For the O365 drop of support for TLS 1.0/1.1 you need only make sure that all operating systems running office are fully patched up to support 1.2+ and you are running a currently supported version of MS Office which is also patched. This is not something that requires you to disable 1.0/1.0 support on the operating systems to be compliant with. Until you retire the thin clients that don’t support 1.2+ you’ll be stuck allowing negotiation to older standards. I would recommend keeping those clients on a different RDP server from the rest of your environment and not exposing that RDP server to the Internet.