Share via

Shortening of certificate lifetime validity periods, will Microsoft issued certs be impacted?

ITAdmin2019 0 Reputation points
2026-01-12T11:50:25.0166667+00:00

Public SSL certificates will gradually have their validity periods shortened over the next few years, eventually falling to 47 days. Will Microsoft issued certs in Entra ID apps and other Azure services be impacted by these changes or will the 3 year validity period remain?

Thanks

Community Center | Not monitored
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jerald Felix 10,620 Reputation points
    2026-01-12T16:15:20.0833333+00:00

    Hello ITAdmin2019,

    Thanks for reaching the Q&A forum. No, Microsoft-issued certificates in Entra ID apps and Azure services are not impacted by the CA/B Forum's public TLS certificate shortening (47 days by 2029). These are self-signed/internal certs exempt from CA/Browser Forum rules

    Key Details

    CA/B Forum Changes Apply Only to Public CAs (DigiCert, Let's Encrypt, etc.):​

    Public SSL/TLS certs → 398 days → 200 days (Mar 2026) → 47 days (Mar 2029)

    Drives automation for website/server certs​

    Microsoft Self-Signed Certs Remain 3 Years:

    • Entra ID SAML federation certs: Default 3-year validity (customizable up to 3 years)​
    • Azure Key Vault certs: Configurable (recommend ≤1 year best practice)​
    • App registrations: Auto-generated 3-year certs

    Microsoft Entra ID maintains 3-year validity with manual rollover option no changes planned to match public CA timelines. If helps, kindly accept the answer.​

    Cheers,

    Jerald Felix

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.