Disabling TLS 1.0/1.1 in RDS environment

How do I accomplish Microsoft’s o365 requirement of disabling TLS 1.0/1.1 and yet maintain RDS connectivity?

I’ve read it will require RDP client versions not supported by 21 of my older Thin Clients (still running ver 6.0.)

I also have at least one 2008 server.

Is it enough to disable it at the browser until I can replace all the thin clients - budget item that hasn’t been approved until 2020.

For the O365 drop of support for TLS 1.0/1.1 you need only make sure that all operating systems running office are fully patched up to support 1.2+ and you are running a currently supported version of MS Office which is also patched. This is not something that requires you to disable 1.0/1.0 support on the operating systems to be compliant with. Until you retire the thin clients that don’t support 1.2+ you’ll be stuck allowing negotiation to older standards. I would recommend keeping those clients on a different RDP server from the rest of your environment and not exposing that RDP server to the Internet.

Especially if you need to be PCI compliant.