Enforcing TLS 1.2 for OEM Applications from July 17th 2020

Created Date: 2020-05-22 | Last Modified: 2020-05-22

Applies to: All audiences

Summary

Microsoft will be enforcing the Transport Layer Security (TLS) 1.2 protocol for OEM applications on July 17^th/18^th as part of a Microsoft-wide initiative to strengthen security. IMPORTANT: This change may have potential impacts for your business—please read below for more details.

Impacted Audience

All users who access the OEM applications including Digital Operations Center (DOC), Software Order Center (SOC and eSOC), Orion, MDOS as well as Down-level MDOS Partners continuing to use MDOS FFKI 1.x servers.

Details

Microsoft will be enforcing the Transport Layer Security (TLS) 1.2 protocol for OEM applications on July 17th/18th as part of a Microsoft-wide 'TLS 1.2 everywhere' initiative to strengthen security and drive S360 compliance.

This change has several potential impacts and it is important that OEMs review the following information to determine if your organization or Down-level Partners will be impacted.

Scenario	Impact	Action/Mitigation
1. Accessing OEM portals (DOC, Orion, MDOS) using older versions of browsers including, but not limited to, IE 8, 9, and 10.	Users trying to access OEM applications may experience an error which limits their access returning a UX error.	Install or upgrade to newer version of browser as listed below in the ‘Not Impacted’ section or Manually enable TLS1.2 on your browser (steps are provided for IE 8,9, and 10. For other browsers, please follows recommended steps from the relevant providers.
2. All users of Software Order Center (SOC) and Embedded Software Order Center (eSOC) services within DOC	This change will prompt the download and installation of a new File Transfer Manager (FTM) client compliant with TLS1.2	Follow the onscreen prompts to download and install the new FTM client.
3. OEM Factories, TPIs or other Down Level Partners continuing to use the MDOS FFKI 1.x server solution	This change will break the connection between the MDOS FFKI 1.x server and the MDOS cloud client. This will impact the ability to assign product keys, return product keys, report CBRs or any other transaction between both systems.	Upgrade to the MDOS Smart Client (MSC) solution. Please review the MSC user manual in the link below for more information on how to do this.

Scenario

Impact

Action/Mitigation

1. Accessing OEM portals (DOC, Orion, MDOS) using older versions of browsers including, but not limited to, IE 8, 9, and 10.

Users trying to access OEM applications may experience an error which limits their access returning a UX error.

Install or upgrade to newer version of browser as listed below in the ‘Not Impacted’ section

Manually enable TLS1.2 on your browser (steps are provided for IE 8,9, and 10. For other browsers, please follows recommended steps from the relevant providers.

2. All users of Software Order Center (SOC) and Embedded Software Order Center (eSOC) services within DOC

This change will prompt the download and installation of a new File Transfer Manager (FTM) client compliant with TLS1.2

Follow the onscreen prompts to download and install the new FTM client.

3. OEM Factories, TPIs or other Down Level Partners continuing to use the MDOS FFKI 1.x server solution

This change will break the connection between the MDOS FFKI 1.x server and the MDOS cloud client. This will impact the ability to assign product keys, return product keys, report CBRs or any other transaction between both systems.

Upgrade to the MDOS Smart Client (MSC) solution.

Please review the MSC user manual in the link below for more information on how to do this.

Impact
1. Accessing OEM portals (DOC, Orion, MDOS) using older versions of browsers including, but not limited to, IE 8, 9, and 10.	Users trying to access OEM applications may experience an error which limits their access returning a UX error.
2. All users of Software Order Center (SOC) and Embedded Software Order Center (eSOC) services within DOC	This change will prompt the download and installation of a new File Transfer Manager (FTM) client compliant with TLS1.2
3. OEM Factories, TPIs or other Down Level Partners continuing to use the MDOS FFKI 1.x server solution	This change will break the connection between the MDOS FFKI 1.x server and the MDOS cloud client. This will impact the ability to assign product keys, return product keys, report CBRs or any other transaction between both systems.
Action/Mitigation
1. Accessing OEM portals (DOC, Orion, MDOS) using older versions of browsers including, but not limited to, IE 8, 9, and 10.	Install or upgrade to newer version of browser as listed below in the ‘Not Impacted’ section or Manually enable TLS1.2 on your browser (steps are provided for IE 8,9, and 10. For other browsers, please follows recommended steps from the relevant providers.
2. All users of Software Order Center (SOC) and Embedded Software Order Center (eSOC) services within DOC	Follow the onscreen prompts to download and install the new FTM client.
3. OEM Factories, TPIs or other Down Level Partners continuing to use the MDOS FFKI 1.x server solution	Upgrade to the MDOS Smart Client (MSC) solution. Please review the MSC user manual in the link below for more information on how to do this.

Not Impacted

No impact to OA3 B2B services
No impact to user’s accessing systems using the following browsers (where TLS1.2 is enabled by default):
- Chrome 38 and above [Latest version of Chrome is 80]
- Firefox 27 and above [Latest version of Firefox is 74]
- Microsoft Edge
- Microsoft Internet Explorer 11
No impact to OEM Factories using the MDOS Smart Client (MSC) solution.

Resources

Next Steps

Please share this communication with all DOC, SOC/eSOC, and MDOS users within your organization.
Please also share this communication with your down level MDOS Partners where applicable.
Please follow the mitigation steps/actions as listed above.

Questions?

If you need support or have any questions, please contact msoemops@microsoft.com.