MC384240 – Final Notice: Microsoft “G1” Root Certificate removal – May 24, 2022

Admin impact, Plan For Change, Windows

check before: 2022-06-07

Product:

Microsoft 365 Apps

Platform:

World tenant

Status:

Change type:

Admin impact

Links:

Details:

As was previously announced, the United States Federal PKI team formally requested the removal of the "Federal Common Policy" root certificate, also known as the "G1" root certificate, from the Microsoft Trusted Root Program on May 24, 2022.

When will this happen:

On May 24, 2022, the "G1" root certificate is being removed by an out-of-band update. Action is required on environments which currently use this certificate.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2022-05-25

updated:
2022-08-27

the free basic plan is required to see all details. Sign up here

A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

Get a Plan

changes*

Date	Property	old	new
2022-09-15	MC prepare	The "G2" root certificate must be implemented on environments that require the change. There are multiple ways to deploy the root store to enterprise devices. Carefully review the documentation in the Additional information section below, which provides details on the changes taking place along with detailed migration instructions. Additional information: Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root \| Microsoft Docs: Main article discussing the removal in detail, potential issues, steps to avoid issues, and troubleshoot and analysis guidance Migrate to the Federal Common Policy CA G2 \| FICAM Playbooks: Instructions to manually download and migrate to the "G2" root certificate Obtain and verify a copy of the Federal Common Policy CA G2 certificate \| FICAM Playbooks: Details on downloading and installing the "G2" root certificate on Windows workgroup, member, and domain controller computers Distribute the certificate to operating systems \| FICAM Playbooks: Guidance to deploy the root store to enterprise devices (see the "Microsoft Solutions" section) Program Requirements - Microsoft Trusted Root Program \| Microsoft Docs: Introduction to the Trusted Root Program, as well as general and technical requirements ps://docs.microsoft.com/security/trusted-root/program-requirem ps://docs.microsoft.com/troubleshoot/windows-server/windows-security/microsoft-trusted-root-store-removal-of-us-federal-common-policy ps://playbooks.idmanagement.gov/fpki/common/distribute-os/ ps://playbooks.idmanagement.gov/fpki/common/migrate/ ps://playbooks.idmanagement.gov/fpki/common/obtain-and-verify ps://www.idmanagement.gov/	The "G2" root certificate must be implemented on environments that require the change. There are multiple ways to deploy the root store to enterprise devices. Carefully review the documentation in the Additional information section below, which provides details on the changes taking place along with detailed migration instructions. Additional information: Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root \| Microsoft Docs: Main article discussing the removal in detail, potential issues, steps to avoid issues, and troubleshoot and analysis guidance Migrate to the Federal Common Policy CA G2 \| FICAM Playbooks: Instructions to manually download and migrate to the "G2" root certificate Obtain and verify a copy of the Federal Common Policy CA G2 certificate \| FICAM Playbooks: Details on downloading and installing the "G2" root certificate on Windows workgroup, member, and domain controller computers Distribute the certificate to operating systems \| FICAM Playbooks: Guidance to deploy the root store to enterprise devices (see the "Microsoft Solutions" section) Program Requirements - Microsoft Trusted Root Program \| Microsoft Docs: Introduction to the Trusted Root Program, as well as general and technical requirements https://docs.microsoft.com/security/trusted-root/program-requirements https://docs.microsoft.com/troubleshoot/windows-server/windows-security/microsoft-trusted-root-store-removal-of-us-federal-common-policy https://playbooks.idmanagement.gov/fpki/common/distribute-os/ https://playbooks.idmanagement.gov/fpki/common/migrate/ https://playbooks.idmanagement.gov/fpki/common/obtain-and-verify https://www.idmanagement.gov/
2022-08-27	MC prepare	The "G2" root certificate must be implemented on environments that require the change. There are multiple ways to deploy the root store to enterprise devices. Carefully review the documentation in the Additional information section below, which provides details on the changes taking place along with detailed migration instructions. Additional information: Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root \| Microsoft Docs: Main article discussing the removal in detail, potential issues, steps to avoid issues, and troubleshoot and analysis guidance Migrate to the Federal Common Policy CA G2 \| FICAM Playbooks: Instructions to manually download and migrate to the "G2" root certificate Obtain and verify a copy of the Federal Common Policy CA G2 certificate \| FICAM Playbooks: Details on downloading and installing the "G2" root certificate on Windows workgroup, member, and domain controller computers Distribute the certificate to operating systems \| FICAM Playbooks: Guidance to deploy the root store to enterprise devices (see the "Microsoft Solutions" section) Program Requirements - Microsoft Trusted Root Program \| Microsoft Docs: Introduction to the Trusted Root Program, as well as general and technical requirements https://docs.microsoft.com/security/trusted-root/program-requirements https://docs.microsoft.com/troubleshoot/windows-server/windows-security/microsoft-trusted-root-store-removal-of-us-federal-common-policy https://playbooks.idmanagement.gov/fpki/common/distribute-os/ https://playbooks.idmanagement.gov/fpki/common/migrate/ https://playbooks.idmanagement.gov/fpki/common/obtain-and-verify https://www.idmanagement.gov/	The "G2" root certificate must be implemented on environments that require the change. There are multiple ways to deploy the root store to enterprise devices. Carefully review the documentation in the Additional information section below, which provides details on the changes taking place along with detailed migration instructions. Additional information: Removal of the U.S. Federal Common Policy CA certificate from the Microsoft trusted root \| Microsoft Docs: Main article discussing the removal in detail, potential issues, steps to avoid issues, and troubleshoot and analysis guidance Migrate to the Federal Common Policy CA G2 \| FICAM Playbooks: Instructions to manually download and migrate to the "G2" root certificate Obtain and verify a copy of the Federal Common Policy CA G2 certificate \| FICAM Playbooks: Details on downloading and installing the "G2" root certificate on Windows workgroup, member, and domain controller computers Distribute the certificate to operating systems \| FICAM Playbooks: Guidance to deploy the root store to enterprise devices (see the "Microsoft Solutions" section) Program Requirements - Microsoft Trusted Root Program \| Microsoft Docs: Introduction to the Trusted Root Program, as well as general and technical requirements ps://docs.microsoft.com/security/trusted-root/program-requirem ps://docs.microsoft.com/troubleshoot/windows-server/windows-security/microsoft-trusted-root-store-removal-of-us-federal-common-policy ps://playbooks.idmanagement.gov/fpki/common/distribute-os/ ps://playbooks.idmanagement.gov/fpki/common/migrate/ ps://playbooks.idmanagement.gov/fpki/common/obtain-and-verify ps://www.idmanagement.gov/

