TLS 1.1 is set as a recommended value in the latest security baseline

This particular setting in the Windows 11 24H2 baseline often causes confusion because it doesn’t enable TLS 1.1 — it only controls what appears in the Internet Options UI for legacy components.

Even though the baseline says “Use TLS 1.1 and TLS 1.2”, modern Windows versions already disable TLS 1.0/1.1 by default at the OS level for Schannel-based apps.
The Group Policy item simply aligns IE/legacy UI settings so that older applications relying on those dialogs don’t break during audits or compliance scans.

Microsoft’s recommended protocol set remains TLS 1.2 and TLS 1.3 for all modern workloads.
TLS 1.1 is not being re-enabled — the baseline entry is a compatibility UI requirement, not a security rollback.