This may be of highly interest to you, so understand if you are impacted start by reading the article source
Intune Certificate Updates: Action may be required for continued connectivity
So if you use IOS SDk, Intune App wrapper or Xamarin Bindings you have to take actions
If you use App procetion policies(APP or MAM) you want to ensure you are using the latest application version with SDK (Many M365 is already fixed)
Using co-management and ConfigMgr? Read this article
Using SCEP, ODJ, PFX connectors you need to ensure your servers receive Root certificate updates
There are a couple of ways of block automatic updates of certificates to your servers are here are some ways of figuring out if you might have an issue or not
If everything works as it should you should have a certificate in certlm.msc (Certificates for the local machine) under Trusted Root Certificate Authorities named “DigiCert Global Root G2“
A couple of registry values
- HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate
- A value of 1 disables the Windows AutoUpdate of the trusted CTL.
- HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\EnableDisallowedCertAutoUpdate
- A value of 1 enables the Windows AutoUpdate of the untrusted CTL.
- HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\RootDirUrl
- Configures the shared location (the HTTP or the FILE path).
Also follow the Event Viewer in Windows Logs\Application with a Source of CAPI2. If you see any events containing information such as:
- Event ID 7
- Successful auto update retrieval of third-party root list sequence number from: URL_for_Windows_Update_Web_Site
- Event ID 8
- Failed auto update retrieval of third-party root list sequence number from: URL_for_Windows_Update_Web_Site with error: hexadecimal_error_value