Intune certificate updates: Action may be required for continued connectivity

Published Feb 02 2021 03:21 PM 19.2K Views

Update 2/10/2020: The certificates have all now been rotated for Intune. If you or your end users did not take action, such as updating the apps, the Android Company Portal, or if you did not you did not update the SDK or rewrap your line of business apps, here’s the end user experience moving forward:

 

Existing user with App Protection Policy (APP, also known as MAM) policy:

  1. They will continue to be protected with the last APP/MAM policy they received.
  2. They will not get any updates to that existing policy.
  3. After 90 days (configurable) the corporate data and apps with APP on the device will be wiped. Ninety days from today puts this change on May 12, 2021.
  4. A few questions have come in around block access. There is a separate block access after 12 hours but that will only apply if your user is not connected to the internet (for example, completely offline).

New user without APP policies:

  1. They will not be able to get policy to enroll the app and thereby will not be able to use the APP managed application.
  2. If you did not update the SDK or rewrap your line of business (LOB) apps, then apps cannot continue communicating with the Intune service. If an APP LOB application was wrapped or you are using default enrollment, new users will be blocked from accessing the app.
    1. The majority of LOB apps fall in this category.
  3. If they have the Conditional Access policy requiring APP in place, new users will be blocked from getting an access token.
  4. If they don't have either of these protections in place, they will get application access.

 

You can still take action by:

  • Ensuring Android end users have updated their Company Portal app to the latest version (this change and a number of fixes have been in the Company Portal app since 5.0.05 and higher). On Android, updating the company portal will also update any APP apps.
  • If you use any Microsoft applications with App Protection Policies (APP, also known as MAM), you’ll want to ensure you’re using the latest application versions from Microsoft. All the major Office apps have adopted the newer SDK’s and are available in the store.  

 

Please see the post below for the connector information/updates and more information.

 

From the original post in November, 2020 - Today we're posting the following message in the Message Center (in M365 Admin center under Message Center or in Microsoft Endpoint Manager on the Tenant Admin blade - Service Health and Message Center). We're sharing here to help answer any questions and also to keep you posted on any new updates. 

 

MC225591 (and also MC235267 as a reminder!) - Intune certificate updates: Action may be required for continued connectivity

Microsoft Intune has begun updating our Root certificates to comply with Azure’s new certificate policy. Most management scenarios will work without administrator action, however, there are a few different configurations that may require you to take action to ensure your continued connectivity to Intune.

 

How this will affect your organization:

Here are the scenarios that are affected and may need action:

  • If you use the Intune iOS SDK, Intune App Wrapper for iOS, or Xamarin Bindings, we posted MC222833 asking you to take action and describing which versions are needed.
  • If you use any Microsoft applications with App Protection Policies (APP, also known as MAM), you’ll want to ensure you’re using the latest application version with SDK for iOS (SDK version 12.9.0+ has the updated code) or SDK for Android (SDK version 6.7.2+ has the updated code). All the major Office apps have adopted the newer SDK’s and are available in the store.
  • If you use Configuration Manager, including co-managed devices, read this article for any conditions that need to be unblocked to enable the root cert updates, such as steps to ensure Windows domain joined co-managed devices continue communicating with the Microsoft Endpoint Manager services.
  • For any Intune on-premises connectors in use, such as the Exchange, NDES, ODJ, or PFX connectors, ensure your servers receive the Root Certificate updates. For environments that are disconnected, follow guidance to ensure root certificates are installed on the on-premises servers.
  • Note that you may also have to check your Group Policy settings, as it is possible to disable automatic root certificate updates. Update your policy or manually update the certificates on devices including MDM-managed Windows devices.

 

What you need to do to prepare:

Evaluate your environment with the conditions above and take action as needed.

 

 

And for those of you that didn't see MC222833 and later MC230351 but have LOB apps with APP (MAM) here's that post too: 

 

MC222833 (and also MC230351 as a reminder) - Take Action: Adopt the Latest iOS SDK, Intune App Wrapper, and Xamarin Bindings

Microsoft has made a few important service side updates that will require that you adopt the latest Intune App SDK for iOS version 12.9.0 or higher, Intune App Wrapper, version 13.0.0 or higher, or Xamarin binding version 12.9.0 and then have your end users adopt the updated apps by December 31, 2020. Note that the way Android updates, once one Microsoft application with the updated SDK is on the device and the Company Portal is updated, Android apps will update, so this message is focused on iOS.

 

How this will affect your organization:

Our service telemetry indicates you have applications wrapped by the Intune SDK, the Intune App Wrapper, or Xamarin Bindings. 

