detected critical or warning alerts on your Microsoft Entra Domain Services managed domain, caux.ch

Hello @Peter Osazuwa
I understand that you received an email regarding critical or warning alerts on your Microsoft Entra Domain Services (MEDS) managed domain, [caux.ch], on May 7, 2025, at 10:24 UTC.

The health of your managed domain is continuously monitored by the Azure platform, and any critical issues are reported via email notifications. These alerts indicate urgent concerns that may impact the service and require immediate attention.

Please follow below steps to check & resolve Alerts:

1.Check the Health Status

Navigate to the Microsoft Entra admin center → Domain Services → Select your managed domain, such as abc.com → Health page to view active alerts. Review any warnings or critical issues that may require action.

2.Resolve Configuration Issues

If the alerts indicate a configuration problem, apply the suggested fixes. Wait up to six hours after making changes and check if the alert is cleared.

If no alerts appear in the Domain Services Health page, the issue may have been automatically resolved by Azure or addressed by another administrator who also received the notification.

For your reference: https://learn.microsoft.com/en-us/entra/identity/domain-services/notifications

Regarding the "The managed domain has detected usage of a deprecated TLS version, which is scheduled for retirement. To identify where the old TLS version is being used, you can follow the instructions below.Primarily check which protocal call is being used for that follow the below steps:

Press Windows+R to open the Run box.

Type inetcpl.cpl and then select OK. Then, the Internet Properties window is opened. In the Internet Properties window, select the Advanced tab and scroll down to check the settings related to TLS.

To help you identify any clients or apps that still use legacy TLS in your environment, view the Microsoft Entra sign-in logs. For clients or apps that sign in over legacy TLS, Microsoft Entra ID marks the Legacy TLS field in Additional Details with True. The Legacy TLS field only appears if the sign-in occurred over legacy TLS. If you don't see any legacy TLS in your logs, you're ready to switch to TLS 1.2.

To find the sign-in attempts that used legacy TLS protocols, an administrator can review the logs by:

Exporting and querying the logs in Azure Monitor. Downloading the last seven days of logs in JavaScript Object Notation (JSON) format. Filtering and exporting sign-in logs using PowerShell.

You can follow this document: Telemetry in the sign-in logs

After you obtain the logs, you can get more details about legacy TLS-based sign-in log entries in the Microsoft Entra admin center.

Microsoft Entra Domain Services supports TLS versions 1.0 and 1.1, but they're disabled by default. Domain Services will use the following retirement path for TLS versions 1.0 and 1.1:

Domain Services will remove the ability to disable the TLS 1.2 only mode. Customers who disable TLS 1.2 only mode can enable it. After Domain Services removes the ability to disable the TLS 1.2 only mode, customers can't enable or disable TLS 1.2 only mode. The Domain Services team will work with customers who need TLS versions 1.0 and 1.1.

You can follow the document to migrate TLS 1.2 only mode in Domain Services: Domain Services TLS Enforcement

For Detailed information follow the documents: Enable support for TLS 1.2 in your environment for Microsoft Entra TLS 1.1 and 1.0 deprecation, Transport Layer Security (TLS) 1.2 enforcement for Microsoft Entra Domain Services

By following these steps, you can track down where the old TLS version is being used in your environment and take the necessary actions to update to a secure TLS version. If you need further assistance or have any specific questions, feel free to ask.