Dynamics 365 Customer Engagement to require TLS 1.2 or higher for connectivity beginning with Dynamics 365 (online) version 9.0

Jones Aktan 365, Blog, CRM, Microsoft Dynamics Leave a Comment

Starting with Dynamics 365 (online) version 9.0, we will begin requiring connections to customer engagement applications to utilize TLS 1.2 (or better) security. This aligns with updated Microsoft and industry security policies and best practices, and you may be required to take actions to maintain connectivity to Dynamics 365 Customer Engagement applications. Please review the following information to help you identify if you are impacted and what steps you may need to take.

What is TLS?

TLS stands for “Transport Layer Security,” and is a protocol that is an industry standard designed to protect the privacy of information communicated over the Internet. TLS is used in many web browsers and applications that communicate over HTTPS and TCP.

What is changing?

Today, all Dynamics 365 Customer Engagement online versions support TLS 1.0, 1.1 and 1.2, but starting with the release of Dynamics 365 (online) version 9.0, we will begin blocking connections to the updated product from clients or browsers that are using TLS 1.0 and 1.1. Versions 8.x and 7.x of Dynamics 365 Customer Engagement will not be affected with this change, and will continue to provide support for TLS 1.0, 1.1, and 1.2 as they do today. Please note: This change only affects Microsoft Dynamics 365 Online Customer Engagement, not on premises versions.

How will you or your customers be impacted?

Any connections to Dynamics 365 (online), version 9.x will fail if they do not use TLS 1.2 security protocol. This will impact several Dynamics services (listed below), including access to the Dynamics 365 Customer Engagement web application.

How can you or your customers avoid being impacted?

For supported web browsers

All supported browsers for Dynamics 365 Customer Engagement (versions 7.x – Version 9.x) currently comply with the TLS 1.2 standards and will continue to work as before. However, if you have disabled the TLS 1.2 protocol on your browser, you will be affected and lose connectivity to organizations with Dynamics 365 (online), version 9.0.
For help identifying if your browser supports the TLS 1.2 requirement, go to this validation test page.

For developer tools provided by Microsoft

See What’s new for Customer Engagement developer documentation in version 9.0 to get the latest on our developer tools documentation. Update to the latest version of tools, used in development, from NuGET. Examples of developer tools include the Plugin Registration Tool and Configuration Migration Tool. Version 9.0 of these tools are backward compatible.

For code built with the Dynamics 365 SDK

Recompile your client applications using .NET framework 4.6.2 or higher.  If your code is already compiled with .net 4.6.2 or higher, then there is no action required. For custom plugins and workflow assemblies, .net 4.5.2 should continue to be used.

One important note for .NET based apps

You can force TLS 1.2 protocol using the following command :
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
This forces the TLS 1.2 security protocol at all time. This is not recommended as you run the risk of having to update this when there is a newer security protocol adopted by the industry

For existing code that cannot be recompiled

You can utilize a registry setting on Windows that will force .NET to utilize the highest possible security standard.

Please Note: This is a machine-wide setting and may have undesired affects. It is recommended that you or your customer utilize the method of recompiling to .NET 4.6.2 or higher.

To update the registry settings that force .NET 4.5.2 to prefer TLS 1.2 machine-wide are documented in the Microsoft Security Advisory 2960358 article. See section “Suggested Actions” under “Manually disable RC4 in TLS on systems running .NET Framework 4.5/4.5.1/4.5.2”.

Share this :

Leave a Reply