Microsoft announced this week some important Transport Layer Security (TLS) certificate changes regarding the Microsoft 365 services. The company detailed in a blog post that its Microsoft 365 apps and services would drop support for the current TLS certificates in May 2025, in favor of the new Root Certificate Authorities (CAs).
Microsoft says that this change will impact several Microsoft 365 apps such as Microsoft Teams, Skype, Skype for Business Online, Microsoft Dynamics 365, GroupMe, Kaizala, as well as Azure Communication Services.
“Microsoft 365 is updating services powering messaging, meetings, telephony, voice, and video to use TLS certificates from a different set of Root Certificate Authorities (CAs). This change is being made because the current Root CA will expire in May 2025,” the company explained.
Here’s is a full list of all the endpoints affected by the TLS certificate changes:
The Redmond giant explained that one of the new Root CAs called “DigiCert Global Root G2” is trusted by all major platforms, including Windows, macOS, iOS, and Android. Additionally, it supports some popular web browsers, such as Google Chrome, Microsoft Edge, Firefox as well as Safari.
Microsoft confirmed that the transition to these new Root CAs for Microsoft 365 services started back in January, and it will continue through October this year. The company recommends developers to prepare for the upcoming change that may cause “certificate validation errors” when the current TLS certificates reach the end of support in May 2025. It is important to “add the properties of the new CAs” to the source codes to prevent validation errors that can potentially impact the availability of their apps.
If you’re currently using the Microsoft 365 apps listed above in your organization, you’ll need to contact your software vendor to determine the impact of the upcoming certificate switch. You can find more details about the new Root CAs on this support page.