 

What you need to do to prepare:

Action will depend on update status:

  • If you've wrapped your app, you'll want to re-wrap your app with the latest wrapper (13.0.0 or higher)
  • If you integrated the SDK please re-integrate with SDK 12.9.0 or higher
  • If you're using Xamarin and have integrated our binding, please pull in the binding 12.9.0 or above

 

Here are the public repositories:

 

FAQ (we'll add to this over time provided questions are asked!)

Q: What does an NDES server update look like?
A: We asked one of our service engineers and here's a few steps.

 

  1. On the Windows device, Launch/run certlm.msc. Say yes.  
    Go to Trusted Root Certification Authorities
  2. Open Certificates and ensure the "DigiCert Global Root G2" is there. If it is, you're set!    cert_digicert.PNG
  3. If not, the Microsoft Endpoint Manager post here: https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/connectivity-issues-digicert-global-root... lists common reasons why the cert is not installed.
  4. In our service engineer's environment, it actually wasn't there, so he got the cert by going to the Trusted Root Certificate Store as described in the above doc.  

 

One of our customers ran into an issue that the certs were downloaded but weren't being applied. Here's the steps they went into on the Exchange connector server to ensure they applied. If you have any other tips let us know!

  1. Logged into the Exchange Connector server with a local user account.
  2. From Windows, accessed the Cert manager with certmgr.msc from the Command prompt. One note - if you are logged with different domain account you can add how to access to Run as Steps to access Cert manager.run_cert_manager.jpg

     

  3. Once you're in Cert manager on the Exchange Connector server, click on Trusted Root Certificate Authority > certificates. certificates.jpg

     

  4.  Right Click on Certificates > click All Task > and then Import.

  5.  After Import, select the certs you want to import from your local drive (in this case the new ones). 

  6. Once you select it will install and ask for confirmation. Then you'll see your new certificates. 

               

Network Access Control (NAC) note

For all Network Access Control (NAC) scenarios, when using a 3rd party provider such as Cisco, please be sure your NAC provider has validated their root CA config. They should have how to do this documented, but in case they don’t:

  1. Add DigiCert Global Root G2 to their trusted CA store
  2. For some providers, they many need to validate the configuration and update as needed.
  3. Confirm your network can receive traffic so that the configuration can be pushed down to individual ISE boxes.
  4. For some providers note that it can take time for updates to be distributed.

 

Updated

  • 11/2/2020 with more info on NDES server cert updates.
  • 2/2/2021 with Exchange Connector detailed instructions if the certs were downloaded but not applied steps and steps for NAC providers.
  • 2/11/2021 with the latest information now that the certs have been rotated. 

 

Let us know if you have any additional questions on this by replying back to this post or tagging @IntuneSuppTeam out on Twitter.

8 Comments
Senior Member

My only concern was the app protection policies, specifically M365 policy managed apps, however it looks like we'll be ok if the apps are updated. 🧐

Microsoft

Hello Team,

I have received multiple queries regarding if the LOB apps will stop working ( or what the affect gonna be ) if the below plan is not followed,

What you need to do to prepare:

Action will depend on update status:

  • If you've wrapped your app, you'll want to re-wrap your app with the latest wrapper (13.0.0 or higher)
  • If you integrated the SDK please re-integrate with SDK 12.9.0 or higher
  • If you're using Xamarin and have integrated our binding, please pull in the binding 12.9.0 or above


    Kindly comment on the same
Senior Member

As far as i can tell have we one wrapped app created with an older version of Intune app wrapper, is this one affected? 

https://github.com/microsoft/Microsoft-Win32-Content-Prep-Tool

 

  • If you've wrapped your app, you'll want to re-wrap your app with the latest wrapper (13.0.0 or higher)

Hi @niladri186, apps would not be able to receive the policy and new app installs would be blocked. Existing apps would work until they reached the timeout for reaching our service (90 days by default, but is configurable by the tenant under the "Offline grace period" setting for either iOS or Android).

Hi @Wietsedr, this is limited to iOS and Android apps.

New Contributor

Hi Folks

 

I find the wording of this alert confusing

 

We do not utilise any SDK or LOB apps in our org. We do however use app protection policies for IOS and we push out outlook and word etc via the IOS store. We have IOS devices older than OS version 12.9.0 Does this mean that those older devices will not be able to utilise these apps anymore?

Hi @danb1967, thanks for the question!

 

To clarify, the iOS 12.9.0+ requirement refers to the Intune App SDK for iOS (or Android if applicable). You may only need to take action if your organization is using this SDK or has any iOS LOB apps wrapped with APP (MAM).

