I will start a new thread for this.
What I have learned so far-
If you go through the process of disabling TLS 1.0 and enabling TLS 1.2 using the script from Alexander Hass found here-
https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12
You can get an A+ rating from SSL labs on your WSE public facing server.
The following has also happened;
Running the Anywhere Access wizard will fail. You have to re-enable TLS 1.0, reboot, then run the wizard to success, then disable TLS 1.0 by running the script again, reboot.
Connecting a computer using the server/connect wizard will fail if you don't run the perfectforwardsecrecy script on the client first. Run the script first, reboot, and it works.
As far as I can tell, if the client computers (W10) were already joined to the domain with the connect wizard before running the script on the WSE server they don' t then need the script run on them. Remote access and VPN continue to work as before the server had the script run. If I had know this I would not have put my users through the trouble of running the script remotely since it was pointless, oh well. Several users missed my 'webinar' where we ran the script and they are still connecting just fine. I can't speak for client backups since I don't use that feature, that may require the script on the clients.
Mac clients have not had a problem connecting to remote desktop, but I haven't used the connect wizard on one yet so can't say for sure.
Mike Craven has a tool for this as well-
https://www.theofficemaven.com/news/enabling-tls-1-2-on-windows-server-essentials
Though I have not had the same experience connecting computers he mentions, if the script is run on the client first, the server is recognized ok by me.
So far everything else appears to be stable and working.
Mariëttes point is taken about this being kinda minor in the grand scheme of minimal numbers of users, but we are still being asked to pass penetration tests and they definitely flag TLS 1.0. I believe it also helps with O365 integration, but I haven't been doing that yet.