When we installed Istio, we used a permissive mutual TLS approach, which allows both plaintext and mutual TLS traffic. In the previous exercise, we ran httpbin.istio.io as plaintext, simple TLS, and mutual TLS. The permissive mutual TLS install was done using a demo profile.

In Chapter 9, Installing Istio, we used istio-demo.yaml to install permissive mutual TLS. Strict mutual TLS can be installed through istio-demo-auth.yaml if the intent is to enforce strict mutual TLS for microservice-to-microservice communication. However, it is possible to change the existing Istio install to apply a strict mutual TLS profile. 

The destination rules define the traffic policies, and the default is not to use mutual TLS. Since we've already defined the destination rules, we will need to redefine them before we can enable mutual TLS globally.