 

If your org only uses the Microsoft 365 apps (such as Outlook/Word), no additional action is required if these apps are updated automatically.

Visitor

Hello Microsoft Team,

 

As you announce that the changes has to be performed till 15th February, I need to update MAM SDK for Android to version 6.7.2+. It would be great if you provide https://github.com/msintuneappsdk/Taskr-Sample-Intune-Android-App with updated MAM SDK version!

 

I tried to do update the MAM SDK version for Android already in Applications which I support, but there were some issues and Gradle throw the exception while building the App (Manifest merge build error) - (as it is described in the blog https://github.com/msintuneappsdk/ms-intune-app-sdk-android/issues/53 ). It would be great if you provide us the solution for this problem.

 

The MAM SDK for Android which is working for me is 6.7.0, but it is still not required version for the changes which comming.

 

Thank YOU!

%3CLINGO-SUB%20id%3D%22lingo-sub-1854965%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20certificate%20updates%3A%20Action%20may%20be%20required%20for%20continued%20connectivity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1854965%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20only%20concern%20was%20the%20app%20protection%20policies%2C%20specifically%20M365%20policy%20managed%20apps%2C%20however%20it%20looks%20like%20we'll%20be%20ok%20if%20the%20apps%20are%20updated.%20%F0%9F%A7%90%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1906200%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20certificate%20updates%3A%20Action%20may%20be%20required%20for%20continued%20connectivity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1906200%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20far%20as%20i%20can%20tell%20have%20we%20one%20wrapped%20app%20created%20with%20an%20older%20version%20of%20Intune%20app%20wrapper%2C%20is%20this%20one%20affected%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoft%2FMicrosoft-Win32-Content-Prep-Tool%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fmicrosoft%2FMicrosoft-Win32-Content-Prep-Tool%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EIf%20you've%20wrapped%20your%20app%2C%20you'll%20want%20to%20re-wrap%20your%20app%20with%20the%20latest%20wrapper%20(13.0.0%20or%20higher)%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1912936%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20certificate%20updates%3A%20Action%20may%20be%20required%20for%20continued%20connectivity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1912936%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F356928%22%20target%3D%22_blank%22%3E%40Wietsedr%3C%2FA%3E%2C%20this%20is%20limited%20to%20iOS%20and%20Android%20apps.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1912933%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20certificate%20updates%3A%20Action%20may%20be%20required%20for%20continued%20connectivity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1912933%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F872931%22%20target%3D%22_blank%22%3E%40niladri186%3C%2FA%3E%2C%20apps%20would%20not%20be%20able%20to%20receive%20the%20policy%20and%20new%20app%20installs%20would%20be%20blocked.%20Existing%20apps%20would%20work%20until%20they%20reached%20the%20timeout%20for%20reaching%20our%20service%20(90%20days%20by%20default%2C%20but%20is%20configurable%20by%20the%20tenant%20under%20the%20%22Offline%20grace%20period%22%20setting%20for%20either%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fapps%2Fapp-protection-policy-settings-ios%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EiOS%3C%2FA%3E%26nbsp%3Bor%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fapps%2Fapp-protection-policy-settings-android%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAndroid)%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2093813%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20certificate%20updates%3A%20Action%20may%20be%20required%20for%20continued%20connectivity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2093813%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Folks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20find%20the%20wording%20of%20this%20alert%20confusing%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20do%20not%20utilise%20any%20SDK%20or%20LOB%20apps%20in%20our%20org.%20We%20do%20however%20use%20app%20protection%20policies%20for%20IOS%20and%20we%20push%20out%20outlook%20and%20word%20etc%20via%20the%20IOS%20store.