Outlook 2015 1.0
The tornado outbreak of April 8–9, 2015 was a relatively small but damaging outbreak of tornadoes that occurred in parts of the Great Plains and in the Midwestern United States. 27 tornadoes were confirmed during the two days, most of them weak, however a select few of them were powerful and damaging. By far the most significant tornado of the outbreak was a very high-end EF4 wedge tornado. The tornado outbreak of April 8–9, 2015 was a relatively small but damaging outbreak of tornadoes that occurred in parts of the Great Plains and in the Midwestern United States. 27 tornadoes were confirmed during the two days, most of them weak, however a select few of them were powerful and damaging. Announcing Support for Disabling TLS 1.0 and 1.1 in Skype for Business Server 2015 On-Premises. Exchange Connectivity and Outlook Web App with Exchange Server 2010 SP3 RU19 or higher, guidance here. Survivable Branch Appliance (SBA) with Sfb Server 2015 CU6 HF2 or higher (it is the vendor's responsibility to package the appropriate CU.
-->Oct 26, 2017 Version 1.0 of the Outlook REST API was launched in 2015 to provide API access to mail, calendar, contacts, and other data from Exchange Online, with support for Basic Authentication. Over time, we’ve released major enhancements in Outlook REST API v2.0 and Microsoft Graph, both of which provide richer features, and better performance.
Use the links on this page to get more information about and download the most recent updates for the perpetual versions of Outlook 2016, Outlook 2013, and Outlook 2010.
Note
- The information in this article only applies to perpetual versions of Outlook that use the Windows Installer (MSI) installation technology. For example, if you installed a volume licensed version of Outlook, such as Outlook included with Office Professional Plus 2016.
- The information in this article doesn't apply to Office 365 versions of Outlook, such as Outlook included with Office 365 ProPlus.
- To find out what version of Outlook you're using, see What version of Outlook do I have?
- For more information about installing Office updates, see Install Office updates.
Outlook compatibility with Office 365 and your on-premises environment depends on the system requirements for your deployment: Hal 9000 voice download.
Office 365 works with any version of Outlook that is in mainstream support, which includes the latest version of Outlook 2016. For previous versions of Outlook, only those that have extended support may continue to work with Office 365, although with reduced functionality. For more information, see Microsoft Lifecycle Policy.
For Exchange on-premises deployments, follow the system requirements for your version of Outlook:
Outlook 2016 updates
Latest Service Pack (SP) | Minimum required update | Latest Public Update (PU) |
---|---|---|
N/A | March 2016 PU KB3114861 | March 2020 PU KB4462111 |
Outlook 2013 updates
Microsoft Outlook 2015
Latest Service Pack (SP) | Minimum required update | Latest Public Update (PU) |
---|---|---|
SP1 KB2850036 | December 2015 PU KB3114349 | February 2020 PU KB4484156 |
Outlook 2010 updates
Latest Service Pack (SP) | Minimum required update | Latest Public Update (PU) |
---|---|---|
SP2 KB2687521 | October 2015 PU KB3085604 April 2015 PU for Office 2010 for MAPI/HTTP KB2956191 | February 2020 PU KB4484163 |
As you may have heard through the grape vine, TLS 1.0/1.1 will be deprecated starting October 31st, 2018. So what does that mean and why should you care? In this article we’ll discuss what this means for users of Lync/Skype for Business on-premises and Skype for Business Online and why TLS 1.2 will be mandatory going forward in Office 365. So, with all that said, let’s dive right in!
Background
Microsoft has been toying with us in terms of their TLS 1.0/1.1 deprecation date. Initially Microsoft had said they’d no longer be supporting TLS1.0/1.1 as of March 2018. However, due to continuous backlash from the Microsoft community regarding the very aggressive timeline, Microsoft has agreed to extend support for TLS 1.0/1.1 until October 31, 2018. So why are Microsoft pushing this so aggressively? Well as of right now, there are no known TLS 1.0 security vulnerabilities within Microsoft’s TLS 1.0 implementation. However, Microsoft has stated due to the potential for future protocol downgrade attacks and other TLS vulnerabilities, they have made the executive decision to discontinue the support of TLS 1.0/1.1 in the Office 365 environment. These vulnerabilities can include (but are not limited to) Beast, POODLE, Crime and Heartbleed. This applies to both client-server and browser-server combinations.
Note: Using TLS 1.2 with Office 365 does not mean you must have TLS 1.0/1.1 disabled in your environments by October 31, 2018. If parts of your environment require the use of TLS 1.0 and 1.1 on or after October 31, 2018, you can leave the older protocol versions enabled. However, TLS 1.2 will have to be enabled and used for communication with Office 365 to avoid any interruption in service.
