Exchange Online – New endpoint for SMTP AUTH clients still using TLS 1.0 or TLS 1.1; act before 2022

If you use Office 365 and Exchange Online, you should already know that support for TLS 1.0 and TLS 1.1 has ended in October 2020.

While the support of these legacy TLS protocols has ended, this is still in use and available for connection.

Starting 2022, TLS 1.0 and TLS 1.1 will be completely disabled on Exchange Online.

If you are still using clients which can not support TLS 1.2 connection you will need to opt-in for new endpoint being made available for these legacy client using the Exchange Online PowerShell (available here https://www.powershellgallery.com/packages/ExchangeOnlineManagement/)

Connect-ExchangeOnline

Set-TransportConfig -AllowLegacyTLSClients $true

image

Then you have to reconfigure these legacy client to use the new endpoint smtp-legacy.office365.com

To help you identify these legacy clients use the Mail Flow dashboard and report SMTP Auth Clients, which has been available for quite some time now, from the Security & Compliance portal (https://protection.office.com/mailflow/dashboard)

image  image

or you can also use the TLS 1.0/1.1 report available from the Service Trust portal (https://servicetrust.microsoft.com/AdminPage/TlsDeprecationReport/Download)

If you have not reconfigured your legacy endpoints to use the new endpoint smtp-legacy.office.com, you will get the following rejection error

421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2. Visit https://aka.ms/smtp_auth_tls