Blog Post

Exchange Team Blog
2 MIN READ

New opt-in endpoint for POP3/IMAP4 clients that need legacy TLS

The_Exchange_Team's avatar
The_Exchange_Team
Icon for Microsoft rankMicrosoft
Jan 06, 2023
Exchange Online ended support for TLS1.0 and TLS1.1 in October 2020. This year, we plan to disable these older TLS versions for POP3/IMAP4 clients to secure our customers and meet compliance requirem...
Updated Jan 06, 2023
Version 1.0
announcements
Client Access
exchange online
security
AmirHaque-MSFT's avatar
AmirHaque-MSFT
Icon for Microsoft rankMicrosoft
Feb 09, 2023

tvanscot GrahamCleary One of our engineers pointed to this article that claims you can get the info you need from Azure AD Portal/Sign-in logs, check this out and let us know if this works for you to identify impacted users, who may be using legacy TLS versions for POP/IMAP connectivity.

See: Enable TLS 1.2 support as Azure AD TLS 1.0/1.1 is deprecated - Active Directory | Microsoft Learn

<excerpts> 

Overview of new telemetry in the sign-in logs

To help you identify any clients or apps that still use legacy TLS in your environment, view the Azure AD sign-in logs. For clients or apps that sign in over legacy TLS, Azure AD marks the Legacy TLS field in Additional Details with True. The Legacy TLS field only appears if the sign-in occurred over legacy TLS. If you don’t see any legacy TLS in your logs, you're ready to switch to TLS 1.2.