cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CMG "Enforce TLS 1.2" - restart required or not?

DamianL1984
Copper Contributor

‎Jan 18 2022 01:36 AM

‎Jan 18 2022 01:36 AM

CMG "Enforce TLS 1.2" - restart required or not?

Hi!

 

Because it is my first post on that forum - at first I just want to say "Hello Everyone" :)

And now my question:

We have configured CMG in our SCCM Console and we want to Enforce TLS 1.2 - it is only a matter of checking the necessary box under CMG configuration pane or we need to restart CMG service to make new TLS settings applied?

Thank you and best regards
Damian

Labels:
2,404 Views
0 Likes
3 Replies
Reply
3 Replies
Moe_Kinani

‎Jan 18 2022 06:29 PM

‎Jan 18 2022 06:29 PM

Re: CMG "Enforce TLS 1.2" - restart required or not?

Hi Damian and Welcome in the community,

TLS 1.2 enforcement is only applied on the Azure cloud service VM. It doesn't apply to any on-premises Configuration Manager site servers or clients.

If you use Az Cloud VM, I would restart the service. Make sure that all the clients support TLS 1.2, Otherwise, the clients can't communicate with the servers and can be orphaned.

Hope this helps!
Moe

https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2
1 Like
Reply
DamianL1984

‎Jan 25 2022 12:16 AM

‎Jan 25 2022 12:16 AM

Re: CMG "Enforce TLS 1.2" - restart required or not?

Thanks!

 

We have only Windows 10 1909 devices where is not TLS 1.2 disabled so it should work.

 

I have one more question - we are planning to upgrade Windows 1909 to 21H2. Currently we have SCCM in version 2006. I checked and it seems that we need at least 2107 version to support Windows 10 "as a client" - what it means exactly? I am asking because for testing purposes I was able to install 21H2 Feature Update without any issues also it seems that SCCM Client works properly. So what issues we can have if we will stay on version 2006 of SCCM and when we run installation of Windows 10 21H2?

 

Regards

Damian

0 Likes
Reply
Moe_Kinani

‎Jan 25 2022 07:31 PM

‎Jan 25 2022 07:31 PM

Re: CMG "Enforce TLS 1.2" - restart required or not?

Hi Damian,

As far as I know it had some new features for Server 2022 and Windows 11 ADK, so I expect it to works fine with pushing Windows feature updates using 2006.

I definitely advice upgrading to the latest version in near future as it integrates better with Intune using the new Microsoft Endpoint Manager Admin Center.

Hope this helps!
Moe
0 Likes
Reply