Azure support for TLS 1.0 and TLS 1.1

Question

Microsoft released the following announcement about TLS 1.0 and 1.1 end of support: https://azure.microsoft.com/en-us/updates/azure-support-tls-will-end-by-31-october-2024-2/

Old devices using TLS 1.0 (that cannot be upgraded) will continue to be able to send TLS 1.0 requests via ExpressRoute to Azure? Microsoft will eventually block TLS 1.0 traffic over its networks and on its VMs at the OS layer?

Answer 1

Hi,

There's no announcement/documentation of intent to block TLS 1.0 traffic flowing over Azure vNets. The vNet (or ExpressRoute) by itself isn't inspecting the traffic at that level so has no knowledge of TLS version being used.

Additionally, there's no announcement of intent to proactively start blocking TLS 1.0 on windows operating systems where it is already enabled. There is announcement for newer windows os versions that have TLS 1.0/1.1 blocked by default, but it can still be re-enabled even on these if needed.

TLS 1.0 and TLS 1.1 soon to be disabled in Windows

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/tls-1-0-and-tls-1-1-soon-to-be-disabled-in-windows/ba-p/3887947

Have not seen any announcements to block TLS 1.0 on Azure VMs in general (regardless of OS) either.

Please click Accept Answer and upvote if the above was helpful.

Thanks.

-TP