Strong Certificate Mapping enforcement pushed back to 2025

Posted by RiceeeChrispies@reddit | sysadmin | View on Reddit | 1 comments

People who use certificates for Intune through the NDES connector faced a cliff-edge situation in November ‘23 - as there is no official way to strongly map a certificate from an offline request (which NDES generates). These certificates are generally used for Wi-Fi and VPN authentication, so quite a big issue. They have [something in preview](https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/preview-of-san-uri-for-certificate-strong-mapping-for-kb5014754/ba-p/3789785), but no updates since April. This has now been [pushed back to February 11, 2025](https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16). Rejoice slightly? Although that’s quite a big pushback.

1 Comments

[-]

Mitchell_90@reddit

Going by the article my guess for the pushback is they are possibly targeting the URI preview towards the next Windows Server release first which going by the usual roadmap should be released some time in 2024. Perhaps backporting this to previous versions is going to take longer hence the 2025 date? We use NDES for deploying user-based VPN certificates on Intune managed Windows devices so we’d be out of luck come enforcement in November.

Reply to Post

1 Comments