%20We%20have%20IOS%20devices%20older%20than%20OS%20version%2012.9.0%20Does%20this%20mean%20that%20those%20older%20devices%20will%20not%20be%20able%20to%20utilise%20these%20apps%20anymore%3F%20%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2096211%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20certificate%20updates%3A%20Action%20may%20be%20required%20for%20continued%20connectivity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2096211%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F429751%22%20target%3D%22_blank%22%3E%40danb1967%3C%2FA%3E%2C%20thanks%20for%20the%20question!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20clarify%2C%20the%20iOS%2012.9.0%2B%20requirement%20refers%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmsintuneappsdk%2Fms-intune-app-sdk-ios%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EIntune%20App%20SDK%20for%20iOS%3C%2FA%3E%26nbsp%3B(%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmsintuneappsdk%2Fintune-app-sdk-xamarin%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eor%20Android%20if%20applicable)%3C%2FA%3E.%20You%20may%20only%20need%20to%20take%20action%20if%20your%20organization%20is%20using%20this%20SDK%20or%20has%20any%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fdeveloper%2Fapp-wrapper-prepare-ios%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EiOS%20LOB%20apps%20wrapped%20with%20APP%20(MAM)%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20your%20org%20only%20uses%20the%20Microsoft%20365%20apps%20(such%20as%20Outlook%2FWord)%2C%20no%20additional%20action%20is%20required%20if%20these%20apps%20are%20updated%20automatically.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2105917%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20certificate%20updates%3A%20Action%20may%20be%20required%20for%20continued%20connectivity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2105917%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Microsoft%20Team%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20you%20announce%20that%20the%20changes%20has%20to%20be%20performed%20till%2015th%20February%2C%20I%20need%20to%20update%20MAM%20SDK%20for%20Android%20to%26nbsp%3Bversion%206.7.2%2B.%20It%20would%20be%20great%20if%20you%20provide%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmsintuneappsdk%2FTaskr-Sample-Intune-Android-App%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fmsintuneappsdk%2FTaskr-Sample-Intune-Android-App%3C%2FA%3E%26nbsp%3Bwith%20updated%20MAM%20SDK%20version!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tried%20to%20do%20update%20the%20MAM%20SDK%20version%26nbsp%3Bfor%20Android%20already%20in%20Applications%20which%20I%20support%2C%20but%20there%20were%20some%20issues%26nbsp%3Band%20Gradle%26nbsp%3Bthrow%20the%20exception%20while%20building%20the%20App%20(Manifest%20merge%20build%20error)%20-%26nbsp%3B(as%20it%20is%20described%20in%20the%20blog%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmsintuneappsdk%2Fms-intune-app-sdk-android%2Fissues%2F53%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fmsintuneappsdk%2Fms-intune-app-sdk-android%2Fissues%2F53%3C%2FA%3E%26nbsp%3B).%20It%20would%20be%20great%20if%20you%20provide%20us%20the%20solution%20for%20this%20problem.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20MAM%20SDK%20for%20Android%20which%20is%20working%20for%20me%20is%206.7.0%2C%20but%20it%20is%20still%20not%20required%20version%20for%20the%20changes%20which%20comming.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20YOU!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1839655%22%20slang%3D%22en-US%22%3EIntune%20certificate%20updates%3A%20Action%20may%20be%20required%20for%20continued%20connectivity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1839655%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EUpdate%202%2F10%2F2020%3A%20The%20certificates%20have%20all%20now%20been%20rotated%20for%20Intune.%20If%20you%20or%20your%20end%20users%20did%20not%20take%20action%2C%20such%20as%20updating%20the%20apps%2C%20the%20Android%20Company%20Portal%2C%20or%20if%20you%20did%20not%20you%20did%20not%20update%20the%20SDK%20or%20rewrap%20your%20line%20of%20business%20apps%2C%20here%E2%80%99s%20the%20end%20user%20experience%20moving%20forward%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EExisting%20user%20with%20App%20Protection%20Policy%20(APP%2C%20also%20known%20as%20MAM)%20policy%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EThey%20will%20continue%20to%20be%20protected%20with%20the%20last%20APP%2FMAM%20policy%20they%20received.%3C%2FLI%3E%0A%3CLI%3EThey%20will%20not%20get%20any%20updates%20to%20that%20existing%20policy.%3C%2FLI%3E%0A%3CLI%3EAfter%2090%20days%20(configurable)%20the%20corporate%20data%20and%20apps%20with%20APP%20on%20the%20device%20will%20be%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fapps%2Fapps-selective-wipe%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ewiped%3C%2FA%3E.