Compliance organizations (like PCI) are mandating that customers use TLS 1.2 for all encrypted communications and disable all other protocols in their environments. SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Microsoft has added official support for TLS1.2 security protocols in System Center 2016. This protocol is now supported in the following products
- System Center Operations Manager (SCOM)
- System Center Virtual Machine Manager (SCVMM)
- System Center Data Protection Manager (SCDPM)
- System Center Orchestrator (SCO)
- Service Management Automation (SMA)
- Service Provider Foundation (SPF)
- System Center Service Manager (SM)
The 3-step process of enabling TLS1.2 involves:
- Installing the updates for Windows Server Security, .NET 4.6, SQL Server & System Center 2016 UR4. For System Center Virtual Machine Manage (SCVMM), Service Management Automation (SMA) and Service Provider Foundation (SPF), make sure that you upgrade to Update Rollup 3for System Center 2016. For SMA also update the SMA 2016 MP from here.
- Changing the configuration settings to enable TLS1.2 in the Windows Environment and System Center across all components.
- Making additional System Center component specific settings.
You can find more details in the System Center 2016 TLS1.2 Configuration article.