How to allow legacy TLS SMTP clients in Exchange Online

Case

Microsoft has announced in 2021 that they are deprecating TLS 1.0 and TLS 1.1 support from Office 365 and Microsoft 365 products and services: https://docs.microsoft.com/en-us/microsoft-365/compliance/prepare-tls-1.2-in-office-365?view=o365-worldwide. As a result all software vendors developing client applications which interface with Office 365 via the Office 365 API, the Microsoft Graph API or via SMTP Auth need to update their code base to support TLS 1.2 at minimum. For the vendors and applications which still cannot officially support TLS 1.2 there may be an interim solution.

Bear in mind mind that there have been various Microsoft announcements about deprecation of TLS 1.0 and 1.1 versions in all Azure cloud services. Review this blog post for more details.

Read this article to find out how you can enable legacy TLS protocol version support for Office 365 with focus on SMTP services/clients.

Solution

First off, you will need to enable the “AllowLegacyTLSClients” property of the Exchange Online organization via the Get-TransportConfig Powershell cmdlet. This also assumes that you have enabled SMTP Auth for your mailbox. After connecting to Exchange Online with Powershell, run the following cmdlet against your Exchange Online organization:

Get-TransportConfig | Format-List AllowLegacyTLSClients

After the “AllowLegacyTLSClients” property has been enabled and SMTP Auth is enabled, you will need to configure your SMTP client to connect to Microsoft 365 via any applicable method as explained in https://stefanos.cloud/kb/how-to-connect-to-exchange-online-mailboxes-from-any-endpoint/. However if you choose option 1, i.e. the SMTP Auth client submission method, instead of smtp.office365.com you need to define smtp-legacy.office365.com as being your SMTP server.

Was this article helpful?

Related Articles