MC1155427 – M365 Change Digest

One-line summary

Microsoft 365 will enforce stricter TLS cipher suite policies, deprecating legacy suites without forward secrecy starting October 20, 2025; unsupported connections will fail.

Similar updates

Details

Summary

Microsoft 365 will deprecate legacy TLS cipher suites lacking forward secrecy on October 20, 2025, supporting only specified TLS 1.3 and 1.2 cipher suites. Organizations must update systems and configurations to maintain connectivity and security compliance.

Body (from Message Center)

[Introduction]

To strengthen encryption standards and uphold customer trust, Microsoft is deprecating support for legacy TLS cipher suites that do not offer forward secrecy. This change aligns with our ongoing commitment to security and data protection across Microsoft 365 services.

[When this will happen:]

Starting October 20, 2025, Microsoft 365 services will enforce stricter TLS cipher suite policies.

[How this affects your organization:]

Who is affected:

Admins managing Microsoft 365 services across commercial, GCC, and GCC High tenants.
Organizations using legacy operating systems or custom TLS configurations.

What will happen:

Microsoft 365 services will only support the following TLS cipher suites:

TLS 1.3
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
TLS 1.2
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Connections using deprecated cipher suites will fail.
Clients supporting at least one listed TLS 1.2 cipher suite will continue to connect.

[What you can do to prepare:]

Ensure all client systems are running supported operating systems that include the required cipher suites.
Upgrade legacy systems (e.g., Windows 8, Windows Server 2012) to supported versions.
Review and update Group Policy or security configurations to confirm required cipher suites are enabled.
Communicate this change to helpdesk and infrastructure teams.
Reference the following resources for configuration guidance:
- Manage Transport Layer Security (TLS)
- Technical reference details about encryption

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Raw JSON (for debugging)

Expand/collapse the full payload below.

Show/hide raw

{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": null,
    "ai_actions": [
      "Upgrade legacy client and server OS",
      "Enable required TLS cipher suites",
      "Update Group Policy/security configs",
      "Notify helpdesk and infrastructure teams"
    ],
    "ai_master_tags": [
      "Admin",
      "Security",
      "Network"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "Microsoft 365 will enforce stricter TLS cipher suite policies, deprecating legacy suites without forward secrecy starting October 20, 2025; unsupported connections will fail.",
    "ai_topics": [
      "Microsoft 365"
    ],
    "category": "planForChange",
    "details_map": {
      "Summary": "Microsoft 365 will deprecate legacy TLS cipher suites lacking forward secrecy on October 20, 2025, supporting only specified TLS 1.3 and 1.2 cipher suites. Organizations must update systems and configurations to maintain connectivity and security compliance."
    },
    "id": "MC1155427",
    "importance": 5,
    "is_major_change": true,
    "last_modified": "2025-09-18T23:48:54Z",
    "ms_products": [
      "Microsoft 365"
    ],
    "platforms": null,
    "roadmap_ids": [],
    "services": [
      "Microsoft 365 suite"
    ],
    "severity": "normal",
    "tags": [
      "User impact",
      "Admin impact",
      "Retirement"
    ],
    "title": "Legacy TLS cipher suites will be deprecated in M365 services on October 20, 2025"
  }
}