Avoid Cutoff from Exchange Online in Mar. 2026

All mail systems must add the DigiCert Global Root Certificate G2 to their trust lists by Mar. 15, 2026, or risk being cut off from Exchange Online. Exchange Online currently uses the DigiCert G1 Global Root Certificate to secure connections with other mail senders, which requires both parties to have that certificate on their certificate trust lists (CTLs). According to Digicert, on Apr. 15, 2026, the Google Chrome and Mozilla Firefox browsers will remove that certificate from their CTLs, and many mail senders will follow suit. To avoid losing connectivity to Exchange Online, Microsoft says all applications should trust the DigiCert Global Root Certificate G2 by Mar. 15, 2026, so that Microsoft can rotate certificates ahead of the Apr. 15 deadline. The Windows CTL service will make the change automatically if it’s enabled (the default), so Exchange Server and other applications on Windows and Windows Server might require no action. However, some organizations switch off the Windows CTL Updater and maintain trust lists by some other method, for security reasons or to support applications on other platforms. These organizations will be cut off unless they act. Planned and likely events for Exchange Online are featured in the Directions Business Applications Roadmap at “Exchange Online Roadmap.” Further information is on the Exchange team blog at “Trust DigiCert Global Root G2 Certificate Authority to Avoid Exchange Online Email Disruption” (Microsoft).