%20Ninety%20days%20from%20today%20puts%20this%20change%20on%20May%2012%2C%202021.%3C%2FLI%3E%0A%3CLI%3EA%20few%20questions%20have%20come%20in%20around%20block%20access.%20There%20is%20a%20separate%20block%20access%20after%2012%20hours%20but%20that%20will%20only%20apply%20if%20your%20user%20is%20not%20connected%20to%20the%20internet%20(for%20example%2C%20completely%20offline).%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3ENew%20user%20without%20APP%20policies%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EThey%20will%20not%20be%20able%20to%20get%20policy%20to%20enroll%20the%20app%20and%20thereby%20will%20not%20be%20able%20to%20use%20the%20APP%20managed%20application.%3C%2FLI%3E%0A%3CLI%3EIf%20you%20did%20not%20update%20the%20SDK%20or%20rewrap%20your%20line%20of%20business%20(LOB)%20apps%2C%20then%20apps%20cannot%20continue%20communicating%20with%20the%20Intune%20service.%20If%20an%20APP%20LOB%20application%20was%20wrapped%20or%20you%20are%20using%20default%20enrollment%2C%20new%20users%20will%20be%20blocked%20from%20accessing%20the%20app.%3C%2FLI%3E%0A%3COL%20class%3D%22lia-list-style-type-lower-alpha%22%3E%0A%3CLI%3EThe%20majority%20of%20LOB%20apps%20fall%20in%20this%20category.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CLI%3EIf%20they%20have%20the%20Conditional%20Access%20policy%20requiring%20APP%20in%20place%2C%20new%20users%20will%20be%20blocked%20from%20getting%20an%20access%20token.%3C%2FLI%3E%0A%3CLI%3EIf%20they%20don't%20have%20either%20of%20these%20protections%20in%20place%2C%20they%20will%20get%20application%20access.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20still%20take%20action%20by%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EEnsuring%20Android%20end%20users%20have%20updated%20their%20Company%20Portal%20app%20to%20the%20latest%20version%20(this%20change%20and%20a%20number%20of%20fixes%20have%20been%20in%20the%20Company%20Portal%20app%20since%205.0.05%20and%20higher).%20On%20Android%2C%20updating%20the%20company%20portal%20will%20also%20update%20any%20APP%20apps.%3C%2FLI%3E%0A%3CLI%3EIf%20you%20use%20any%20Microsoft%20applications%20with%20App%20Protection%20Policies%20(APP%2C%20also%20known%20as%20MAM)%2C%20you%E2%80%99ll%20want%20to%20ensure%20you%E2%80%99re%20using%20the%20latest%20application%20versions%20from%20Microsoft.%20All%20the%20major%20Office%20apps%20have%20adopted%20the%20newer%20SDK%E2%80%99s%20and%20are%20available%20in%20the%20store.%20%26nbsp%3B%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20see%20the%20post%20below%20for%20the%20connector%20information%2Fupdates%20and%20more%20information.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFrom%20the%20original%20post%20in%20November%2C%202020%20-%20Today%20we're%20posting%20the%20following%20message%20in%20the%20Message%20Center%20(in%20M365%20Admin%20center%20under%20Message%20Center%20or%20in%20Microsoft%20Endpoint%20Manager%20on%20the%20Tenant%20Admin%20blade%20-%20Service%20Health%20and%20Message%20Center).%20We're%20sharing%20here%20to%20help%20answer%20any%20questions%20and%20also%20to%20keep%20you%20posted%20on%20any%20new%20updates.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EMC225591%20(and%20also%20MC235267%20as%20a%20reminder!)%26nbsp%3B%3C%2FSTRONG%3E%3CSTRONG%3E-%20Intune%20certificate%20updates%3A%20Action%20may%20be%20required%20for%20continued%20connectivity%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EMicrosoft%20Intune%20has%20begun%20updating%20our%20Root%20certificates%20to%20comply%20with%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsecurity%2Ffundamentals%2Ftls-certificate-changes%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%E2%80%99s%20new%20certificate%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Epolicy.%20Most%20management%20scenarios%20will%20work%20without%20administrator%20action%2C%20however%2C%20there%20are%20a%20few%20different%20configurations%20that%20may%20require%20you%20to%20take%20action%20to%20ensure%20your%20continued%20connectivity%20to%20Intune.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHow%20this%20will%20affect%20your%20organization%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EHere%20are%20the%20scenarios%20that%20are%20affected%20and%20may%20need%20action%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EIf%20you%20use%20the%20Intune%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EiOS%20SDK%3C%2FSTRONG%3E%2C%3CSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EIntune%20App%20Wrapper%20for%20iOS%3C%2FSTRONG%3E%2C%20or%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EXamarin%20Bindings%3C%2FSTRONG%3E%2C%20we%20posted%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EMC222833%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSTRONG%3Easking%20you%20to%20take%20action%20and%20describing%20which%20versions%20are%20needed.