Preparation
In order to best prepare for this upcoming TLS 1.2 change to your Office 365 environment, there are 3 scenarios that you should review and adequately plan and prepare for.
- Lync/Skype client connectivity to Office 365
- On-premises server integration w/Office 365
- 3rd party integration with Skype for Business Online
Now let’s discuss what each of these scenarios in a little more detail.
Lync/Skype client connectivity to Office 365
Lync and Skype for Business clients may connect to Skype for Business Online, Exchange Online or both depending on where the account for these services are homed (online or on-premises). With that said, you should refer to the table below regarding the 3 different connectivity scenarios to determine if preparation will be required.
Mailbox Location | Lync/Skype account location | Preparation Required |
---|---|---|
Online | Online | Yes |
On-premises | Online | Yes |
Online | On-premises | Yes |
On-premises | On-premises | No* |
*although you are not required to prepare for client connectivity scenarios, you still may be required to remediate your on-premises infrastructure if you federate with any customers that reside in Skype for Business Online. This scenario will be covered further in the next section.
You must also ensure that you have the following minimum client versions:
- Lync 2013 (Skype for Business) Desktop Client, MSI and C2R, including Basic 0.5023.1000 and higher
- Skype for Business 2016 Desktop Client, MSI 0.4678.1000 and higher, including Basic
- Skype for Business 2016 Click to Run Require the April 2018 Updates:
- Monthly and Semi-Annual Targeted – 16.0.9126.2152 and higher
- Semi-Annual and Deferred Channel – 16.0.8431.2242 and higher
- Skype for Business on Mac 16.15 and higher
- Skype for Business for iOS and Android 6.19 and higher
- Skype Web App 2015 CU6 HF2 and higher (ships with Server)
In addition, please note the fully supported and tested servers:
- Skype for Business Server 2015 CU6 HF2 6.0.9319.516 (March 2018 update) and higher on
- Windows Server 2012 (with KB 3140245 or superseding update), 2012 R2 or 2016
- In-place Upgraded Skype for Business Server 2015, with CU6 HF2 and higher on
- Windows Server 2008 R2, 2012 (with KB 3140245 or superseding update), or 2012 R2
- Exchange Connectivity and Outlook Web App with Exchange Server 2010 SP3 RU19 or higher, guidance here
- Survivable Branch Appliance (SBA) with Sfb Server 2015 CU6 HF2 or higher (it is the vendor’s responsibility to package the appropriate CU and provide it, be sure to confirm with your vendor that the updates have been made available for your appliance)
- Survivable Branch Server (SBS) with SfB Server 2015 CU6 HF2 or higher
- Lync Server 2013 Edge Role Only** – (More on this below)
**Lync Server 2013 now supports TLS 1.2 with the July, 2018 Cumulative Update, a.k.a. “CU10”. According to Microsoft, “we are providing TLS 1.2 support to enable co-existence, migration, Federation and Hybrid scenarios. This does not mean, however, that we support disabling TLS 1.0 or 1.1 on Lync Server 2013. In fact, doing so will render Lync Server 2013 nonoperational. Lync Server 2013 (all roles except Edge) takes a dependency on Windows Fabric version 1.0. With that said, Windows Fabric 1.0 does not support TLS 1.2 and therefore it remains unsupported to disable TLS 1.0 or 1.1 on all roles of Lync Server 2013 except Edge.“
Please be aware that not all devices will support TLS 1.2 at this time, but are currently being review and Microsoft has indicated that they will be providing guidance on this at a later time. You should check back regularly regarding TLS 1.2 support for the following devices:
Outlook 2015 1.0 Free
- Lync Room System (LRS/SRSv1)
- Skype Room System (a.k.a. ‘SRSv2’ or Rigel)
- Surface Hub
- Call Quality Dashboard (CQD)** – More on this below
- Cloud Connector Edition (CCE)
**If you plan on installing an on-premises deployment of CQD, then this will be dependent on TLS 1.0 for first time installs. There is testing being done for a fix, so in the meantime it is recommended that if you are installing CQD on-premises that you should complete the installation before disabling TLS 1.0.
Please also make note of the following products that are not supported and considered out of scope:
- Lync Server 2013** – (Exceptions mentioned above)
- Lync Server 2010
- Windows Server 2008 and lower
- Lync for Mac 2011
- Lync 2013 for Mobile – iOS, iPad, Android or Windows Phone
- Lync “MX” Windows Store client
- All Lync 2010 clients
- Lync Phone Edition – updated guidance here.
