Unable to disable TLSv1.0 and TLSv1.1

Unable to disable TLSv1.0 and TLSv1.1

Is it possible to disable TLSv1.0 and TLSv1.1 - these have been flagged to me by a security audit as being non-compliant.

I have been able to edit the httpd-ssl.conf to fix this issue temporarily but updates overwrite this and sometimes cause the DC service to not load correctly on the server.

I've seen on another ticket that you have the option to switch off these protocols if you don't have 7/2008 clients (we have 2012R2/10) but cannot find the option.

Any help would be highly appreciated!