Disable TLS 1.0
At some point to maintain PCI compliance we will need to disable TLS 1.0. I have been told more than one time that we cannot disable TLS 1.0 now on our hybrid Exchange 2016 on-premise servers without losing functionality. We need a patch or update that would allow us to disable TLS 1.0 and still have full Exchange functionality.
While it is likely that Office 365 will need to leave TLS 1.0 enabled broadly for the near future, we are rolling out TLS 1.2 by default which will allow us to publish updated guidance for Exchange on-premises. Please stay tuned to EHLO blog for further updates — several configuration changes will be necessary to ensure everything works smoothly.
Dwight Holman commented
This is a concern for us also. We're considering migration to O365 and it would be great if we could enforce TLS1.2 or better for all applications/clients from the beginning.
Tobias Heinrich commented
Please make it possible to deactivate TLS 1.0!!! It is not save anymore
we are facing similar issue, TMG/ADFS with TLS 1.0 off - producing 503 error during autodiscover. Microsoft told us this is an expected behavior and they working on fix however PCI compliance is chasing us up to switch off TLS 1.0.