(Updated) Exchange Online: Retirement of legacy TLS versions for POP and IMAP connections

🚨 The Signal: Exchange Online will no longer support legacy TLS 1.0/1.1 for POP/IMAP connections from August 2026, requiring TLS 1.2 or higher. This enhances security by removing outdated encryption protocols.

The Impact

Organisations using legacy POP/IMAP clients will experience connection failures, increasing the risk of service disruption and potential data exposure if unpatched systems are forced to use weaker protocols.

  • Security Teams: Risk of unencrypted data if legacy clients are not updated.
  • Admins: Service disruption for users with outdated POP/IMAP clients.
  • Third-party vendors: May need to update their applications or devices.
  • Helpdesk: Increased support calls due to connection issues.

The Action

  1. Identify all POP/IMAP clients, applications, and devices connecting to Exchange Online.
  2. Verify that all identified clients support TLS 1.2 or a later version.
  3. Update or replace any clients, applications, or devices that rely on TLS 1.0 or TLS 1.1.
  4. Communicate changes and potential impact to helpdesk and operations teams.
  5. Validate TLS support with third-party vendors for their integrated solutions.

Domain: Exchange · Impact: high · Workload: Exchange Online