- 2013 based Survivable Branch Appliance (SBA) or Survivable Branch Server (SBS)
Lastly, as mentioned with the preceding client remediation, you must ensure that the underlying Operating System (OS) and default browser support TLS 1.2 for Microsoft OS support, you can consult Microsoft’s whitepaper here.
Note: Windows 7 does not have TLS 1.2 enabled by default. This means that you will need to enable this for all Windows 7 users if not done already (guidance on this is included in the whitepaper above). Also, the following link will provide you with guidance on TLS 1.2 capability for browsers. https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers
On-premises server integration with Office 365
There are several supported hybrid topologies that are covered with this scenario. This would include integration or Hybrid with: Skype for Business Online or Exchange Online. For a list of all supported on-premises Skype for Business to Exchange integration scenarios, please refer to the link here. Please note, Lync 2010 hybrid scenarios have not and have never been in scope for TLS 1.2 support. Thus, you must plan accordingly to get to a supported hybrid topology (i.e. Lync 2013 hybrid, Skype for Business 2015 hybrid). The table below provides an overview of scenarios where preparation is required as well as where to find additional guidance on said deployment and integrations types.
Deployed on-premises | Integration/Hybrid with | Preparation Required | Guidance |
---|---|---|---|
Skype for Business Server or Lync Server on-premises | Skype for Business Online | Yes | This article |
Skype for Business Server or Lync Server on-premises | Federation with other customers or partners in Office 365 (current or future) | Yes | This article |
Skype for Business Server or Lync Server on-premises | No | N/A | |
Skype for Business Server or Lync Server on-premises | Exchange Server | Yes | This article |
Exchange Server on-premises | Skype for Business Online | Yes | Follow the guidance in the Exchange blog series. |
Cloud Connector Edition (CCE) | Skype for Business Online | No | No. (ensure you do not federate with customers in Office 365 or integrate with PIC as describe in the first scenario) |
Skype for Business Server or Lync Server on-premises | Skype for Business Online | No. (ensure you do not federate with customers in Office 365 or integrate with PIC as describe in the first scenario) | N/A |
If you fall under one of the first 4 scenarios outlined above, you are required to update your on-premises server environment to one of the following versions:
- Skype for Business Server 2015 CU6 HF2 6.0.9319.516 (March 2018 update) and higher on Windows Server 2012 (with KB 3140245 or superseding update), 2012 R2 or 2016
- In-place Upgraded Skype for Business Server 2015, with CU6 HF2 and higher on Windows Server 2008 R2, 2012 (with KB 3140245 or superseding update), or 2012 R2
- Lync Server 2013 CU10 or higher. https://support.microsoft.com/en-us/help/2809243/updates-for-lync-server-2013. Any supported OS for Lync Server 2013 – 2008 R2 – 2012 R2; https://technet.microsoft.com/en-us/library/gg398588(v=ocs.15).aspx
As mentioned earlier, Lync 2010 was never part of Microsoft’s scope to support TLS 1.2 thus if you have a Lync 2010 environment it is recommended you upgrade to Skype for Business Server 2015 HF2 6.0.9319.516 or higher.Gemini: the duplicate finder 1.5.4. Hybrid or integration scenarios with Office Communications Server 2007 R2 or earlier are not supported.
- For post CU6 HF2 steps required for SFB Server 2015 – please refer to https://blogs.technet.microsoft.com/nexthop/2018/04/18/disabling-tls-1-01-1-in-skype-for-business-se…
Post CU10 steps required for Lync Server 2013 are exactly the same as SFB Server 2015.
3rd Party Integration with Skype for Business Online
For those of you not already aware, Microsoft has a plethora of supported SDK’s and API’s that you can find here. With that said, you must also consider that some of these SDK’s and API’s might not be able to support TLS 1.2. Microsoft recommends that you consult your 3rd party vendor to ensure that the SDK or API integrates fully with TLS 1.2. However, if you have developed your own application in-house, Microsoft highly recommends that you follow the guidance in their TLS white paper. This white paper will provide you guidance to ensure your in-house application is capable to provide TLS 1.2 support through validation and testing methods.
Final Considerations
Lastly, it is highly likely that your environment is comprised of various types of security and networking devices. This may include (but is not limited to):
Outlook 2016 2010
- Proxy/Reverse Proxy servers
- Load balancers
- 3PIP phones
- Video Conferencing devices
- SBC
- SBA/SBS
Outlook 2015 1.0 Download
For a more in-depth overview on this topic including how to update your existing topology as well as advanced deployment scenarios, I’d highly recommend checking out the NextHop Blog series.