Is it possible to force TLS 1.2 on an IIS Site

Option 1: For IIS on Windows Server 2019 (with the latest updates), Microsoft added the ability to disable this on a per site certificate binding basis: https://docs.microsoft.com/en-us/security/disable-legacy-tls. In the "Site Bindings" for your site within IIS, select the "Disable Legacy TLS" option.

Option 2: You can also use IIS Crypto (free), which is a handy tool for setting system-wide SCHANNEL settings with best practices. It will work on most versions of Windows Server. This will affect IIS and all other client/server services running on the machine, but you can set separate TLS version support settings for client vs server.

There isn't a way to change only a single site on a server to support only TLS 1.2. IIS is managed using SCHANNEL, as documented here. 2012r2 and below does not support per site configuration.

If you absolutely have to do something like this the easiest method is a SSL proxy that allows the lower levels inbound and can create TLS 1.2 connections outbound.. This relay can be used for your lower level sites and your secure site can be accessed directly.