KB5014754: Certificate-based authentication changes on Windows domain controllers

The article KB5014754 outlines important changes to certificate-based authentication requests on Windows domain controllers, including updates to the security requirements timeline. To enhance security, the February 2025 Windows security update will introduce Full Enforcement mode, which will deny authentication for certificates that do not meet expected mapping requirements. Devices that do not already have the StrongCertificateBindingEnforcement registry value set to 2 will be moved to Full Enforcement mode by the February 2025 update, with options to move back to Compatibility mode until September 2025.
Windows updates after September 2025 will no longer support StrongCertificateBindingEnforcement registry values. To prepare for these changes, review the KB5014754 article's Take action, Full Enforcement mode, and Registry key information sections and take the appropriate security measures.
For further details and additional information, consult the KB5014754 article, which can be accessed through the provided link. This article is provided by M365 Admin and was last updated on September 10, 2024.
Published on:
Learn moreRelated posts
The August 2024 Windows security update is now available
The August 2024 security update for all supported versions of Windows is now available, and it is highly recommended that you install it promp...
The April 2024 security update is now available
Attention Windows 11 and Windows 10 users! The April 2024 security update is now available. It is highly recommended that you install this upd...
When to use Windows 10 Extended Security Updates
If you are looking to prepare for Windows 10 end-of-life support, then this post has got you covered. The article discusses how to enroll in t...
Expedite non-security updates in Windows 11
With Microsoft Intune or Microsoft Graph, you can now speed up non-security updates in Windows 11. Previously, you could only expedite securit...
Out-of-band updates to address a Windows Server domain controller issue
Microsoft has released out-of-band (OOB) updates for some versions of Windows to address an issue related to a memory leak in the Local Securi...
Non-security preview updates will continue to be released for Windows 11, version 22H2
If you're using or managing Windows 11, version 22H2 devices, you can now expect to receive non-security preview updates for a longer period o...
Device readiness checks for expedited Windows quality updates
If you're using Windows Update for Business deployment service for fast-tracking Windows quality updates, you can now make the process even ea...
Windows Server 2012/R2: Extended Security Updates
If you're still running Windows Server 2012, Windows Server R2 or Windows Embedded Server 2012 R2, you can now purchase up to an additional th...
New security capabilities of Event Tracing for Windows
The Event Tracing for Windows has recently received nine improvements to facilitate better cybersecurity threat diagnosis. Specifically, the s...
Microsoft Edge: Enhanced security mode improvements
Microsoft Edge's enhanced security mode is getting a boost with WebAssembly support for macOS x64 and Linux x64, with cross-platform (ARM64) c...