(Updated) Exchange Online: Retirement of legacy TLS versions for POP and IMAP connections
🚨 The Signal: Exchange Online will no longer support legacy TLS 1.0/1.1 for POP/IMAP connections from August 2026, requiring TLS 1.2 or higher. This enhances security by removing outdated encryption protocols.
The Impact
Organisations using legacy POP/IMAP clients will experience connection failures, increasing the risk of service disruption and potential data exposure if unpatched systems are forced to use weaker protocols.
- Security Teams: Risk of unencrypted data if legacy clients are not updated.
- Admins: Service disruption for users with outdated POP/IMAP clients.
- Third-party vendors: May need to update their applications or devices.
- Helpdesk: Increased support calls due to connection issues.
The Action
- Identify all POP/IMAP clients, applications, and devices connecting to Exchange Online.
- Verify that all identified clients support TLS 1.2 or a later version.
- Update or replace any clients, applications, or devices that rely on TLS 1.0 or TLS 1.1.
- Communicate changes and potential impact to helpdesk and operations teams.
- Validate TLS support with third-party vendors for their integrated solutions.
Domain: Exchange · Impact: high · Workload: Exchange Online