Office 365 Certificate Update Will Affect Some Exchange Deployments

Microsoft gave notice this week that it's planning to update its Office 365 certificates later this month, and the update could affect some hybrid Exchange deployments.

The updates will affect the Microsoft Federation Gateway, which a service that brokers connections to Microsoft applications. The gateway provides a means for organizations to establish trust relations, such as sharing e-mails, for instance.

On Sept. 23, 2014, Microsoft is planning a certificate change to the Microsoft Federation Gateway. Organizations that have hybrid networks combining Office 365 services with Exchange Server or that use the Microsoft Federation Gateway to establish trust relationships need to set up a certificate update process before the Sept. 23 deadline to "avoid any disruption" in service, according to Microsoft's Wednesday announcement.

The announcement provides a script to execute on Exchange Server to set up the certificate update process. The script apparently initiates a certificate refresh on a daily basis.

Certificate updates also can also be performed manually. If so, Microsoft recommends running a command to do that "at least monthly." Office 365 certificates get updated "periodically," according to Microsoft, without providing any specific details.

Organizations running Exchange Server 2013 Service Pack 1 don't have to take any action because the certificate update process happens automatically. However, organizations using other versions of the product, down to Exchange Server 2010, need to take action before the deadline.

If the certificates aren't updated before the Sept. 23 date, then end users might experience a few problems. For instance, they won't be able to see free/busy information. The "MailTips" feature won't work for organizations with hybrid Exchange configurations. Microsoft describes those problems in this Knowledge Base article.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

  • How To Block Self-Service Purchasing in Microsoft's Power Platform

    Microsoft threw Office 365 admins a bone when it gave them the ability to block users from purchasing Power Platform tools without IT approval. Here's how to prevent total anarchy.

  • Azure DevOps Services Losing Support for Alternate Credentials

    Microsoft gave notice last week that it's going to drop Alternate Credentials support for authenticating users of its Azure DevOps Services.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.