CMG "Enforce TLS 1.2" - restart required or not?

Copper Contributor



Because it is my first post on that forum - at first I just want to say "Hello Everyone" :)

And now my question:

We have configured CMG in our SCCM Console and we want to Enforce TLS 1.2 - it is only a matter of checking the necessary box under CMG configuration pane or we need to restart CMG service to make new TLS settings applied?

Thank you and best regards

3 Replies
Hi Damian and Welcome in the community,

TLS 1.2 enforcement is only applied on the Azure cloud service VM. It doesn't apply to any on-premises Configuration Manager site servers or clients.

If you use Az Cloud VM, I would restart the service. Make sure that all the clients support TLS 1.2, Otherwise, the clients can't communicate with the servers and can be orphaned.

Hope this helps!



We have only Windows 10 1909 devices where is not TLS 1.2 disabled so it should work.


I have one more question - we are planning to upgrade Windows 1909 to 21H2. Currently we have SCCM in version 2006. I checked and it seems that we need at least 2107 version to support Windows 10 "as a client" - what it means exactly? I am asking because for testing purposes I was able to install 21H2 Feature Update without any issues also it seems that SCCM Client works properly. So what issues we can have if we will stay on version 2006 of SCCM and when we run installation of Windows 10 21H2?




Hi Damian,

As far as I know it had some new features for Server 2022 and Windows 11 ADK, so I expect it to works fine with pushing Windows feature updates using 2006.

I definitely advice upgrading to the latest version in near future as it integrates better with Intune using the new Microsoft Endpoint Manager Admin Center.

Hope this helps!