Enable TLS 1.2 in Windows

By Marc

Just recently I got feedback about my PRTG script for monitoring Office 365 health suddenly stopped working. Having a closer look it turned out to be Microsoft restricting connections to Office 365 services to using only TLS 1.2. So what can you do to make TLS 1.2 work?

The easiest answer would be: Use a current Windows Version. Any currently supported Windows (Server) version – even Windows Server 2008 without R2 – should support modern TLS versions, most of them even out of the box. That is why I couldn’t reproduce the error mentioned above with my testing on Windows Server 2019.

So if you still have trouble getting TLS 1.2 to work, here are some registry keys that will aid you.

Key 1: To generally enable TLS 1.2 as client and server protocol, use the following registry keys:

Key 2: To enable TLS 1.2 (and 1.1) as security provider for applications using WinHttp, apply the following registry settings:

Key 3: For applications relying on the .NET Framework (like PowerShell), use these settings (see Microsoft TLS best practice for .NET):

Key 4: Finally you can enable TLS 1.1 and 1.2 in Internet Explorer:

Depending on your needs, you may need to enable more than just one of the registry keys above. For PowerShell Scripts, like my PRTG script to check Office 365 services, setting the .NET registry settings should suffice. On older Windows versions, you may additionally need the SCHANNEL settings.

Please provide your feedback, which key helped you out in which case on which OS version – this may help others find the right solution.