Known issue: Deleting the SSL/TLS Cipher Suites setting

  • Thread starter Thread starter Intune_Support_Team
  • Start date Start date
I

Intune_Support_Team

We’ve recently identified an issue when removing either the SSL Cipher Suites setting from policies or remove targeting of a policy that contains the setting. When the setting is removed, the Windows platform doesn’t correctly process the ‘delete’ requested by the Intune service. In this scenario, the device honors a ‘blank value’ versus deleting the value.



large?v=v2&px=999.jpgA screenshot of the SSL Cipher Suites settings within a Microsoft Intune policy.



Workaround


With Intune’s July (2407) service-side release, we’ve modified the behavior of our Intune service to disable deletion of the SSL Cipher Suites setting. This means that if you remove the setting from the policy, or remove targeting of a policy with the setting, Intune will leave the value in place. If you need to revert the platform back to its default value, you’ll need to deploy an additional policy by doing the following:

  1. Navigate to the Microsoft Intune admin center.
  2. Create a new policy (or policies) which explicitly sets the Cipher Suite defaults for each version of Windows operating system (OS) by using assignment filters and specific grouping based on OS version. To learn more about the Windows OS defaults, review Cipher Suites in TLS/SSL (Schannel SSP).



We’ll update this post as new information becomes available. If you have questions or comments for the Intune team, reply to this post or reach out on X @IntuneSuppTeam.

Continue reading...
 
Back
Top