From fcb7242f8d78fbd5ed84a4663cd24c8eb76ae6c5 Mon Sep 17 00:00:00 2001
From: Kevin Sheehan <116211220+kbsheehan@users.noreply.github.com>
Date: Wed, 26 Oct 2022 17:33:36 -0400
Subject: [PATCH] Update provisioning-install-icd.md

Added note on TLS 1.2 for pre 2004 systems.
---
 .../provisioning-packages/provisioning-install-icd.md           | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index 6440a0c7d2..cd0ed3d3dd 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -51,6 +51,8 @@ On devices running Windows client, you can install [the Windows Configuration De
 
 ## Current Windows Configuration Designer limitations
 
+- When running Windows Configuration Designer on Windows releases earlier than Windows 10, version 2004 you might need to enable TLS 1.2, especially if using Bulk Enrollment Tokens.  You maay see the error message in the `icd.log` file: `Error: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD` For more information, see [Enable TLS 1.2 on client or server operating systems](https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/enable-support-tls-environment?tabs=azure-monitor#enable-tls-12-on-client-or-server-operating-systems-)  
+ 
 - Windows Configuration Designer doesn't work properly if the **Policies > Administrative Templates > Windows Components > Internet Explorer > Security Zones: Use only machine settings** Group Policy setting is enabled. Instead of changing the security setting, we recommend you run Windows Configuration Designer on a different device.
 
 - You can only run one instance of Windows Configuration Designer on your computer at a time.