Are you using strong certificate mapping in Active Directory? Richard Hicks returns to the show to talk about the impacts of KB5015754, issued way back in 2022, and how it turned into an enforcement event on February 11, 2025 that might have caused some serious problems for folks trying to authenticate to Active Directory. For most sites, the upgrade to strong certificates was pretty much automatic. But if you're using Intune SCEP, you needed to do some configuration - and if that was missed, there is trouble. There are workarounds for now, but come September 2025, enforcement will be mandatory and everything gets harder, so it's worth looking into it now!

Links

• KB5015754: Certificate-based Authentication Changes on Windows Domain Controllers
• Richard's Blog Post on Strong Certificate Mapping Enforcement
• Active Directory Certificate Services
• Create and Assign SCEP Certificate Profiles in Intune
• Heartbleed

Recorded February 17, 2025