【Office365】Major Change Update @2019/2/2( 3DES のサポート終了 )

2019年2月7日

Office365 に関する Major Change Update 情報(2019/2/2付)をご案内いたします。Office365 が 3DES のサポートを打ち切るようです。

具体的には、サポート打ち切りは『 2019/2/28 』となるようです。なお、3DES と TLS1.0/1.1 のサポート打ち切りは一纏めにアナウンスされていますが、『 2019/2/28 』は 3DES のみが対象となります。混同されないようにご注意ください。

セキュリティレベル向上に寄与するのは良いことですが、今時のクライアントであれば、3DES は使用していないと思います。特殊な事情がない限りは、システム管理者としては静観で良いかと思います。

 

※ Nortification の解釈に誤りがございましたら申し訳ございません。

≪Nortification≫

As previously communicated (MC124102 in Oct 2017, MC126199 in Dec 2017 and MC128929 in Feb 2018), we are moving all our online services to Transport Layer Security (TLS) 1.2+ to provide best-in-class encryption, and to ensure our service is more secure by default.

Keeping on track with this promise – Office 365 will be retiring 3DES on February 28, 2019. This was first communicated in MC171089.

In order to help you prepare for this change, we have provided reports for you to track your TLS 1.0/1.1 and 3DES usage.

Additionally, we have addressed the concerns and questions you have had with these reports.

[How does this impact me?] Starting February 28, 2019, Office 365 will begin retiring 3DES. This means that all connections to Office 365 using the cipher 3DES will not work.

Please keep in mind that Office 365 will NOT retire TLS 1.0/1.1 on February 28, 2019, even though the reports contain information about both TLS 1.0/1.1 and 3DES connections.

Expect issues connecting to Office 365 services if you are using 3DES from this date onwards. TLS 1.0/1.1 connections without the 3DES cipher will not be affected.

[What should I do to prepare for this change?] Ensure that all client-server and browser-server connections using 3DES, to connect to Office 365 services, have been updated.

By going to http://securescore.microsoft.com , you can find if you have any TLS 1.0/1.1 and 3DES usage for Exchange. Click on ‘Score Analyzer’ and scroll to the – Remove TLS dependencies tab.

If you want details on who is connecting using these weaker ciphers and protocols – click on the ‘Get Details’ button that will launch a flyout where you can click on ‘Launch now’. This will take you to the Secure Trust Portal (http://servicetrust.microsoft.com) where you can download your TLS 1.0/1.1 and 3DES reports. The reports contain the following information:

  • Usernames/IP addresses of the users/devices connecting to Exchange using TLS 1.0/1.1 or 3DES
  • Which protocol/cipher is being used for the connection – this will either be TLS 1.0/1.1 or 3DES
  • The user agent string that is being used for this connection – this gives information about the type of device used for the connection

The report is refreshed daily. If you have made any changes and updated any clients/devices, you would need to wait for 24hrs to see this change in the reports.