MC512168 – Date changes for new certificate-based authentication requirements on domain controllers (archived)

cloudscout.one Icon

check before: 2023-02-20

Product:

Office 365 general, Windows Server

Platform:

World tenant

Status:

Change type:

Admin impact

Links:

Details:

Date changes for new certificate-based authentication requirements on domain controllers

New security requirements are coming to Windows Servers. These changes increase certificate mapping security requirements to address vulnerabilities discussed in CVE-2022-26923 and others. Servers that run Active Directory Certificate Services, as well as Windows domain controllers that service certificate-based authentication, will need to meet new certificate mapping requirements in order for authentication operations to succeed. Administrators should be aware of two key dates in 2023:

April 11, 2023: Updates released after this date will remove the ability to allow domain controllers to continue relying on weak certificate mapping, known as Disabled mode.
November 14, 2023: Updates released after this date will mandate that the new certificate security requirements are met, known as Full Enforcement mode.

Beginning with updates released May 10, 2022 and later, warning messages are logged for authentication scenarios that will fail once the new security requirements are in place. This can help administrators identify compatibility issues ahead of the November 14, 2023 date. To help protect your environment, update all servers with the May 10, 2022 or later security release, and enable Full Enforcement mode on all domain controllers if no audit error logs are created on domain controllers.

For more information, see KB5014754 - Certificate-based authentication changes on Windows domain controllers.

When will this happen:
Starting April 11, 2023, Disabled mode will be removed. Starting November 14, 2023, domain controllers must use Full Enforcement mode. Please note, this was changed from a previously announced date in May.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2023-02-07

updated:
2023-02-07

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

** AI generated content. This information is not reliable.

the free basic plan is required to see all details. Sign up here


Last updated 4 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!