Microsoft Moves to Retire TLS 1.0 and 1.1 in Azure Blob Storage

Microsoft has dropped support for Transport Layer Security (TLS) versions 1.0 and 1.1 for Azure Blob Storage. The company has published a guide to help organizations in migrating clients to newer, more secure encryption standards.

TLS is a widely used security protocol that encrypts data in transit between clients and servers, and ensures confidentiality, integrity, and identity verification. It’s widely used to secure web traffic (HTTPS), cloud services, email, and APIs to prevent eavesdropping, tampering, and other cyberattacks.

Microsoft deprecated TLS 1.0 and 1.1 in favor of TLS 1.2 in 2021 but continued supporting the older protocols to avoid breaking legacy systems. Many older platforms, such as Windows 7 and early Windows Server releases, did not enable TLS 1.2 by default and required manual configuration or application updates.

The final TLS 1.2 enforcement timeline

The original retirement date of November 1, 2024, was delayed to November 1, 2025, to give organizations additional time to transition. Microsoft later extended a final grace period until February 3, 2026, specifically for administrators and developers maintaining legacy applications, and has confirmed that no further extensions will be granted.

Once enforcement begins, TLS 1.2 will be the minimum encryption standard required for all Azure Storage connections. Any client still relying on TLS 1.0 or 1.1 will fail to connect, which will potentially disrupt access to Azure Blob Storage.

According to Microsoft, TLS 1.2 provides stronger security, supports modern cryptographic algorithms, and aligns with current industry and regulatory standards, including NIST and FedRAMP. Older TLS versions no longer meet these expectations and are considered unsuitable for production environments.

Steps organizations should take to avoid disruption

To avoid service interruptions, organizations should inventory all applications and services that connect to Azure Storage and ensure they are explicitly configured to use TLS 1.2. This may involve upgrading operating systems, application runtimes, SDKs, or third-party libraries, followed by thorough testing to confirm secure connectivity.

The biggest challenge in retiring older TLS versions remains legacy software. Some older applications and platforms, including earlier releases of Microsoft SQL Server and Windows Server, depend on outdated protocols, and in some cases, the TLS version is hardcoded, which makes upgrades more complex.