Microsoftjess_krynitsky, thank you for the information!
I want to get some clarification on "Applications that start failing when TLS 1.0 and TLS 1.1 are disabled can be identified by Event 36871 in the Windows Event Log."
I originally interpreted that as meaning that 36871 is logged when a remote machine attempts to connect to the server using TLS 1.0 or 1.1. Does it mean, instead, that when an application starts up on the server and it attempts to create a TLS 1.0 or 1.1 credential then 36871 is logged?
I was hoping to use 36871 to identify failed inbound connections after I disable TLS 1.1. That why I can more quickly re-enable TLS 1.1 and then address those systems attempting to connect using TLS 1.1 to ensure they start using a stronger protocol.