%3C%2FLI%3E%0A%3CLI%3EIf%20you%20use%20any%20Microsoft%20applications%20with%26nbsp%3B%3CSTRONG%3EApp%20Protection%20Policies%3C%2FSTRONG%3E%26nbsp%3B(%3CSTRONG%3EAPP%3C%2FSTRONG%3E%2C%20also%20known%20as%26nbsp%3B%3CSTRONG%3EMAM%3C%2FSTRONG%3E)%2C%20you%E2%80%99ll%20want%20to%20ensure%20you%E2%80%99re%20using%20the%20latest%20application%20version%20with%20SDK%20for%20iOS%20(SDK%20version%2012.9.0%2B%20has%20the%20updated%20code)%20or%20SDK%20for%20Android%20(SDK%20version%206.7.2%2B%20has%20the%20updated%20code).%20All%20the%20major%20Office%20apps%20have%20adopted%20the%20newer%20SDK%E2%80%99s%20and%20are%20available%20in%20the%20store.%3C%2FLI%3E%0A%3CLI%3EIf%20you%20use%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EConfiguration%20Manager%3C%2FSTRONG%3E%2C%20including%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Eco-managed%20devices%3C%2FSTRONG%3E%2C%20read%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Ftroubleshoot%2Fmem%2Fconfigmgr%2Fconnectivity-issues-digicert-global-root-g2-not-installed%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20article%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Efor%20any%20conditions%20that%20need%20to%20be%20unblocked%20to%20enable%20the%20root%20cert%20updates%2C%20such%20as%20steps%20to%20ensure%20Windows%20domain%20joined%20co-managed%20devices%20continue%20communicating%20with%20the%20Microsoft%20Endpoint%20Manager%20services.%3C%2FLI%3E%0A%3CLI%3EFor%20any%20Intune%20on-premises%20connectors%20in%20use%2C%20such%20as%20the%20Exchange%2C%20NDES%2C%20ODJ%2C%20or%20PFX%20connectors%2C%20ensure%20your%20servers%20receive%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fprevious-versions%2Fwindows%2Fit-pro%2Fwindows-server-2012-R2-and-2012%2Fdn265983%2528v%3Dws.11%2529%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERoot%20Certificate%20updates%3C%2FA%3E.%20For%20environments%20that%20are%20disconnected%2C%20follow%20guidance%20to%20ensure%20root%20certificates%20are%20installed%20on%20the%20on-premises%20servers.%3C%2FLI%3E%0A%3CLI%3ENote%20that%20you%20may%20also%20have%20to%20check%20your%20Group%20Policy%20settings%2C%20as%20it%20is%20possible%20to%20disable%20automatic%20root%20certificate%20updates.%20Update%20your%20policy%20or%20manually%20update%20the%20certificates%20on%20devices%20including%20MDM-managed%20Windows%20devices.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20you%20need%20to%20do%20to%20prepare%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EEvaluate%20your%20environment%20with%20the%20conditions%20above%20and%20take%20action%20as%20needed.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20for%20those%20of%20you%20that%20didn't%20see%26nbsp%3B%3CSTRONG%3EMC222833%20and%20later%26nbsp%3BMC230351%3C%2FSTRONG%3E%20but%20have%20LOB%20apps%20with%20APP%20(MAM)%26nbsp%3Bhere's%20that%20post%20too%3A%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EMC222833%20(and%20also%20MC230351%20as%20a%20reminder)%20-%20Take%20Action%3A%20Adopt%20the%20Latest%20iOS%20SDK%2C%20Intune%20App%20Wrapper%2C%20and%20Xamarin%20Bindings%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EMicrosoft%20has%20made%20a%20few%20important%20service%20side%20updates%20that%20will%20require%20that%20you%20adopt%20the%20latest%20Intune%20App%20SDK%20for%20iOS%20version%2012.9.0%20or%20higher%2C%20Intune%20App%20Wrapper%2C%20version%2013.0.0%20or%20higher%2C%20or%20Xamarin%20binding%20version%2012.9.0%20and%20then%20have%20your%20end%20users%20adopt%20the%20updated%20apps%20by%20December%2031%2C%202020.%20Note%20that%20the%20way%20Android%20updates%2C%20once%20one%20Microsoft%20application%20with%20the%20updated%20SDK%20is%20on%20the%20device%20and%20the%20Company%20Portal%20is%20updated%2C%20Android%20apps%20will%20update%2C%20so%20this%20message%20is%20focused%20on%20iOS.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHow%20this%20will%20affect%20your%20organization%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EOur%20service%20telemetry%20indicates%20you%20have%20applications%20wrapped%20by%20the%20Intune%20SDK%2C%20the%20Intune%20App%20Wrapper%2C%20or%20Xamarin%20Bindings.