Microsoft Holds Off on Azure Active Directory Certificate Rollovers

Microsoft has postponed its roll out of new security certificates for Azure Active Directory, which was supposed to have occurred today.

Applications that tap certain federation metadata could experience trust issues from Microsoft's certificate rollover, especial those apps that are "not configured to automatically update the certificate from the metadata," Microsoft warned, in a terse announcement posted earlier this month. However, this week, Microsoft indicated it was holding off on the planned certificate rollover by "a few weeks."

Organizations told Microsoft that they needed more time to get ready.

It turns out that Microsoft rolls out new security certificates for Azure Active Directory on a six-week schedule, although it could switch them out even earlier in an emergency. They're part of a public-private key pair scheme used to ensure trust between Azure Active Directory and Web applications.

Microsoft's best practices document on this topic indicates that organizations should build business logic into their applications to handle these kinds of regular certificate rollovers.

If a Web app was built using Microsoft's code samples, then they'll likely already have this logic built into them. "If you created your application using any of the code samples or walkthrough documentation provided by Microsoft, the key rollover logic is already included in your project," Microsoft's best practices document explains. Otherwise, the latest key has to be manually retrieved and updated in an application.

Applications in the Azure Active Directory application gallery that were configured to use SAML or WS-Federation protocols won't be adversely affected by the certificate rollover, the announcement explained.

Organizations experiencing problems with their Web apps as a result of Microsoft's certificate update should seek support at this page, Microsoft indicated.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

  • Windows 10 Version 1809 Users May Get Visual Studio Crashes

    Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

  • Standardizing the Look of Outlook's Outbound Messages

    Microsoft typically gives users a blank canvas to compose new e-mails in Outlook. In some corporate environments, however, a blank canvas isn't a good thing.

  • Windows 10 'Semiannual Channel Targeted' Goes Away This Spring

    Microsoft plans to slightly alter its Windows servicing lingo and management behavior with its next Windows 10 operating system feature update release, coming this spring.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.