Microsoft Azure is set to finally conclude support for Transport Layer Security (short TLS) 1.0 and 1.1 by the 31. August 2025. In line with this transition, all Azure service interactions will be required to use TLS 1.2 or later versions. Microsoft Azure services already operate in TLS 1.2-only mode by default. There are a limited number of services that still allow TLS 1.0 and 1.1 to be configured in order to support customers with legacy needs.
Although Microsoft’s TLS 1.0 and 1.1 implementations are currently free of known vulnerabilities, upgrading to TLS 1.2 or newer is crucial for enhanced security features such as perfect forward secrecy (short PFS) and stronger cipher suites.
Transition Timeline
- 10 November 2023: Microsoft announced the ongoing transition to require TLS 1.2 or higher for Azure connections. The retirement date was originally set to 31 October 2024. Later (24 October 2024) the retirement date was postponed until August 2025.
- 31 August 2025: A limited number of services will continue supporting TLS 1.0 and 1.1 until this date, after which only TLS 1.2 and above will be accepted and work.
- 1 November 2025: TLS 1.2 will be the minimum supported version for Azure Storage Accounts.
Recommended Actions
Assess Resource Compatibility: Confirm if your services and applications are currently using TLS 1.2 or above.
- If they are, no further action is required.
- If your applications still depend on TLS 1.0 or 1.1, it’s time to start the transition to TLS 1.2 or newer. To assist you, here is a link that outlines various migration paths for services that are currently using these legacy TLS versions.
Example of a transition to TLS 1.2 for a Storage Account
In many scenarios, you’ll encounter the need to migrate to TLS 1.2 with Azure Storage Accounts. Beginning November 1, 2025, TLS 1.2 will be the minimum supported TLS version for Azure Storage.
When you create a new Storage Account, TLS 1.2 is automatically set as the default version. Although you still have the option to select TLS 1.0 or 1.1, you will be still impacted by this transition.
For existing Storage Accounts, you’ll need to configure the Minimum TLS Version as outlined in the screenshot. If your Storage Account is solely being used for an FSLogix container in an Azure Virtual Desktop (short AVD) environment, you can transition to TLS 1.2 without any impact on functionality. However, if your applications or services still depend on TLS 1.0 or 1.1 to access the storage account, it’s crucial to address those dependencies first before making this change to the minimum TLS version.
Conclusion
To ensure uninterrupted access to Azure services and enhance your security posture, it is essential to transition away from TLS 1.0 and 1.1 before the upcoming deadlines. For additional guidance and support, refer to Microsoft documentation or engage with community experts through Microsoft Q&A.
By staying proactive and transitioning to TLS 1.2 or later, you can effectively secure your applications and remain compliant with Azure’s updated security standards.
Sources
