Intune certificate updates: Action may be required for continued connectivity

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Today we're posting the following message in the Message Center (in M365 Admin center under Message Center or in Microsoft Endpoint Manager on the Tenant Admin blade - Service Health and Message Center). We're sharing here to help answer any questions and also to keep you posted on any new updates. 


MC225591 - Intune certificate updates: Action may be required for continued connectivity

Microsoft Intune has begun updating our Root certificates to comply with Azure’s new certificate policy. Most management scenarios will work without administrator action, however, there are a few different configurations that may require you to take action to ensure your continued connectivity to Intune.


How this will affect your organization:

Here are the scenarios that are affected and may need action:

  • If you use the Intune iOS SDK, Intune App Wrapper for iOS, or Xamarin Bindings, we posted MC222833 asking you to take action and describing which versions are needed.
  • If you use any Microsoft applications with App Protection Policies (APP, also known as MAM), you’ll want to ensure you’re using the latest application version with SDK for iOS version 12.9.0+ or SDK for Android version 6.7.2+. Many of the M365 apps on iOS including Outlook, Teams, OneDrive, Office, and Word/Excel/PowerPoint have adopted the updated SDK. On Android, Outlook and OneDrive have released with the updated SDK and APP applications are continuing their updated releases.
  • If you use Configuration Manager, including co-managed devices, read this article for any conditions that need to be unblocked to enable the root cert updates, such as steps to ensure Windows domain joined co-managed devices continue communicating with the Microsoft Endpoint Manager services.
  • For any Intune on-premises connectors in use, such as the Exchange, NDES, ODJ, or PFX connectors, ensure your servers receive the Root Certificate updates. For environments that are disconnected, follow guidance to ensure root certificates are installed on the on-premises servers.
  • Note that you may also have to check your Group Policy settings, as it is possible to disable automatic root certificate updates. Update your policy or manually update the certificates on devices including MDM-managed Windows devices.


What you need to do to prepare:

Evaluate your environment with the conditions above and take action as needed.



And for those of you that didn't see MC222833 but have LOB apps with APP (MAM) here's that post too: 


MC222833 - Take Action: Adopt the Latest iOS SDK, Intune App Wrapper, and Xamarin Bindings

Microsoft has made a few important service side updates that will require that you adopt the latest Intune App SDK for iOS version 12.9.0 or higher, Intune App Wrapper, version 13.0.0 or higher, or Xamarin binding version 12.9.0 and then have your end users adopt the updated apps by December 31, 2020. Note that the way Android updates, once one Microsoft application with the updated SDK is on the device and the Company Portal is updated, Android apps will update, so this message is focused on iOS.


How this will affect your organization:

Our service telemetry indicates you have applications wrapped by the Intune SDK, the Intune App Wrapper, or Xamarin Bindings. 


What you need to do to prepare:

Action will depend on update status:

  • If you've wrapped your app, you'll want to re-wrap your app with the latest wrapper (13.0.0 or higher)
  • If you integrated the SDK please re-integrate with SDK 12.9.0 or higher
  • If you're using Xamarin and have integrated our binding, please pull in the binding 12.9.0 or above


Here are the public repositories:


Let us know if you have any additional questions on this by replying back to this post or tagging @IntuneSuppTeam out on Twitter.

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.