Updated on 2/10/2021
Microsoft periodically refreshes certificates in Office 365 as part of our effort to maintain a highly available and secure environment. From Jan 23 rd , 2021, we are making a ...
Updated Feb 10, 2021
Version 8.0
Blog Post
Mirela_Buru
Microsoft
MicrosoftJeremyTBradshaw , I understand this can be an annoying issue. And I also understand that we are slowly moving away from DAuth to OAuth and there might be no interest in making this easier. I suggested the 2 workarounds as the only ones I can think of now. Also, if I remember correctly, If you recreate the federation trust with the same (current) federation trust certificate, it won't be needed to add new DNS records for domain proof. Or if you push 2 up to date certificates in Federation Trust, then this should be feasible to allow you discard the expired one. If you cannot post this on uservoice, you might be able to give feedback on that docs page with renew/replace certificate it but this will probably be just a by design statement that won't actually give you a solution.
However, I disagree that this issue you highlighted is related to this specific topic regarding Token signing certificate rotation in MFG and I believe it might cause confusion amongst readers on what certificates we are referring to.