Microsoft ended support for TLS 1.0 and 1.1 in Azure Storage today, February 3, 2026, requiring TLS 1.2 or newer for all encrypted connections. The deadline applies globally to all storage accounts, with no extensions available via support tickets.
The change affects reads, writes, and authentication for any client using deprecated protocols. This includes Azure Files, Queue Storage, and Table Storage hosted on affected accounts. New storage accounts created since November 1, 2025 already enforced TLS 1.2 minimum.
The legacy problem
TLS 1.0 dates to 1999, TLS 1.1 to 2006. Both were formally deprecated in 2021, years after TLS 1.2's 2008 publication. Microsoft delayed this enforcement twice: from November 2024 to November 2025, then to today. The company has signaled no further extensions.
The protocols are disabled by default in Windows Server 2019 and later, but older versions including Windows 7, Windows XP, Vista, and Server 2003 either require manual configuration or lack TLS 1.2 support entirely. Legacy SQL Server versions and hardcoded application dependencies create similar exposure.
US NIST guidelines required government TLS servers to support 1.2 as of 2019, making continued use of older versions a compliance issue.
What to check
Administrators should audit Application Gateway TLS settings, App Service configurations, API Management endpoints, and Azure Functions for protocol dependencies. SQL Server connections require verification: Server 2012 and earlier need updates for TLS 1.2 support, while connection strings in .NET Core applications may need explicit TLS version enforcement.
The pattern is broader than Azure. Octopus Deploy disabled TLS 1.0/1.1 in cloud instances by January 2026. Wasabi deprecated support in October 2025. Atera follows on February 23, 2026.
For organizations discovering hardcoded TLS dependencies in production today: there's no rollback option. The protocols Microsoft supported for backward compatibility are gone. History suggests the deadline stick this time.