Windows Server vNext - TLS improvements, make TLS 1.2 the minimum standard for different areas.
Hi Server Team, it is great to see that Server vNext has enabled only TLS 1.2 and TLS 1.3 left experimental state in Internet Options (Windows System / IE) However the remark from AriaUpdated Changes to improve security for Windows devices scanning WSUS - Microsoft Tech Community does not yet match completely / consistently in Server vNext (not even speaking about productive release as 1607 and later) I would like to plea for following changes: 1. Server vNext should enable TLS 1.2 for PowerShell 5.1. Currently it is not enabled by default an so blocking access to repositories as github, PSget, nuGet etc 2. Upgrading WSUS to Server 2022 should enable TLS for WSUS by default (I know there are no GUI or wizard changes) 3. Server vNext should enable TLS 1.2 for SQL and .net by default 4. Server vNext should use TLS 1.2 for SChannel. Every supported OS (including domain controllers) support this. You should consider to disable TLS 1.0 / 1.1 for each of these Mary Hoffman Currently I am deploying actively these changes in mixed custmer enviroments using script / GPOs ranging from Server 2008-2019, SQL 2012-2019, Exchange 2013-2019, and do not face issues that cannot mitigated. However I would expect the standards to be higher with Server 2022 in compliance with what Aria stated. Thanks for your feedback
