:

MICROSOFT BLOCKS LEGACY TLS IN EXCHANGE ONLINE

INDUSTRY DESK2 MIN READ
TUE, APR 28, 2026

■ AI-SUMMARIZED FROM 3 SOURCES ▸ TIMELINE

Microsoft will deprecate legacy TLS connections for POP and IMAP clients in Exchange Online starting July 2026. The move affects email clients still using outdated encryption protocols.

Microsoft announced it will begin blocking legacy TLS (Transport Layer Security) connections for POP and IMAP email protocols in Exchange Online from July 2026 onward. The deprecation targets clients still relying on TLS 1.0 and TLS 1.1, which Microsoft considers security risks. Users and organizations with older email clients will need to upgrade to versions supporting TLS 1.2 or higher to maintain connectivity. What's changing: - POP and IMAP connections using TLS 1.0 and 1.1 will be blocked - Affected clients must support minimum TLS 1.2 - Timeline begins July 2026 Who is affected: Organizations running legacy email clients, particularly older versions of: - Outlook for Windows and Mac - Apple Mail - Gmail clients - Third-party email applications Microsoft has emphasized the security necessity of this change. Legacy TLS versions contain known vulnerabilities that expose email communications to potential interception and compromise. The company previously deprecated TLS 1.0 and 1.1 for other Microsoft 365 services. Recommended actions: Organizations should audit their email client versions and plan upgrades accordingly. Microsoft recommends transitioning to modern email clients that support current TLS standards and modern authentication methods like OAuth 2.0. This aligns with broader industry trends toward deprecating legacy protocols. Major email providers including Google and Apple have similarly phased out support for outdated TLS versions in recent years. Microsoft will provide additional guidance and migration resources as the July 2026 deadline approaches. Organizations with large deployments of legacy systems should begin planning upgrades immediately to avoid service disruptions.

■ SOURCES

Bleeping ComputerBleeping ComputerBloomberg Tech

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

5H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

5H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

10H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.