View All IT Announcements

IMPORTANT: Impact of major Microsoft change to Office 365 on March 1, 2018 on PennO365 service

Summary

Microsoft has announced that on March 31, 2018, it will disable support for TLS 1.0 and 1.1.  Following the change, combinations of operating system and browsers and/or email clients that are unable to use TLS 1.2 or later will not be able to connect to PennO365.  TLS is the protocol used to encrypt mail over the network.  Microsoft will be requiring the higher version of TLS to increase security.

Scope

Combinations of operating systems, browsers, and email clients that do not support TLS 1.2 or later will no longer be able to connect PennO365 after March 31.  At the University, common examples of systems and applications that will likely have issues following the change include:

  • Windows Vista and older
  • Mac OS X 10.9 Mavericks and older
  • Outlook 2010

ISC’s current supported operating systems, browsers, and email clients are compatible with TLS 1.2 and later.  PennO365 users on systems configured with a combination of the following will *not* be impacted by this change:

Operating Systems

  • Windows 10, Windows 8.1 Update, or Windows 7 SP1
  • macOS 10.13 High Sierra, macOS 10.12 Sierra, Mac OS X 10.11 El Capitan, or Mac OS X 10.10 Yosemite

Browsers

  • Windows: Firefox (current version), Firefox 52esr, Internet Explorer 11, Edge (version 38.14393 and above), or Chrome (current version)
  • macOS/OS X: Firefox (current version, Firefox 52esr, Safari 10.1 and above, or Chrome (current version)

Email Clients

  • Windows: Outlook 2016 or Outlook 2013 SP1
  • macOS/OS X: Outlook 2016 for Mac, Outlook 2011, or Apple Mail 8.2 and above

NOTE: All of the above should be fully patched or updated to ensure there are no issues connecting to PennO365 after March 1.

Lastly, Mobile devices running iOS 5 and later or Android 4.4 or later are compatible with TLS 1.2 and later and will not be impacted by this change.  Devices running older versions of the operating systems will likely have issues connecting to PennO365 following the change.

Preparing for TLS Change

Users of operating system and email client combinations that will no longer be able to connect to PennO365 following the change will be need to be updated.  Operating systems will need to upgraded to the latest version of Windows 7, Windows 10, or macOS.  Email clients will need to be updated to the latest version of Outlook 2016, Outlook 2016 for Mac, or Outlook 2013.  ISC strongly recommends that all PennO365 users operate the latest version of Outlook 2016 or Outlook 2016 for Mac. 

There are no mechanisms within PennO365 to create reports of which of our users are currently using TLS 1.0 or TLS 1.1.  However, if needed or desired, LSPs can determine the version of TLS by viewing the full mail headers of sent messages.  Here is an example of a line from the mail header which contains the TLS version information:

Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

To view message headers in OOTW:

  1. Log into portal.office.com
  2. Go to Mail.
  3. Select the message that you want to view the headers of.
  4. Within the preview pane (towards the right-hand side of the screen), click on the down arrow next to the 'Reply' context menu and select View message details. The 'Message details' window will appear containing the header information of the message.

To view message headers in Outlook, please see:

https://support.office.com/en-us/article/view-e-mail-message-headers-cd039382-dc6e-4264-ac74-c048563d212c

TLS versions and compatibility in browsers can be checked by viewing details of a secure HTTPS connection (in most browsers, visible by clicking on the lock icon in the URL) though there are several browser TLS compatibility testers available online as well. One popular such tester is available here:

https://www.ssllabs.com/ssltest/viewMyClient.html

Resources

Deploying Office 365 ProPlus in PennO365 Environment:

https://www.isc.upenn.edu/how-to/deploying-office-365-proplus

ISC’s Current Supported Computing Products:

https://www.isc.upenn.edu/how-to/current-supported-computing-products

Preparing for the mandatory use of TLS 1.2 in Office 365:

https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365

Downloadable Microsoft whitepaper containing a list of operating system, email client, and browsers compatible with TLS 1.2 and later:

https://www.isc.upenn.edu/how-to/deploying-office-365-proplus-penno365-environment