The original date for the deprecation of support for 3DES support in Office 365 (February 28, 2019) has come and gone.. Microsoft has released updated guidance around this topic.
The 3DES encryption cipher is being retired from Skype for Business Online starting on July 10, 2019. This impacts all commercial and GCC customers who are using the following clients to connect to Office 365:
- Lync 2010 Windows clients
- Lync for Mac 2011
- Lync Phone Edition
- Lync 2010 Mobile clients
If you are using one or more of the above clients with Office 365, please ensure you take the necessary steps to migrate to newer versions. Below is the list of versions that will work with Skype for Business Online:
- Skype for Business Click-to-Run - Requires the April 2018 Updates:
- Monthly and Semi-Annual Targeted – 16.0.9126.2152 and higher
- Semi-Annual and Deferred Channel – 16.0.8431.2242 and higher
- Skype for Business 2019 volume license
- Skype for Business 2016 Desktop Client, MSI 0.4678.1000 and higher, including Basic
- Lync 2013 (Skype for Business 2015) Desktop Client, MSI and C2R, including Basic 0.5023.1000 and higher
- Skype for Business for Mac 16.15 and higher
- Skype for Business for iOS and Android 6.19 and higher
- Certified Skype for Business Online Phones - Further guidance is located here.
WHAT IS THE PLAN TO INFORM CUSTOMERS?
- Customer admins will be notified via the Office 365 Message Center during the period of April 17-19, 2019
- If needed, further updates will be communicated via Message Center to customers
- There are currently no plans for broad-based public communications via blogs or social
WHAT ABOUT ON-PREMISES SERVER CUSTOMERS?
There is no impact to customers who are using on-premises servers. However, Microsoft recommends that customers evaluate their encryption needs and consider upgrading if needed.
WHY IS MICROSOFT TAKING THIS ACTION?
3DES aka “Triple DES” is a public encryption protocol first defined via RFC1851 in 1995. It first appeared in software products in 1998. The encryption is now over 20 years old and is now longer generally considered a secure option. Microsoft is responding to customer requests to no longer provide it as an option for encryption.
ADDITIONAL RESOURCES
- Microsoft public documentation for deploying the SFB client in Office 365
- Microsoft public documentation for technical reference details on O365 encryption
- Public information on 3DES - https://en.wikipedia.org/wiki/Triple_DES
- 2016 InfoWorld article on successful attacks against older versions of 3DES
- https://securescore.office.com and run the Score Analyzer to see if you have users or devices that are actively using 3DES.