From October 20, 2025, Microsoft will no longer support TLS cipher suites that don’t offer forward secrecy. Only modern TLS 1.3 and TLS 1.2 cipher suites will stay supported, which means older, weaker encryption methods will stop working.
- If you’re running legacy OS versions (like Windows 8 or Server 2012) or have custom TLS configs, connections may fail.
- Microsoft 365 services will only allow these cipher suites going forward:
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
So, before Oct 20, 2025, our deadline date gets near:
- Make sure your systems run supported OS versions.
- Double-check Group Policy or security configs so the required cipher suites are enabled.
- Loop in your infra/helpdesk teams early so no one gets surprised.
I see this as a strong step from Microsoft to push everyone toward better encryption and stronger data protection.
Found the announcement here: https://admin.microsoft.com/Adminportal/Home#/MessageCenter/:/messages/MC1155427