check before: 2023-02-20
Office 365 general
Date changes for new certificate-based authentication requirements on domain controllers
New security requirements are coming to Windows Servers. These changes increase certificate mapping security requirements to address vulnerabilities discussed in CVE-2022-26923 and others. Servers that run Active Directory Certificate Services, as well as Windows domain controllers that service certificate-based authentication, will need to meet new certificate mapping requirements in order for authentication operations to succeed. Administrators should be aware of two key dates in 2023:
April 11, 2023: Updates released after this date will remove the ability to allow domain controllers to continue relying on weak certificate mapping, known as Disabled mode.
November 14, 2023: Updates released after this date will mandate that the new certificate security requirements are met, known as Full Enforcement mode.
Beginning with updates released May 10, 2022 and later, warning messages are logged for authentication scenarios that will fail once the new security requirements are in place. This can help administrators identify compatibility issues ahead of the November 14, 2023 date. To help protect your environment, update all servers with the May 10, 2022 or later security release, and enable Full Enforcement mode on all domain controllers if no audit error logs are created on domain controllers.
For more information, see KB5014754 - Certificate-based authentication changes on Windows domain controllers.
When will this happen:
Starting April 11, 2023, Disabled mode will be removed. Starting November 14, 2023, domain controllers must use Full Enforcement mode. Please note, this was changed from a previously announced date in May.
the free basic plan is required to see all details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 months ago