Skip to main content
close search
site logo
Dive Brief

An expired Microsoft security certificate took down Teams

Published Feb. 4, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Kendall Davis for CIO Dive

Dive Brief:

  • After an authentication certificate expired, Microsoft Teams suffered an outage on Monday, according to a company announcement. Within an hour, Microsoft "initiated the deployment" of an updated certificate, the company said. About five hours later, the deployment was complete.
  • An authentication certificate is used as a "public key," underlying encrypted communication "between the client and the target cloud or web application," James Christiansen, VP of cloud security transformation Netskope, told CIO Dive in an email. "It is a vital component to establishing a secure two-way communication with Microsoft Teams."
  • To restore service after a certificate expires, companies have to find where the credentials are stored, update all of them and reset applications if necessary, said Christiansen.​

Dive Insight:

However, even Microsoft has oversights. Deploying an update typically isn't a tenuous process, nor should it disrupt services. The intricacy of an application can influence the success of deploymentsEven the "lowest levels" of security, such as domains or IP addresses, require authentication​, Dean Coclin, senior director of business development at DigiCert, told CIO Dive in an email. 

Ensuring certificates are up to date depends on the method of management.

A certificate designated to a specific domain or machine has to be approved by a third-party "certificate authority," which are trusted by operating systems and web browsers, said Christiansen. The third party extends its trustworthiness to the certificate holder.

Microsoft didn't disclose how it manages certificates, but there are typically two ways of doing so, according to Coclin: 

  • Manually: "Someone creates a spreadsheet of their certificate inventory and maybe sets an alarm on their calendar before a cert expires, to remind them to get it renewed." 

  • Automated: Using a certificate management software, users can either have an automated reminder programmed, or renewal and installation of new certificates," said Coclin. 

Having a digital certificate's expiration slip under the radar could either be the fault of the administrator manually managing it or the software dysfunctioning. Teams often forget certificates they manage​, according to Christiansen. The industry standard is centralizing the acquisition and management of certifications using software.

Filed Under: Security, Corporate

Editors' picks

Company Announcements

View all | Post a press release
Revenera Monetization Monitor 2025: Product Usage Insights Drive Better Roadmaps
From Revenera
November 25, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell