How to fix Azure recomendation "Windows servers should be configured to use secure communication protocols"

Hope you are doing good! Thank you for reaching out. Please find the answer below.

1.Manual Registry Method update: You’ll need to modify the Windows Registry to:

• Disable insecure protocols: SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1
• Enable secure protocols: TLS 1.2 (and optionally TLS 1.3 if supported)

These changes are made under the Schannel settings in the Windows Registry. You can do this by following these steps:

• Open the Registry Editor (regedit).
• Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\.
• Check for keys related to your current protocols. You may need to create keys for TLS 1.2 if they don’t exist.
• Here’s a reference for the necessary changes you would typically make:
  • In the Protocols branch, create keys for TLS 1.2, and within that, create keys named Client and Server. Set the DWORD values for Enabled to 1 and DisabledByDefault to 0.

2. Reboot the server: After making these changes, restart your Windows server to apply the new settings.

3. Verify Settings: You can verify that the changes took effect by using tools like SSL Labs or performing a manual check with PowerShell commands to see which protocols are currently active.

SSL Labs: To check which protocols are supported.

PowerShell commands: To see currently active protocols.

4.Policy Compliance: After implementing these changes, re-evaluate your Azure policy compliance to see if it reflects positively on your security posture.

If issue still persist after following all the steps, we’ll be happy to assist further if needed." Kindly mark the answer as accepted if the issue resolved".