Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft is enhancing security by disabling TLS versions 1.0 and 1.1 as communicated on November 10, 2023. While the Microsoft implementation of TLS 1.0 and TLS 1.1 versions isn't known to have vulnerabilities, TLS 1.2 or later versions provide improved security features, including perfect forward secrecy and stronger cipher suites. This change helps protect customer data and ensures compliance with industry standards.
Microsoft Entra Domain Services supports TLS versions 1.0 and 1.1, but they're disabled by default. Domain Services will use the following retirement path for TLS versions 1.0 and 1.1:
- Domain Services will remove the ability to disable TLS 1.2 Only Mode. Customers who disable TLS 1.2 Only Mode can enable it.
- After Domain Services removes the ability to disable the TLS 1.2 Only Mode, customers can't change the setting.
You can use the Azure portal or PowerShell to enable TLS 1.2 Only Mode.
- In the Azure portal, search for Domain Services, and select your Domain Services instance.
- Select Security Settings.
- If TLS 1.2 Only Mode is set to Disable, the instance enables TLS versions 1.0 and 1.1. Set TLS 1.2 Only Mode to Enable, and then click Save.
This change may take about 10 minutes to complete as domain security updates are enforced.
Troubleshooting
If the steps to enable TLS 1.2 Only Mode fail, open an Azure support request for more troubleshooting help.