MC339048 – Take action: Microsoft Root Certificate changes starting March 22

cloudscout.one Icon

check before: 2022-03-22

Product:

Microsoft 365 Apps

Platform:

World tenant, Online

Status:

Change type:

Admin impact

Links:

Details:

The Microsoft Root Certificate Program supports the distribution of root certificates, enabling customers to trust Windows products. The United States Federal PKI team formally requested the removal of the "G1" root certificate from the Microsoft Trusted Root Program. Administrators should implement the "G2" root certificate before the "G1" root certificate is removed by a future out-of-band (OOB) root certificate update.


When will this happen:


Applications and operations that depend on the "G1" root certificate will fail after they receive the certificate update, which is scheduled to be released on the third Tuesday of one of the months between March 22, 2022 and August 23, 2022. Administrators should migrate from the existing "G1" root certificate to the replacement "G2" root certificate prior to this date.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2022-03-05

updated:
2022-08-27

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2022-09-15MC prepareAdministrators should implement the "G2" root certificate before the "G1" root certificate is removed by the root certificate update. There are multiple ways to deploy the root store to enterprise devices.


Carefully review the documentation in the Additional information section of this entry, which provides details on the changes taking place and detailed migration instructions.


Additional information:


Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root | Microsoft Docs: Main article discussing the removal in detail, potential issues, steps to avoid issues, and troubleshoot and analysis guidance
Migrate to the Federal Common Policy CA G2 | FICAM Playbooks: Instructions to manually download and migrate to the "G2" root certificate
Obtain and verify a copy of the Federal Common Policy CA G2 certificate | FICAM Playbooks: Details on downloading and installing the "G2" root certificate on Windows workgroup, member, and domain controller computers
Distribute the certificate to operating systems | FICAM Playbooks: Guidance to deploy the root store to enterprise devices (see the "Microsoft Solutions" section)
Program Requirements - Microsoft Trusted Root Program | Microsoft Docs: Introduction to the Trusted Root Program, as well as general and technical requirements
ps://docs.microsoft.com/security/trusted-root/program-requirem
ps://docs.microsoft.com/troubleshoot/windows-server/windows-security/microsoft-trusted-root-store-removal-of-us-federal-common-policy
ps://playbooks.idmanagement.gov/fpki/common/distribute-os/
ps://playbooks.idmanagement.gov/fpki/common/migrate/
ps://playbooks.idmanagement.gov/fpki/common/obtain-and-verify
ps://www.idmanagement.gov/
Administrators should implement the "G2" root certificate before the "G1" root certificate is removed by the root certificate update. There are multiple ways to deploy the root store to enterprise devices.


Carefully review the documentation in the Additional information section of this entry, which provides details on the changes taking place and detailed migration instructions.


Additional information:


Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root | Microsoft Docs: Main article discussing the removal in detail, potential issues, steps to avoid issues, and troubleshoot and analysis guidance
Migrate to the Federal Common Policy CA G2 | FICAM Playbooks: Instructions to manually download and migrate to the "G2" root certificate
Obtain and verify a copy of the Federal Common Policy CA G2 certificate | FICAM Playbooks: Details on downloading and installing the "G2" root certificate on Windows workgroup, member, and domain controller computers
Distribute the certificate to operating systems | FICAM Playbooks: Guidance to deploy the root store to enterprise devices (see the "Microsoft Solutions" section)
Program Requirements - Microsoft Trusted Root Program | Microsoft Docs: Introduction to the Trusted Root Program, as well as general and technical requirements
https://docs.microsoft.com/security/trusted-root/program-requirements
https://docs.microsoft.com/troubleshoot/windows-server/windows-security/microsoft-trusted-root-store-removal-of-us-federal-common-policy
https://playbooks.idmanagement.gov/fpki/common/distribute-os/
https://playbooks.idmanagement.gov/fpki/common/migrate/
https://playbooks.idmanagement.gov/fpki/common/obtain-and-verify
https://www.idmanagement.gov/
2022-08-27MC prepareAdministrators should implement the "G2" root certificate before the "G1" root certificate is removed by the root certificate update. There are multiple ways to deploy the root store to enterprise devices.


Carefully review the documentation in the Additional information section of this entry, which provides details on the changes taking place and detailed migration instructions.


Additional information:


Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root | Microsoft Docs: Main article discussing the removal in detail, potential issues, steps to avoid issues, and troubleshoot and analysis guidance
Migrate to the Federal Common Policy CA G2 | FICAM Playbooks: Instructions to manually download and migrate to the "G2" root certificate
Obtain and verify a copy of the Federal Common Policy CA G2 certificate | FICAM Playbooks: Details on downloading and installing the "G2" root certificate on Windows workgroup, member, and domain controller computers
Distribute the certificate to operating systems | FICAM Playbooks: Guidance to deploy the root store to enterprise devices (see the "Microsoft Solutions" section)
Program Requirements - Microsoft Trusted Root Program | Microsoft Docs: Introduction to the Trusted Root Program, as well as general and technical requirements
https://docs.microsoft.com/security/trusted-root/program-requirements
https://docs.microsoft.com/troubleshoot/windows-server/windows-security/microsoft-trusted-root-store-removal-of-us-federal-common-policy
https://playbooks.idmanagement.gov/fpki/common/distribute-os/
https://playbooks.idmanagement.gov/fpki/common/migrate/
https://playbooks.idmanagement.gov/fpki/common/obtain-and-verify
https://www.idmanagement.gov/
Administrators should implement the "G2" root certificate before the "G1" root certificate is removed by the root certificate update. There are multiple ways to deploy the root store to enterprise devices.


Carefully review the documentation in the Additional information section of this entry, which provides details on the changes taking place and detailed migration instructions.


Additional information:


Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root | Microsoft Docs: Main article discussing the removal in detail, potential issues, steps to avoid issues, and troubleshoot and analysis guidance
Migrate to the Federal Common Policy CA G2 | FICAM Playbooks: Instructions to manually download and migrate to the "G2" root certificate
Obtain and verify a copy of the Federal Common Policy CA G2 certificate | FICAM Playbooks: Details on downloading and installing the "G2" root certificate on Windows workgroup, member, and domain controller computers
Distribute the certificate to operating systems | FICAM Playbooks: Guidance to deploy the root store to enterprise devices (see the "Microsoft Solutions" section)
Program Requirements - Microsoft Trusted Root Program | Microsoft Docs: Introduction to the Trusted Root Program, as well as general and technical requirements
ps://docs.microsoft.com/security/trusted-root/program-requirem
ps://docs.microsoft.com/troubleshoot/windows-server/windows-security/microsoft-trusted-root-store-removal-of-us-federal-common-policy
ps://playbooks.idmanagement.gov/fpki/common/distribute-os/
ps://playbooks.idmanagement.gov/fpki/common/migrate/
ps://playbooks.idmanagement.gov/fpki/common/obtain-and-verify
ps://www.idmanagement.gov/

*starting April 2022

Last updated 2 months ago

Login to your account

Welcome Back, We Missed You!