Legacy TLS tour continues with Exchange Online blocking old versions from July 2026

Microsoft readies the axe once again for yesterday's security

by · The Register

Microsoft has warned users still clinging to legacy TLS versions that the end is nigh for TLS 1.0 and 1.1 on POP3 and IMAP4 connections to Exchange Online.

Redmond warned, "We will start to block legacy version connections starting in July 2026."

The move is long overdue, and the Windows giant has been warning users for years that it was coming. Support for TLS 1.0 and 1.1 in Exchange Online ended in 2020. In 2023, Microsoft announced plans to disable those older TLS versions for POP3 and IMAP4 clients in the name of compliance and security, but acknowledged that there was a "significant" number of POP3/IMAP4 clients that didn't support TLS 1.2 or later, and so added an endpoint for clients to opt to keep using the legacy protocols.

It was, however, very much an opt-in thing, and in July 2026, the time will run out.

Transport Layer Security (TLS) dates back decades. 1.0 was published in 1999, and 1.1 in 2006. Both were deprecated in 2021, and Microsoft stated that they "are no longer considered secure."

However, Microsoft is also famous for backward compatibility, and has historically taken a very cautious approach when it comes to switching off services that might make its corporate customers shriek. Hence, Redmond kept the lights on for TLS 1.0 and 1.1, even considering the inherent insecurity of the technology.

Microsoft expects minimal impact from the change. The company wrote, "Modern email clients and libraries already support TLS 1.2 or higher."

"And the vast majority of POP and IMAP traffic to Exchange Online today uses these newer protocols."

Google Workspace still supports TLS 1.0 and 1.1, according to its documentation, although it would be prudent for users to select a more recent protocol, assuming that their client supports it. However, Google's browser tentacle, along with the likes of Firefox and Edge, announced that the legacy protocols were not long for this world in 2018.

The Exchange Online switch-off for TLS 1.0 and 1.1 has been a long time coming, but there could still be disruption despite the protocols' relatively low usage. Legacy devices or software, for example, might stop working as connections fail.

As far as Microsoft is concerned, "Our expectation is that only customers who have explicitly opted into using those legacy endpoints are impacted by the deprecation."

So, anyone using Exchange Online who opted into the legacy protocols should check how their email clients are connecting, or risk summer support calls if things start failing in July. ®

Microsoft opens door to the past by releasing 86-DOS and PC-DOS 1.00Antiques code show: Back to a time when source repositories were printouts and commits were hand-written notesRichard Speed, 29 Apr 2026Microsoft's GitHub shifts to metered AI billing amid cost crisis: The all-you-can-eat AI buffet is coming to an endThomas Claburn, 28 Apr 2026Microsoft Outlook for iOS still down and out for many after 'service change': Sign-in failures, unexpected sign-outs... just another day for usersRichard Speed, 28 Apr 2026OpenAI jumps out of Microsoft's bed, into Amazon's Bedrock: Altman's gaggle of GPTs now available in limited preview in an AWS region near youTobias Mann, 28 Apr 2026