TLS 1.0, 1.1 deprecation. Is login.microsoftonline.com affected?

Jędrzej Grabowski 1 Reputation point
2022-01-13T13:35:05.337+00:00

According to this announcement in a few weeks TLS 1.0, 1.1 are going to be disabled for:

  • Azure AD Connect
  • Azure AD PowerShell
  • Azure AD Application Proxy connectors
  • PTA agents
  • Legacy browsers
  • Applications that are integrated with Azure AD

It also says:

Make sure that applications and PowerShell (that use Microsoft Graph) and Azure AD PowerShell scripts are hosted and run on a platform that supports TLS 1.2.

but does not specify explicitly which endpoints are affected. My guess is that the endpoints include graph.microsoft.com.
What I am not sure about is if login.microsoftonline.com is affected, too. The login endpoint is used by our customers' apps authenticating with a client ID and a secret key (using AppRegistrations). Do they have to make sure that TLS 1.2 is enabled on their machines?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

1 answer

Sort by: Most helpful
  1. Michael Taylor 60,336 Reputation points
    2022-01-13T15:59:51.687+00:00

    When we made the switch to only TLS 1.2 login.microsoftonline.com was not impacted as it was a case-by-case basis. We had to contact MS and have them explicitly disable TLS 1.x for our tenants. I would contact them to see for your case.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.