To boost the security level of your tenant and also to keep by industry standards, Microsoft Entra ID will shortly stop supporting the following Transport Layer Security (TLS) protocols and ciphers
TLS 1.1
TLS 1.0
3DES cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA)
The impact of this change could be on the organization you work for
Do you have your application interact with or authenticate using Microsoft Entra ID? It is possible that your applications won’t function as intended if they cannot use TLS 1.2 for communication. The reasons for this include:
- Microsoft Entra Connect
- Microsoft Graph PowerShell
- Microsoft Entra application proxy connectors
- PTA agents
- Legacy browsers
- Applications that work with Microsoft Entra ID
What Is TLS
TLS is a cryptographic method for Transport Layer Security that ensures secure communication on a computer network. It is primarily used to secure the connections between an application on the Internet and the network and to encrypt data to block tampering and listening. TLS has several versions, including TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 (the current version).
Today, TLS 1.2 is the widely employed version. This article will show you how to activate TLS 1.2 in some Windows versions.
How to Check TLS Version in Windows 10
TLS, also known as Transport Layer Security, protects any information transmitted via the Internet to collect unauthorized access and obtain Control of your System. That makes making sure it’s regularly updated a must-have procedure you must begin implementing. Therefore, with no further delay, we look into various ways to achieve this.
Method 1: Via Registry Editor
Use Registry Editor on your desktop. Registry Editor on your desktop to verify your TLS version. Check the following steps for more information on how to:
- Use the Windows key and R to start the Run. Run command.
- In regedit, type in the information and select OK.
- Navigate to the HKEY_LOCAL_MACHINE folder and select System from the expanded menu.
- Click on CurrentControlSet and then select Control from the expanded menu.
- Click on SecurityProviders now.
- Select SCHANNEL, then choose Protocols from the menu which expands.
So this way, the TLS version details will be displayed.
Method 2: Via Command Prompt
Another option to check for the TLS version of your System is to type a straightforward command into the command prompt. Here’s how:
- In the search bar. Then, launch the Command Prompt.
- Enter Netsh; the netsh command shows tls, and click Enter.
This is it. The TLS version will show up at the prompt for commands.
Method 3: Via Control Panel
Finally, look up the TLS versions through your Control Panel. Here’s how:
- Open the Control Panel and click on Network and Internet in the menu at the top.
- Click on Internet Options.
- On the pop-up menu, click Advanced in the Main menu.
- Scroll to the bottom of this page to see the versions of TLS installed on your computer.
Following these easy steps, you’ll identify the TLS versions.
Make sure you enable TLS 1.2 to support TLS 1.2 within your System.
To assure an encrypted connection to Microsoft Entra ID and Microsoft 365 services, you must configure the client applications, server, and client operating system (OS) to work with TLS 1.2 and the latest encryption suites.
Guidelines to enable TLS 1.2 on client devices.
- Update Windows as well as the default TLS used to “WinHTTP.”
- Find and decrease your dependency on client applications and operating systems that do not have support for TLS 1.2.
- Turn on TLS 1.2 in all applications and services that connect to Microsoft Entra ID.
- Configure and update your .NET Framework installation to support TLS 1.2.
- Be sure that your programs and PowerShell scripts (that utilize Microsoft Graph and Microsoft Graph PowerShell) run and are hosted on a computer system compatible with TLS 1.2.
- Be sure your web browser is updated with the most recent updates. We recommend using the newest Microsoft Edge browser (based on Chromium). For further information, check out the Microsoft Edge release notes for Stable Channel.
- Be sure your proxy supports TLS 1.2. Contact the provider of your web proxy to learn more about updating it.