*starting April 2022

Last updated 2 months ago

MC388234 - What’s new in the Microsoft Intune Service Update… 3. June 2022 check before: 2022-06-17 Product: Enterprise Mobility + Security, Intune Platform: World tenant, Online, mobile, Windows Desktop Status: Change type: New feature, Feature update, User impact, Admin impact Links: Details: Your Microsoft Intune account has been…
MC384247 - May 2022 Windows non-security preview "C" release… 25. May 2022 check before: 2022-06-07 Product: Azure Active Directory, Visio, Windows Platform: Windows Desktop, World tenant Status: Change type: Admin impact Links: Details: The May 2022 non-security preview release, referred to as our "C" release, is now…
MC387924 - May 2022 Windows non-security preview "C" release… 3. June 2022 check before: 2022-06-16 Product: Windows Platform: Windows Desktop, World tenant Status: Change type: Admin impact Links: Details: The May 2022 non-security preview release, referred to as our "C" release, is now available for Windows 11…
MC455046 - (Updated) In-Country Data Residency - Final… 3. November 2022 check before: 2022-11-16 Product: Microsoft 365 suite Platform: Mac, World tenant Status: Change type: Admin impact, New feature, Updated message Links: Details: Updated November 17, 2022: We have determined that this message did not reach…
MC468180 - In-Country Data Residency - Final Migration… 18. November 2022 check before: 2022-12-02 Product: Microsoft 365 suite Platform: Mac, World tenant Status: Change type: New feature, Admin impact Links: Details: With the launch of the Microsoft 365 Advanced Data Residency add-on and associated changes to…
MC403454 - Reminder: Removal of temporary mitigation in… 22. July 2022 check before: 2022-08-04 Product: SharePoint, Universal Print, Windows Platform: World tenant, Online Status: Change type: Admin impact Links: Details: As previously announced, Microsoft released hardening changes for CVE-2021-33764 in Windows updates starting on July 13,…