Starting with the July 2017 update for Dynamics 365 (online) we will begin requiring connections to customer engagement applications to utilize TLS 1.2 (or better) security. This aligns with updated Microsoft and industry security policies and best practices, and you may be required to take actions to maintain connectivity to Dynamics 365 Customer Engagement applications. Please review the following information to help you identify if you are impacted and what steps you may need to take.
What is TLS:
TLS stands for “Transport Layer Security,” and is a protocol that is an industry standard designed to protect the privacy of information communicated over the Internet. TLS is used in many web browsers and applications that communicate over HTTPS and TCP.
What is the change:
Today, all Dynamics 365 Customer Engagement online versions support TLS 1.0, 1.1 and 1.2, but starting with the release of the July 2017 update for Dynamics 365 (online), which is version 9.0 of the Customer Engagement platform, we will begin blocking connections to the updated product from clients or browsers that are using TLS 1.0 and 1.1. Versions 8.x and 7.x of Dynamics 365 Customer Engagement will not be affected with this change, and will continue to provide support for TLS 1.0, 1.1, and 1.2 as they do today. Please note: This change only affects Microsoft Dynamics 365 (online), not on-premises versions.
How will you or your customers be impacted:
All supported browsers for Dynamics 365 Customer Engagement (versions 7.x – Version 9.x) currently comply with the TLS 1.2 standards and will continue to work as before. However, if you have disabled the TLS 1.2 protocol on your browser or utilize a custom Windows client built with .NET 4.5.2 you will be affected and lose connectivity to organizations with the July 2017 update for Dynamics 365 (online), version 9.0.
If you have deployed a non-Windows application that connects to a Dynamics 365 Customer Engagement instance you will need to verify that the technology stack you used supports TLS 1.2
How you or your customers can avoid being impacted:
- Custom Windows clients built utilizing .NET 4.5.2 (web and native client applications)
- Custom Windows clients built utilizing .NET 4.5.2 can be fixed by recompiling on .NET 4.6.2. Versions of .NET 4.6.2 and higher implement a process that will seek the highest possible security transport that the host operating system supports.
- If you are unable to do this, you can utilize a registry setting on Windows that will force .NET to utilize the highest possible security standard. Please Note: This is a machine-wide setting and may have undesired affects. It is recommended that you or your customer utilize the method of recompiling to .NET 4.6.2 or higher. The registry settings that will force .NET 4.5.2 to prefer TLS 1.2 machine-wide are documented in the article Microsoft Security Advisory 2960358 in the section "Suggested Actions" under "Manually disable RC4 in TLS on systems running .NET Framework 4.5/4.5.1/4.5.2"
- Non-.NET Clients (web and client applications)
- Please check with the framework or language provider to determine how to configure your application to utilize TLS 1.2
Additional Information: Blog Post: Microsoft Secure Blog > TLS 1.2 support at Microsoft