Nothing, as that is the default to have TLS 1.2 enabled.
But keep in mind that since you have a CAS and therefore over 150, 000 computers, you should be opening a support ticket with MS directly. As their might be a reason why TLS 1.2 was turned off.