All AD FS Services should use a Public certificate, because we use it for external Third party services management and we use it so other Device outside Our local network can Access these Third party services. This means we have to publish Our AD FS Service to external network and for them to rely on…
Yesterday Microsoft updated and the result is all EnTrust Root Certificates are not trusted anymore. This is because 1024 bit key isn’t good enough after the update, and the RootCA needs to be changed to minimum 2024 bit.
I am Roy Apalnes, a Microsoft Cloud Evangelist working av Sopra Steria. Main focus in Microsoft Security and Endpoint Management, with a bigger picture in mind.