I blame the users
We run the on-prem Azure DevOps, and have experienced exactly the same thing with our installation in the past. I have enough knowledge to hazzard a guess as to what happened...
The back end is a bunch of TLS encrypted database connections, and connections to build agents running in Azure. I don't believe that Microsoft would have done the upgrade without testing the whole system. I could be wrong about that, but it doesn't seem likely.
The more likely issue is that incoming connections from customers are not capable of using TLS 1.2 with the weaker ciphers removed. They might have proxys / firewalls / AV scanners that are incomptible, or even worse; may be running really old OS versions that don't talk the more modern protocols. Yes, I'm looking at you, Windows 7.