When we made the switch to only TLS 1.2 login.microsoftonline.com
was not impacted as it was a case-by-case basis. We had to contact MS and have them explicitly disable TLS 1.x for our tenants. I would contact them to see for your case.
TLS 1.0, 1.1 deprecation. Is login.microsoftonline.com affected?
According to this announcement in a few weeks TLS 1.0, 1.1 are going to be disabled for:
- Azure AD Connect
- Azure AD PowerShell
- Azure AD Application Proxy connectors
- PTA agents
- Legacy browsers
- Applications that are integrated with Azure AD
It also says:
Make sure that applications and PowerShell (that use Microsoft Graph) and Azure AD PowerShell scripts are hosted and run on a platform that supports TLS 1.2.
but does not specify explicitly which endpoints are affected. My guess is that the endpoints include graph.microsoft.com.
What I am not sure about is if login.microsoftonline.com is affected, too. The login endpoint is used by our customers' apps authenticating with a client ID and a secret key (using AppRegistrations). Do they have to make sure that TLS 1.2 is enabled on their machines?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
1 answer
Sort by: Most helpful
-
Michael Taylor 60,336 Reputation points
2022-01-13T15:59:51.687+00:00