Merge pull request #7569 from mestew/tls-edit-2630

Angela Fleischmann · web-flow · commit 0d0b71882b23 · 2022-08-25T14:23:28.000-06:00
tls 1.2 edits
diff --git a/memdocs/configmgr/core/plan-design/security/includes/enable-tls-1-2-protocol-security-provider.md b/memdocs/configmgr/core/plan-design/security/includes/enable-tls-1-2-protocol-security-provider.md
@@ -3,12 +3,10 @@ author: mestew
 ms.author: mstewart
 ms.prod: configuration-manager
 ms.topic: include
-ms.date: 05/04/2021
+ms.date: 08/25/2022
 ms.localizationpriority: medium
 ---
 
 <!--## Enable Transport layer security (TLS) 1.2 protocol as a security provider Note: the heading in in the 2 articles (enable-tls-1-2-client & enable-tls-1-2-server) to better facilitate linking. -->
 
-TLS 1.2 is enabled by default. Therefore, no change to these keys is needed to enable it. You can make changes under `Protocols` to disable TLS 1.0 and TLS 1.1 after you've followed the rest of the guidance in these articles and you've verified that the environment works when only TLS 1.2 enabled.
-
-Verify the `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols` registry subkey setting, as shown in [Transport layer security (TLS) best practices with the .NET Framework](/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry).
+For the most part, protocol usage is controlled at three levels, the operating system level, the framework or platform level, and the application level. TLS 1.2 is enabled by default at the operating system level. Once you ensure that the .NET registry values are set to enable TLS 1.2 and verify the environment is properly utilizing TLS 1.2 on the network, you may want to edit the `SChannel\Protocols` registry key to disable the older, less secure protocols. For more information on disabling TLS 1.0 and 1.1, see [Configuring Schannel protocols in the Windows Registry](/dotnet/framework/network-programming/tls#configuring-schannel-protocols-in-the-windows-registry).
