Microsoft to Block Legacy TLS Connections for POP and IMAP in Exchange Online
Microsoft phases out legacy TLS and email protocols in Exchange Online to boost security.
Key Takeaways:
- Microsoft will soon begin blocking outdated TLS connections in Exchange Online.
- Legacy POP3 and IMAP4 endpoints are being retired as part of a broader security push.
- Organizations using older email systems may need to prepare for upcoming changes.
Microsoft is strengthening security in Exchange Online by retiring support for outdated email encryption methods. Beginning in July 2026, organizations still using legacy TLS versions for POP3 and IMAP4 connections may experience service disruptions unless they transition to modern encryption standards.
The change is part of Microsoft’s broader effort to eliminate aging security protocols that no longer meet current protection requirements. Older versions, such as TLS 1.0 and TLS 1.1, are considered vulnerable to modern attack techniques, which makes them unsuitable for safeguarding sensitive communications in today’s threat landscape.
TLS 1.0 and 1.1 blocking begins in July 2026
To reduce risk, Microsoft will fully block these legacy protocols in Exchange Online and remove the opt-in endpoints that previously allowed limited use. Most modern email clients already support TLS 1.2 or higher, so the impact is expected to be limited to environments still relying on outdated systems or custom configurations.
“Several years ago we started the move to block these older versions, but we did allow you to use them by opting-in, we’re now removing support for them entirely. Our expectation is that only customers who have explicitly opted into using those legacy endpoints are impacted by the deprecation we are announcing today,” the Exchange team explained.
What does this change mean for Exchange Online admins?
Administrators are advised to review their email infrastructure and ensure all clients, applications, and devices support TLS 1.2 or later. Any legacy or embedded systems that still depend on older encryption should be upgraded or replaced to maintain uninterrupted access.
Microsoft’s decision reflects a continued push toward modernizing cloud security and reducing exposure to known vulnerabilities. Organizations that complete the transition early will be better positioned to maintain both compliance and a stronger overall security posture in Exchange Online.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
