End of support for non-secure cipher suites in Microsoft Defender for Identity

Published May 05 2021 09:37 AM 1,854 Views
Microsoft

*Update*

The version 2.149 release is now expected to be deployed from the 30th May, not the 23rd as suggested in the original post. All other information in the original post remains the same. 

 

Microsoft Defender for Identity is removing non-secure cipher suites to provide best-in-class encryption, and to ensure our service is more secure by default. As of version 2.149 (expected to be deployed on the week commencing 23rd May) Microsoft Defender for Identity will no longer support the following cipher suites. From this date forward, any connection using these protocols will no longer work as expected, and no support will be provided.

 

Non-secure cipher suites:

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

 

Support will continue for the following suites:

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

 

What do I need to do to prepare for this change?

Nothing - this change will be automatic and we don't anticipate it affecting customer environments.

 

For additional inquiries please contact support.

- Microsoft Defender for Identity team.

Co-Authors
Version history
Last update:
‎May 19 2021 05:57 AM
Updated by:
www.000webhost.com