• 1 min read

Upcoming Azure Active Directory certificate rollover: August 15, 2016

Back in May we announced Azure Active Directory would be rolling over the keys it uses to sign tokens. Today we're announcing the new rollover date will be Monday, August 15, 2016.

Back in May we announced Azure Active Directory would be rolling over the certificates of the service. Based on feedback from the community asking for more time to get ready for this event, and our strong desire to avoid any customer downtime, we delayed the rollover.

Today we're announcing the new rollover date will be Monday, August 15, 2016.

We do not expect any impact for:

  • Applications following the best practices
  • Client applications
  • Applications added from the Azure Active Directory App Gallery (including “Custom”)
  • On-premises applications published via Application Proxy
  • Applications in Azure Active Directory B2C tenants

There might be an impact to applications if:

The applications take a dependency on the certificate and are not configured to automatically update the certificate from the metadata. We’ve included information below to help you assess the impact of the rollover to your applications and how to update them to handle the key rollover if necessary.

Step-by-step instructions

  1. Sign in to the Azure classic portal using an administrator account.
  2. Under the Active Directory tab, select your directory.
  3. Select Applications my company owns from the Show dropdown menu then click the checkmark at the right to apply the filter.
  4. Review each of the applications listed using the guidelines on the Signing key rollover in Azure Active Directory documentation and make the recommended changes if required. 

If you experience unusual behaviors please contact Azure Support.