GoKawiilMicrosoft says it will start blocking legacy TLS connections for POP and IMAP email clients in Exchange Online starting in July 2026.
The Transport Layer Security (TLS) cryptographic protocol protects users' information from eavesdropping, tampering, and message forgery when accessing email over the Internet via client/server applications.
However, the original TLS 1.0 specification and its TLS 1.1 successor have been in use for over two decades, with TLS 1.0 initially introduced in 1999 and TLS 1.1 in 2006, and are now considered outdated and insecure for encrypting traffic.
As Microsoft explained on Monday, most users won't be affected by this change since the vast majority of POP and IMAP traffic to Exchange Online today uses TLS 1.2 or higher, and modern email clients already support these newer protocols.
"We're planning to fully deprecate support for legacy TLS versions (TLS 1.0 and TLS 1.1) for POP3 and IMAP4 connections to Exchange Online. These older TLS versions have been industry‑deprecated for some time and are no longer considered secure," Microsoft said.
"Several years ago we started the move to block these older versions, but we did allow you to use them by opting-in, we're now removing support for them entirely. Our expectation is that only customers who have explicitly opted into using those legacy endpoints are impacted by the deprecation we are announcing today."
What will happen after TLS1.0/11 gets deprecated, according to a Monday message center update:
POP3 and IMAP4 connections will require TLS 1.2 or later.
TLS 1.2 or later. Connections using TLS 1.0 or TLS 1.1 will fail.
Legacy applications or devices may stop connecting.
... continue reading