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20you%20need%20to%20do%20to%20prepare%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EAction%20will%20depend%20on%20update%20status%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EIf%20you've%20wrapped%20your%20app%2C%20you'll%20want%20to%20re-wrap%20your%20app%20with%20the%20latest%20wrapper%20(13.0.0%20or%20higher)%3C%2FLI%3E%0A%3CLI%3EIf%20you%20integrated%20the%20SDK%20please%20re-integrate%20with%20SDK%2012.9.0%20or%20higher%3C%2FLI%3E%0A%3CLI%3EIf%20you're%20using%20Xamarin%20and%20have%20integrated%20our%20binding%2C%20please%20pull%20in%20the%20binding%2012.9.0%20or%20above%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHere%20are%20the%20public%20repositories%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmsintuneappsdk%2Fms-intune-app-sdk-ios%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EIntune%20App%20SDK%20for%20iOS%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmsintuneappsdk%2Fintune-app-wrapping-tool-ios%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EiOS%20Wrapper%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmsintuneappsdk%2Fintune-app-sdk-xamarin%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EIntune%20App%20SDK%20Xamarin%20Bindings%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EFAQ%20(we'll%20add%20to%20this%20over%20time%20provided%20questions%20are%20asked!)%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EQ%3A%20What%20does%20an%20NDES%20server%20update%20look%20like%3F%3CBR%20%2F%3EA%3A%20We%20asked%20one%20of%20our%20service%20engineers%20and%20here's%20a%20few%20steps.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EOn%20the%20Windows%20device%2C%20Launch%2Frun%20certlm.msc.%20Say%20yes.%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3EGo%20to%20Trusted%20Root%20Certification%20Authorities%3C%2FLI%3E%0A%3CLI%3EOpen%20Certificates%20and%20ensure%20the%20%22%3CSTRONG%3EDigiCert%20Global%20Root%20G2%3C%2FSTRONG%3E%22%20is%20there.%20If%20it%20is%2C%20you're%20set!%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22cert_digicert.PNG%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F231076i2058613B96397EB9%2Fimage-size%2Fsmall%3Fv%3Dv2%26amp%3Bpx%3D200%22%20role%3D%22button%22%20title%3D%22cert_digicert.PNG%22%20alt%3D%22cert_digicert.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3EIf%20not%2C%20the%20Microsoft%20Endpoint%20Manager%20post%20here%3A%26nbsp%3B%3C%2FSPAN%3E%3CA%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Ftroubleshoot%2Fmem%2Fconfigmgr%2Fconnectivity-issues-digicert-global-root-g2-not-installed%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Ftroubleshoot%2Fmem%2Fconfigmgr%2Fconnectivity-issues-digicert-global-root-g2-not-installed%3C%2FA%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3E%26nbsp%3Blists%20common%20reasons%20why%20the%20cert%20is%20not%20installed.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3EIn%20our%20service%20engineer's%20environment%2C%20it%20actually%20wasn't%20there%2C%20so%20he%20got%20the%20cert%20by%20going%20to%20the%20Trusted%20Root%20Certificate%20Store%20as%20described%20in%20the%20above%20doc.%26nbsp%3B%26nbsp%3B%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOne%20of%20our%20customers%20ran%20into%20an%20issue%20that%20the%20certs%20were%20downloaded%20but%20weren't%20being%20applied.%20Here's%20the%20steps%20they%20went%20into%20on%20the%20Exchange%20connector%20server%20to%20ensure%20they%20applied.%20If%20you%20have%20any%20other%20tips%20let%20us%20know!%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3ELogged%20into%20the%20Exchange%20Connector%20server%20with%20a%20local%20user%20account.%3C%2FLI%3E%0A%3CLI%3EFrom%20Windows%2C%20accessed%20the%20Cert%20manager%20with%20certmgr.msc%20from%20the%20Command%20prompt.%20One%20note%20-%20if%20you%20are%20logged%20with%20different%20domain%20account%20you%20can%20add%20how%20to%20access%20to%20Run%20as%20Steps%20to%20access%20Cert%20manager.%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22run_cert_manager.jpg%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F251544iB87C7E9C6D515F2A%2Fimage-size%2Fsmall%3Fv%3Dv2%26amp%3Bpx%3D200%22%20role%3D%22button%22%20title%3D%22run_cert_manager.jpg%22%20alt%3D%22run_cert_manager.jpg%22%20%2F%3E%3C%2FSPAN%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%20class%3D%22xmsonormal%22%3EOnce%20you're%20in%20Cert%20manager%20on%20the%20Exchange%20Connector%20server%2C%26nbsp%3Bclick%20on%20Trusted%20Root%20Certificate%20Authority%20%26gt%3B%20certificates.%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22certificates.jpg%22%20style%3D%22width%3A%20232px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F251545i16903A2DC337D7A6%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22certificates.jpg%22%20alt%3D%22certificates.