Forum Discussion
CMG "Enforce TLS 1.2" - restart required or not?
Hi! Because it is my first post on that forum - at first I just want to say "Hello Everyone" ๐ And now my question: We have configured CMG in our SCCM Console and we want to Enforce TLS 1.2 - ...
Hi Damian and Welcome in the community,
TLS 1.2 enforcement is only applied on the Azure cloud service VM. It doesn't apply to any on-premises Configuration Manager site servers or clients.
If you use Az Cloud VM, I would restart the service. Make sure that all the clients support TLS 1.2, Otherwise, the clients can't communicate with the servers and can be orphaned.
Hope this helps!
Moe
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2
TLS 1.2 enforcement is only applied on the Azure cloud service VM. It doesn't apply to any on-premises Configuration Manager site servers or clients.
If you use Az Cloud VM, I would restart the service. Make sure that all the clients support TLS 1.2, Otherwise, the clients can't communicate with the servers and can be orphaned.
Hope this helps!
Moe
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2
Thanks!
We have only Windows 10 1909 devices where is not TLS 1.2 disabled so it should work.
I have one more question - we are planning to upgrade Windows 1909 to 21H2. Currently we have SCCM in version 2006. I checked and it seems that we need at least 2107 version to support Windows 10 "as a client" - what it means exactly? I am asking because for testing purposes I was able to install 21H2 Feature Update without any issues also it seems that SCCM Client works properly. So what issues we can have if we will stay on version 2006 of SCCM and when we run installation of Windows 10 21H2?
Regards
Damian