Microsoft Cloud PKI for Intune automates certificate management for enrolled devices, but you must manually handle the expiration of the certification authority (CA). When your Cloud PKI issuing CA approaches its expiration date, you need to create a new CA and update your SCEP certificate profiles to maintain uninterrupted service. This guide explains the expiration process, potential impacts, and the steps required to transition to a new issuing CA.

Source

Microsoft has initiated a critical security hardening phase for Windows Active Directory domain controllers to address CVE-2026-20833, a Kerberos vulnerability that enables Kerberoasting attacks by allowing attackers to exploit weak RC4 encryption. The January 2026 security updates mark the beginning of a phased transition that will disable RC4 encryption by default and enforce AES-SHA1 as the standard encryption method for Kerberos authentication.

Source

Microsoft has started automatically updating Secure Boot certificates on eligible Windows 11 systems with the January 2026 security update. The update replaces certificates that are set to expire in June and October 2026, ensuring devices maintain boot security and continue receiving critical updates. Learn what admins need to know.

Source

Microsoft 365 users face a critical bug in Classic Outlook that prevents recipients from opening encrypted emails. In Classic Outlook, trying to open an encrypted email shows a specific error message in the Reading Pane: "This message with restricted permission cannot be viewed in the reading pane until you verify your credentials. Open the item to read its contents and verify your credentials." This issue stems from a client-side regression in how Classic Outlook handles encryption settings, and Microsoft is currently investigating the problem.

Source

Microsoft introduced hardware-accelerated BitLocker to address the performance overhead of disk encryption on modern high-speed NVMe drives. This feature offloads cryptographic operations from the main CPU to dedicated crypto engines in the system-on-chip (SoC), improving performance and enhancing security.

Source