Published May 25, 2021

Reminder: Azure Active Directory – Enable support for TLS 1.2 protocol to avoid service impact

Reference ID: MC258228 | Effective: March 31, 2021

MC258228 – Note: If you have already transitioned to TLS 1.2, you can safely disregard this message.

As previously announced Microsoft will soon begin to retire support for following protocols and ciphers, in Azure Active Directory:

  • TLS 1.1, TLS 1.0 , 3DES cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA)

These protocols and ciphers are being retired to improve security when users/services interact with Microsoft’s cloud services.

Multiple announcements have been made via public articles “What’s new in Azure Active Directory?” (Oct 2020, Nov 2020), emails to Azure subscription owners and Message center posts. This is a final reminder. 

Key points:

  • TLS 1.0, 1.1 and 3DES cipher suite in U.S. government instances starting on March 31, 2021 – on going in phases.
  • TLS 1.0, 1.1 and 3DES cipher suite in public instances starting June 30, 2021.

How this will affect your organization:

Applications that are communicating with or authenticating against Azure Active Directory, may not work as expected if they are NOT able to use TLS 1.2 to communicate.

What you need to do to prepare:

Use TLS 1.2 and modern cipher suites on client/server applications/OS, communicating with Azure Active Directory, for Azure workloads or Microsoft 365 services.

For more information/guidance related to this retirement, please refer to:

If you have any questions or concerns, please contact us.
Additional information

Help and support

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.