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%20class%3D%22xmsonormal%22%3E%26nbsp%3BRight%20Click%20on%20Certificates%20%26gt%3B%20click%20All%20Task%20%26gt%3B%20and%20then%20Import.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%20class%3D%22xmsonormal%22%3E%26nbsp%3BAfter%20Import%2C%20select%20the%20certs%20you%20want%20to%20import%20from%20your%20local%20drive%20(in%20this%20case%20the%20new%20ones).%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%20class%3D%22xmsonormal%22%3EOnce%20you%20select%20it%20will%20install%20and%20ask%20for%20confirmation.%20Then%20you'll%20see%20your%20new%20certificates.%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22xmsonormal%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%3CSTRONG%3ENetwork%20Access%20Control%20(NAC)%20note%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EFor%20all%20Network%20Access%20Control%20(NAC)%20scenarios%2C%20when%20using%20a%203%3CSUP%3Erd%3C%2FSUP%3E%26nbsp%3Bparty%20provider%20such%20as%20Cisco%2C%20please%20be%20sure%20your%20NAC%20provider%20has%20validated%20their%20root%20CA%20config.%20They%20should%20have%20how%20to%20do%20this%20documented%2C%20but%20in%20case%20they%20don%E2%80%99t%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fcacerts.digicert.com%2FDigiCertGlobalRootG2.crt.pem%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EAdd%26nbsp%3BDigiCert%20Global%20Root%20G2%26nbsp%3Bto%20their%20trusted%20CA%20store%3C%2FA%3E.%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EFor%20some%20providers%2C%20they%20many%20need%20to%20validate%20the%20configuration%20and%20update%20as%20needed.%3C%2FLI%3E%0A%3CLI%3EConfirm%20your%20network%20can%20receive%20traffic%20so%20that%20the%20configuration%20can%20be%20pushed%20down%20to%20individual%20ISE%20boxes.%3C%2FLI%3E%0A%3CLI%3EFor%20some%20providers%20note%20that%20it%20can%20take%20time%20for%20updates%20to%20be%20distributed.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EUpdated%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E11%2F2%2F2020%20with%20more%20info%20on%20NDES%20server%20cert%20updates.%3C%2FLI%3E%0A%3CLI%3E2%2F2%2F2021%20with%20Exchange%20Connector%20detailed%20instructions%20if%20the%20certs%20were%20downloaded%20but%20not%20applied%20steps%20and%20steps%20for%20NAC%20providers.%3C%2FLI%3E%0A%3CLI%3E2%2F11%2F2021%20with%20the%20latest%20information%20now%20that%20the%20certs%20have%20been%20rotated.%26nbsp%3B%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ELet%20us%20know%20if%20you%20have%20any%20additional%20questions%20on%20this%20by%20replying%20back%20to%20this%20post%20or%20tagging%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FIntuneSuppTeam%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%40IntuneSuppTeam%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bout%20on%20Twitter.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1839655%22%20slang%3D%22en-US%22%3E%3CP%3ERead%20this%20article%20for%20certificate%20updates%20coming%20to%20Intune%20and%20many%20other%20services.%20Most%20management%20scenarios%20will%20work%20without%20action%2C%20however%2C%20look%20at%20the%20scenarios%20below%20and%20take%20action%20as%20needed!%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1839655%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ecertificates%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESupport%20Tip%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1899167%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20certificate%20updates%3A%20Action%20may%20be%20required%20for%20continued%20connectivity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1899167%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Team%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20received%20multiple%20queries%20regarding%20if%20the%20LOB%20apps%20will%20stop%20working%20(%20or%20what%20the%20affect%20gonna%20be%20)%20if%20the%20below%20plan%20is%20not%20followed%2C%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20you%20need%20to%20do%20to%20prepare%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EAction%20will%20depend%20on%20update%20status%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EIf%20you've%20wrapped%20your%20app%2C%20you'll%20want%20to%20re-wrap%20your%20app%20with%20the%20latest%20wrapper%20(13.0.0%20or%20higher)%3C%2FLI%3E%0A%3CLI%3EIf%20you%20integrated%20the%20SDK%20please%20re-integrate%20with%20SDK%2012.9.0%20or%20higher%3C%2FLI%3E%0A%3CLI%3EIf%20you're%20using%20Xamarin%20and%20have%20integrated%20our%20binding%2C%20please%20pull%20in%20the%20binding%2012.9.0%20or%20above%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3EKindly%20comment%20on%20the%20same%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Feb 11 2021 12:58 PM
Updated by: