You have multiple accounts
Choose the account you want to sign in with.

We have deprecated the use of legacy TLS for all Exchange Online endpoints. If TLS 1.2 is not enabled on your servers that are running Exchange Online, and you are still using a hybrid Exchange Server environment, you will experience the following issues:

  • Inability to access free/busy information of Exchange Online mailboxes

  • Inability to access cloud archives by users whose primary mailbox is on-premises

TLS deprecation will also affect users when they create a federation trust manually or by using the Hybrid Configuration Wizard (HCW) if TLS 1.2 is not configured. 

  1. When you create a federation trust manually, you may experience the following issue when you run the Set-FederatedOrganizationIdentifier cmdlet:  


    -DelegationFederationTrust 'Microsoft Federation Gateway'  

    -AccountNamespace <account namespace>  

    -Enabled $True  



    An error occurred while attempting to provision Exchange to the Partner STS.  

    Detailed Information:

    "An error occurred accessing Windows Live".
    "The underlying connection was closed: An unexpected error occurred on a send."." 

  2. If you are using the HCW to configure a hybrid environment between Microsoft Exchange Server 2010 and Exchange Online, and the wizard is stuck at the domain verification stage, this situation might be caused by the same issue. You can verify this by looking at the HCW logs. 


To resolve this issue, make sure that your on-premises environment supports TLS 1.2. We have deprecated TLS protocols 1.0 and 1.1 for Microsoft Office 365. The following articles include steps about how to implement TLS 1.2:

After you enable TLS 1.2, enable the federation trust manually or by using HCW. If the issue persists, run the following commands in the Exchange Management Shell before you use Set-FederatedOrganizationIdentifier:

  • Add-PSSnap in Microsoft.Exchange.Management.PowerShell.E2010

  • [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 
  • Set-FederatedOrganizationIdentifier  

    -DelegationFederationTrust 'Microsoft Federation Gateway'  

    -AccountNamespace <account namespace>  

    -Enabled $True  


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!