- Enabling TLS and SSL on Windows machines requires you to set registry keys. https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi
2. If you want to enable more than one (In case you are scared not using TLS 1.1 or 1.0 will break your websites), you need to add up the values in Calculator in Programmer mode and choosing HEX (800+200+20) = A20
3. Now you fill in that in the registry setting by creating the DefaultSecureProtocols DWORD : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\
No you can go ahead and deploy these setting via System Center configuration Manager or any other technology you normally use like Powershell scripts, logon scripts and more.
If you have anything to add or would like to correct me in any of the steps please reach out and I will be happy to discuss.