To: InfoTech Listserv
From: EASI Communications
Re: Office TLS certificate changes for custom applications
On June 30 Microsoft 365 will update services powering messaging, meetings, telephony, voice and video to use TLS certificates from a different set of Root Certificate Authorities (CAs).
Most IT units will not be impacted by this change. However, Microsoft specifies that custom applications may be impacted when the application explicitly specifies a list of acceptable CAs (i.e uses ‘certificate pinning’). Applications that do not have the new Root CAs in their list of acceptable CAs will receive certificate validation errors. These validation errors may impact the availability or function of custom applications.
Affected products include Microsoft Teams, Skype, Kaizala and Azure Communication Services. Affected endpoints include: *.teams.microsoft.com *.skype.com *.skypeforbusiness.com *.communication.azure.com and *.operatorconnect.microsoft.com.
How to prepare
For a full list of the new Root CAs and to determine whether your custom application will be impacted by these TLS certificate changes, please review this article from Microsoft.