Reminder: Deprecation of TLS Protocols & Ciphers Used For Azure AD Communication

by Jake Heberling
Desktop & Applications Engineer

To improve the security posture of Azure tenants and remain in compliance with industry standards, Microsoft deprecated Transport Layer Security (TLS) 1.0 and 1.1 protocols as well as the 3DES cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA) for all Azure Active Directory communication starting on January 31, 2022. Examples of applications that might not work as expected after this change include:

  • Azure AD Connect
  • Azure AD PowerShell
  • Azure AD Application Proxy Connectors
  • Pass-through Authentication Agents
  • Legacy Browsers
  • Applications integrated with Azure AD

These changes were made to follow the latest compliance standards for the Federal Risk and Authorization Management Program (FedRAMP) and to improve security when users interact with Microsoft cloud services. Additional information regarding this deprecation is available from Microsoft.

In addition to the changes mentioned above, enforced disablement of TLS 1.0 and 1.1 in Internet Explorer was postponed to an unspecified date in 2022. Taking into account the recent retirement of Internet Explorer 11 desktop application, environments not fully updated or configured to support TLS 1.2 connectivity to Azure AD may experience issues resulting from the rolling disablement of legacy protocols, particularly if legacy browsers are still in use.

Helient strongly recommends taking the necessary steps to ensure your environment is configured to support TLS 1.2 connectivity to Azure AD and transitioning away from legacy browsers. If you would like more information or assistance, please contact our industry-leading experts at