This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 82%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYM%3C/text%3E%3C/svg%3E)
Management requires that RDP be used company-wide with TLS 1.2 or if encrypted with TLS 1.3 supported by the client. It's Windows 10 and some Windows 11 clients in use. There is a domain with multiple Windows Server 2016 and Windows Server 2022 VMs.
How can I implement the default with group policies? And how can I Check encryption strength? Does somebody has any idea?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 97%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Looks like it is a bit hard to visibly confirm at present. You can configure in group policy or on the collection as below and it will use TLS 1.2 it just looks like it will use 1.0. You could use IISCRYPTO to lock the servers to TLS 1.2 or better which would give you peace of mind. https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/incorrect-tls-use-rdp-with-ssl-encryption
Thank you, this seems to be a good Tip.
