Disable TLS 1.0 and 1.1 on WIndows 2012 R2 ADFS and WAP

We have ADFS and WAP environment for publishing internal Urls on which we want to disable TLS 1.0 and TLS 1.1 as the browsers will stop accepting TLS1.0 from next year July. As per my understanding and reading the articles/blogs from microsoft/other sites, we need to add registry entries to disable tls 1.0 and 1.1.

Are there any steps which I am missing or is there something else that needs to be checked before disabling TLS.

Note: I have a very limited knowledge of Windows and am not a Windows Admin. Any help would be appreciated.

Environment details: OS --> Windows Server 2012 R2 ADFS Version --> 3.0 (version 6.3 since its an OS component) WAP version --> WAP is a role service of the Remote Access server role in Windows Server 2012 R2 .NET Framework Version --> 3.5 and 4.5 are installed

Let me know if any additional details are required.

Thanks. John

Links related to TLS which I have consulted: Solving the TLS problem ==> https://www.microsoft.com/en-us/download/details.aspx?id=55266 Managing SSL/TLS Protocols and Cipher Suites for AD FS ==> https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll ==> https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc TLS/SSL Settings ==> https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#BKMK_SchannelTR_TLS10


This is at a lower layer than ADFS so nothing to do ADFS wise.

Just FYI: I find https://www.ssllabs.com/ssltest/ useful which shows the current settings.

Also download "IIS Crypto" and have a look at that.