS1.0/1.1 to Microsoft 365 will no longer work.
- Timing: Started October 15, 2020
- Action: update or replace client devices as appropriate
How this affects your organization:
Once this change takes effect, all connections to Microsoft 365 using the protocols TLS 1.0 and TLS 1.1 will no longer work. In addition, .NET applications executed using the .NET 4.5 runtime are a common set of applications that are impacted as .NET 4.5 defaults to TLS 1.1, however any application that calls into Microsoft 365 API’s using TLS 1.0 or TLS 1.1 will be impacted.
What you should do to prepare:
Update or replace clients and devices that rely on TLS 1.0 and 1.1 to connect to Microsoft 365.
- Please check additional information in TLS 1.0 and 1.1 deprecation for Office 365 – Microsoft 365 Compliance
Update and configure the .NET Framework to support TLS 1.2+.
- Please check additional information in How to enable Transport Layer Security (TLS) 1.2 on clients – Configuration Manager | Microsoft Docs