EDIT 2/4/2026: We’ve been notified that some email providers may distrust the DigiCert G1 root on April 15, which could result in broad ecosystem‑wide email impact. To ensure Exchange Online can rota...
Updated Feb 10, 2026
Version 4.0
Blog Post
6 MIN READ
Trust DigiCert Global Root G2 Certificate Authority to Avoid Exchange Online Email Disruption
Arindam_Thokder
Microsoft
MicrosoftPankaj_Messaging_Specialist -
1. Only devices/applications/servers that connect to Exchange Online over SMTP with TLS and send/receive email can be impacted. Systems using smtp.office365.com typically use SMTP. If they use SMTP with TLS and do not trust the required certificate, they will be affected. As far as I know, Outlook, macOS Mail, and Apple Mail generally do not connect to Exchange Online over SMTP for mailbox access. But if these clients are configured to send email directly to Exchange online by connecting to an SMTP endpoint like smtp.office365.com, then of Course they could be impacted.
2. I already answered this to you earlier. Yes, if third party application connects to Exchange Online over SMTP (irrespective of any endpoint), they need to update\trust DigiCert Root certificate.
3. This was also answered to you earlier, and I hope it is clear by now that 3rd party not connecting to Exchange online directly (and relaying though Exchange on premises) are not impacted by this.
4. This is outside my area of expertise.
5. Again, I hope it is clear by now that local machines not connecting to Exchange online over SMTP is not impacted.
Thanks Arindam_Thokder I have one the vendor application they are using Graph API to send emails and if they are impacted by this change or not.
also, they tried to upload the DigiCert Root G2 certificate but after installing cert Graph API failing, any insight.