Please see the following scheduled Microsoft change:
Date: Wednesday, Jan. 7, 2026
The following work is being completed: Microsoft Entra is migrating its DigiCert certificates. DigiCert Global Root G1 is the current root Certificate Authority (CA) used by Microsoft Entra services. DigiCert Global Root G2 is the newer root CA that Microsoft is migrating to for improved security and compliance.
All affected processes: If DigiCert G2 certificates are not trusted, authentication failures will occur when accessing Microsoft Entra services. Impacted domains include:
- login.microsoftonline.com
- login.live.com
- login.windows.net
- autologon.microsoftazuread-sso.com
- graph.windows.net
Duration of impact: Clients that pin to the DigiCert G1 root or do not trust the DigiCert G2 root may experience authentication failures until certificates are updated.
Necessary follow-up steps: Update settings now to avoid service disruption:
- Trust the “DigiCert Global Root G2” root and its subordinate CAs.
- Remove any client-side pinning to the DigiCert Global Root CA root certificate.
- Trust all Root and Subordinate CAs listed in the Azure Certificate Authority details documentation.
Additional information:
Questions? Please contact Crimson Service Desk at crimsonservicedesk@wsu.edu or 509-335-4357.