I have monthly, manual process to roll my AzureADSSOAcc Kerberos decryption key. This month it is failing when I authenticate to the 365 tenant using the New-AzureADSSOAuthenticationContext cmdlet. The login and MFA work, but then an error is thrown up. The error is "AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated...."
I am running this on a Windows Srv 2016 server
The error message points me to https://go.microsoft.com/fwlink/?linkid=2161187, and following the recommendations on there I have ensured that the latest AAD Connect (2.1.16) is installed, so the AzureADSSO.psd1 module is up to date.
I have added a TLS1.2 key (with Client and Server subkeys) under HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols, even though the article suggested this isn't really necessary on Srv 2016, but no joy.
I then explicitly disabled TLS1.0 and TLS1.1 client in the registry but then the New-AzureADSSOAuthenticationContext cmdlet fails to run at all (it reports HttpRequestException).
After a bit more testing I have found New-AzureADSSOAuthenticationContext always throws up the HttpRequestException error unless TLS1.0 is enabled. How can I get it to use TLS1.2?
Thanks