Microsoft has encountered a significant oversight in certificate management, leading to untrusted connection warnings for a domain widely used by system administrators to test Microsoft 365 connectivity. The domain, connectivity.office.com, is essential for IT professionals to verify network connections to Microsoft 365 services and ensure that firewalls are not obstructing critical Microsoft operations.
On Monday, users began receiving NET::ERR_CERT_DATE_INVALID errors in Chromium-based browsers when accessing this domain. This issue stems from the TLS certificate, issued by Microsoft Azure RSA TLS Issuing CA 07, which expired on Sunday, June 14, 2026, at 08:38:02 UTC. The certificate had a six-month validity period, having been last renewed on December 16, 2025, but was not renewed in time.
The expired certificate has a SHA-256 fingerprint of c52ca2abaffcb192ef02ff7c131504d32b0311024c4ec7f8a439c44f17347baa. An SSL server report confirmed that the certificate was valid for exactly 180 days before expiring without renewal. Consequently, browsers now flag the site as untrusted, displaying warnings that the server could not prove its identity as connectivity.office.com due to the expired security certificate.
The connectivity.office.com domain is specifically designed to assist enterprise IT teams and network engineers in diagnosing Microsoft 365 connectivity issues. It tests whether firewalls, proxies, or network appliances are interfering with traffic to Microsoft servers. With the certificate now expired, any automated tools or scripts relying on HTTPS connections to this endpoint may fail or produce certificate validation errors, disrupting diagnostic workflows. Organizations that incorporate this endpoint in network health checks or onboarding verification scripts are directly affected.
This incident is particularly notable given Microsoft’s ongoing efforts to promote certificate hygiene. The company has been urging enterprise customers to renew aging Secure Boot certificates ahead of their expiration between June and October 2026. Allowing a publicly facing, IT-critical domain’s TLS certificate to lapse contradicts this guidance. Certificate lifecycle management failures are among the most preventable security misconfigurations, and automated renewal systems exist precisely to prevent such lapses.
As of the time of writing, Microsoft has not issued a public statement regarding the expired certificate. Given the operational importance of the affected domain, it is expected that the company will renew the certificate promptly.
This incident underscores the critical importance of diligent certificate management. Organizations should implement robust monitoring and automated renewal processes to prevent similar lapses, which can disrupt essential services and erode user trust.
