![Action Required: Trust DigiCert Global Root G2 Certificate Authority for using Entra services by January 7, 2026 [MC1193408]](https://mwpro.co.uk/wp-content/uploads/2025/06/cave-7612427_1920-1024x683.webp "Action Required: Trust DigiCert Global Root G2 Certificate Authority for using Entra services by January 7, 2026 [MC1193408] 1")
Message ID: MC1193408
Action Required: Trust the new DigiCert Certificate Authorities (CAs) for Microsoft Entra
Starting January 7, 2026, Microsoft Entra will migrate its DigiCert certificates from the G1 root CA to the G2 root CA. Clients that pin to the DigiCert G1 root or do not trust the DigiCert G2 root may experience authentication failures.
What are G1 and G2 root CAs?
Certificate Authorities (CAs) issue digital certificates that establish trust for secure communications. A root CA is the top-level certificate in a trust chain. DigiCert Global Root G1 is the current root CA used by Microsoft Entra services. DigiCert Global Root G2 is the newer root CA that Microsoft is migrating to for improved security and compliance. If your systems do not trust the G2 root, authentication and secure connections to Microsoft Entra services will fail.
Why you’re receiving this message:
Our reporting indicates that one or more users in your organization may be using Microsoft Entra ID.
When this will happen:
January 7, 2026.
How this affects your organization:
- Who is affected: Organizations using Microsoft Entra ID services.
- What will happen:
- If DigiCert G2 certificates are not trusted, authentication failures will occur when accessing Microsoft Entra services.
- Impacted domains include:
- login.microsoftonline.com
- login.live.com
- login.windows.net
- autologon.microsoftazuread-sso.com
- graph.windows.net
What you can do to prepare:
- Trust all Root and Subordinate CAs listed in the Azure Certificate Authority details documentation.
- Ensure you trust the “DigiCert Global Root G2” root and its subordinate CAs (documented since September 2025).
- Remove any client-side pinning to the DigiCert Global Root CA root certificate.
- Update your settings now to avoid service disruption.
Help and support:
- For details about DigiCert certificates, refer to DigiCert documentation.
- For guidance on issuer/certificate pinning, see Azure documentation.
- Get answers from community experts in Microsoft Q&A.
- If you have a support plan and need technical help, create a support request or contact us at [email protected].
Compliance considerations:
No compliance considerations identified, review as appropriate for your organization.
Source: Microsoft
Latest Posts
- Microsoft 365 Copilot: Proactively RSVP to meetings and remove canceled meetings in Outlook [MC1219796]
- Microsoft Teams: External domains anomalies report [MC1219794]
- (Updated) New features coming to Microsoft 365 Copilot Chat for Outlook, Word, Excel, and PowerPoint [MC1187671]
- Queues app historical reporting will support 45 days of data [MC1219789]
![Microsoft 365 Copilot: Data source-specific filters in search [MC1193413]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-ron-lach-8264248-96x96.webp "Microsoft 365 Copilot: Data source-specific filters in search [MC1193413] 6")
![Retirement of several Microsoft Planner features in early 2026 as part of a Planner update [MC1193421]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-chetanvlad-2600312-96x96.webp "Retirement of several Microsoft Planner features in early 2026 as part of a Planner update [MC1193421] 7")