Hello @Azure Partner ,
Thank you for reaching out to the Microsoft Q&A platform. Happy to answer your question.
Customers who explicitly specify a list of acceptable CAs (a practice known as “certificate pinning”) in Azure instance metadata service attested data are impacted. Hence you will not be impacted as you confirm that you have not pinned certs to any intermediate CA certs.
How do I know whether my applications are impacted?
If any client application has pinned to an Intermediate CA rather than the Baltimore CyberTrust Root, immediate action is required to prevent disruption in the services which rely on Azure Instance metadata service.
If you have an application that integrates with Azure services, or if you get your VM images from Azure marketplace, and you are unsure if it uses certificate pinning with Azure Instance Metadata Service Attested data, check with the application/image owner.
For more details, you can refer to this thread https://learn.microsoft.com/en-us/answers/questions/878907/azure-instance-metadata-service-attested-data-cert.html
****If you are satisfied with the answer, please "Accept as Answer" and Upvote, so that you can help others in the community looking for remediation for similar issues.****