This script checks whether insecure protocols are still enabled: SSLV2.0 / SSLV3.0 / TLS 1.0 / TLS 1.1 / RC4.
Known insecure cipher protocols should be disabled but keep in mind that some applications other than web browsers may still rely on older ciphers such as TLS 1.0.
Guide to disable insecure cipher protocols: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs
More information and recommendations on insecure cipher protocols: https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening
We created a PowerShell Script to automatically disable all insecure ciphers. It can be found at our github repository here https://github.com/eventsentry/scripts/blob/main/disable_insecure_ciphers.ps1