TLS 1.2 is the secure way of communication suggested by Microsoft with best-in class encryption. SSL and early TLS are not considered strong cryptography and cannot be used as a security control. Microsoft has added official support for TLS1.2 security protocols in System Center 2016. This protocol is now supported in the following products:
- System Center Operations Manager (SCOM)
- System Center Virtual Machine Manager (SCVMM)
- System Center Data Protection Manager (SCDPM)
- System Center Orchestrator (SCO)
- Service Management Automation (SMA)
- Service Provider Foundation (SPF)
- System Center Service Manager (SCSM)
The 3 step process of enabling TLS1.2 involves:
- Installing the updates for Windows Server Security, .NET 4.6, SQL Server & System Center 2016 UR4. Please note that for Service Management Automation(SMA) and Service Provider Foundation(SPF) you need to upgrade to their most recent UR as UR4 does not have any updates to these components. For Service Management Automation (SMA) upgrade to Update Rollup 1 and for Service Provider Foundation (SPF) to Update Rollup 2, For SMA also update the SMA 2016 MP from here. System Center Virtual Machine Manager(SCVMM) should be upgraded at least to Update Rollup 3.
- Changing the configuration settings to enable TLS1.2 in the Windows Environment and System Center across all components.
- Making additional System Center component specific settings.
You can find more details in the System Center 2016 TLS1.2 Configuration article.