

New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v9' -Force | Out-Null If (-Not (Test-Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v9')) New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v9' -Name 'SchUseStrongCrypto' -Value '1' -PropertyType 'DWord' -Force | Out-Null New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v9' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'DWord' -Force | Out-Null New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v9' -Force | Out-Null If (-Not (Test-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v9')) You can use the following PowerShell script to enforce TLS 1.2 on your Azure AD Connect server. $regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'Įxample Output showing proper TLS1.2 configuration: $regSettings += Get-ADSyncToolsTls12RegValue $regKey 'DisabledByDefault' $regSettings += Get-ADSyncToolsTls12RegValue $regKey 'Enabled' $regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' $regKey = 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v9' $regSettings += Get-ADSyncToolsTls12RegValue $regKey 'SchUseStrongCrypto' $regSettings += Get-ADSyncToolsTls12RegValue $regKey 'SystemDefaultTlsVersions' $regSettings = 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v9'

$regItem = Get-ItemProperty -Path $RegPath -Name $RegName -ErrorAction Ignore You can use the following PowerShell script to check the current TLS 1.2 settings on your Azure AD Connect server. "SystemDefaultTlsVersions"=dword:00000001.

After you have updated the registry, you must restart the Windows server for the changes to take affect.
