Skip to main content
March 31, 2020

Plan for change: TLS 1.0 and TLS 1.1 soon to be disabled by default

Update as of 04/23/2021: The plan to disable TLS 1.0/1.1 by default is being updated for Internet Explorer and EdgeHTML (the rendering engine for the WebView control). TLS 1.0 and TLS 1.1 will not be disabled by default for both until early 2022. Organizations that wish to disable TLS 1.0 and TLS 1.1 before that time may do so using Group Policy. Microsoft Edge Legacy is no longer in scope for this plan as the support ended on March 9, 2021.

There are no changes to the plan for the new Microsoft Edge (based on Chromium). TLS 1.0/1.1 were disabled by default starting in Microsoft Edge version 84, and the SSLVersionMin policy that permitted enabling the legacy protocol versions will be removed in version 91.

As announced in October of 2018, Microsoft will soon disable Transport Layer Security (TLS) 1.0 and 1.1 by default in Microsoft browsers. In light of current global circumstances, we will be postponing this planned change—originally scheduled for the first half of 2020.

For the new Microsoft Edge (based on Chromium), TLS 1.0 and 1.1 are currently planned to be disabled by default no sooner than Microsoft Edge version 84 (currently planned for July 2020).

For all supported versions of Internet Explorer 11 and Microsoft Edge Legacy (EdgeHTML-based), TLS 1.0 and TLS 1.1 will be disabled by default as of September 8, 2020.

While these protocols will remain available for customers to re-enable as needed, we recommend that all organizations move off of TLS 1.0 and TLS 1.1 as soon as is practical. Newer versions of the TLS protocol enable more modern cryptography and are broadly supported across modern browsers, such as the new Microsoft Edge.