TLS has been has been the standard for secure mail transmission for a long time and you’d be hard pressed to find an organization that doesn’t use it. With Exchange Online, we use opportunistic TLS by default, this means that if we can use TLS, we will – but if not, we won’t. Generally for secure partner organizations, we will enforce TLS so that we only accept validated, secure mail from the remote domain. This helps us to verify the source of sensitive mails. If the TLS cert doesn’t match, we aren’t sending or receiving the mail to the server for that domain.

The TLS protocol has obviously evolved over the years, as some of the older versions have become obsolete. Starting on January 11th 2021, Microsoft will be disabling TLS1.0 and TLS1.1 for use with Exchange Online. This means that any servers that currently use these protocols to transmit mails to and from Exchange Online, will no longer be supported.

From an Exchange Online perspective, there is not really any change required from Admins, however, it is worth verifying any partner companies or servers that transmit mail are up to date with TLS1.2. There is a great post on investigating the use of the older protocols on the Exchange Team Blog. Ensure to verify any app relays you mail have and any critical partners that will need to send mail.

For more information on this change, check out the official Microsoft documentation.