Article Details

Microsoft finally sends TLS 1.0 and 1.1 to the cloud retirement home. Azure Storage now requires version 1.2 or newer for encrypted connections. Today is the day Azure Storage stops supporting versions 1.0 and 1.1 of Transport Layer Security (TLS). TLS 1.2 is the new minimum. The change has been a long time coming. Microsoft warned users several years ago that February 3, 2026, was the cut-off date after which the deprecated standards would no longer be supported. The minimum TLS version is enforced at the storage account level. Microsoft said: "If your storage account hosts other Azure Storage services (such as Azure Files, Queue Storage, or Table Storage), those services are also subject to the same TLS requirements." TLS is a security protocol for encrypted communications between applications and servers. In this case, when storage data is accessed via HTTPS, communications are encrypted using TLS. The retired standards, TLS 1.0 and 1.1, are, in a very real sense, from a different era of computing. TLS 1.0 dates back to 1999, and 1.1 was published in 2006. Both were deprecated in 2021, years after the 2008 publication of the TLS 1.2 standard. The latest protocol, TLS 1.3, was published in 2018. Microsoft has clung to the deprecated versions of TLS 1.0 and 1.1, primarily for backward compatibility. Windows 7, for example, supported older versions by default and required manual tweaks to enable TLS 1.2. Microsoft has tried to retire TLS 1.0 and 1.1 for some time. November 1, 2024, was initially scheduled, but was pushed back by a year to November 1, 2025. Administrators and legacy application developers were given a little longer, until February 3, 2026. Microsoft has not indicated it will extend the deadline further. There are many good reasons to move to TLS 1.2. It is faster than its predecessors and more secure. Furthermore, sticking with deprecated standards is not a good idea from a regulatory perspective. The US National Institute of Standards and Technology (NIST) published guidelines in 2019 requiring government TLS servers and clients to support TLS 1.2. The problem is legacy systems. For example, older versions of Microsoft's SQL Server database and Windows Server relied on pre-1.2 TLS. Although the protocols are disabled by default in recent software (such as Windows 11 25H2), they are still hardcoded in some legacy applications. TLS 1.0 and 1.1 have already been disabled in Microsoft 365 products for some time. Killing off TLS 1.0 and 1.1 for Azure Storage is the latest step in the process. And for administrators who have not made the change (or have some legacy code that is hardcoded to use the deprecated protocols): "All clients connecting to Azure Storage services using TLS version below 1.2 will not be able to connect to Azure Storage anymore."