Important Updates for the ArcGIS Platform and HTTPS Only Enforcement

Important Updates for the ArcGIS Platform and HTTPS Only Enforcement
Summary

Esri is planning to enforce “HTTPS Only” for ArcGIS Online and later HSTS. This important security update is likely to affect some ArcGIS software and custom solutions. Esri customers will need to act now to be ready for this change now coming December 8th, 2020.

This shift from the original date of September 15th, 2020 is to ensure that all our customers have a six month period for remediation and preparation before the change is enforced.

Also, due to the current Coronavirus pandemic, ArcGIS Online operation was raised to a heightened state and resources are being dedicated to critical issues related to the pandemic. All non-critical changes to the solution are on hold until further notice.

The ArcGIS Platform uses the HTTPS protocol as a key component of its security for web and service API connections. This includes connections between our software, such as ArcGIS Desktop and ArcGIS Enterprise, with ArcGIS Online.

NOTE

“HTTPS Only” has been a default configuration setting in ArcGIS Online since September 2018, so all new subscriptions since this time do not have the option to disable HTTPS. For ArcGIS Enterprise since version 10.4, while HTTPS ENABLED has been the default, HTTPS ONLY has been the default since version 10.7. With ArcGIS Enterprise, users have the option of turning this capability off if desired.

What is HTTPS?

What is HSTS?

How is the ArcGIS Platform affected?

Am I affected by the switch to HTTPS Only?

What needs to be done?

What tools are available for the customer?

What is the support scope for the tools provided?

Will there be any patches released for ArcGIS Enterprise, ArcGIS Server, or Portal for ArcGIS to help with updating items that are HTTP to HTTPS?

Additional Resources