Microsoft 
Certificate Authority

Microsoft CA

DigiCert® Trust Lifecycle Manager integrates with Microsoft Active Directory Certificate Services (ADCS, MSCA) to discover, manage, and automate certificates issued from private Microsoft CAs. The integration gives organizations centralized visibility, flexible enrollment (SCEP, EST, ACME, APIs), and automated issuance, renewal, and revocation—reducing human error while extending Microsoft CA into a broader security ecosystem.

What it does

• Discovers and imports all certificates issued from Microsoft CA into a unified Trust Lifecycle Manager inventory.
• Applies consistent security and issuance policies to certificates issued from one or multiple CAs.
• Automates lifecycle events—issuance, renewal, and revocation—through native Microsoft CA workflows.
• Supports multiple enrollment methods including SCEP, EST, ACME, and API-based requests.
• Provides alerting and health monitoring for Microsoft CA services to detect and resolve disruptions.
• Simplifies CA migration by enabling coexistence and transition to new private certificate authorities like DigiCert Private CA.

Why it matters

• Reduce operational risk: Identify and remediate expiring or misconfigured certificates before they cause outages.
• Improve governance: Enforce consistent policies and approval workflows across all CA-issued certificates.
• Simplify audits and compliance: Centralize records and certificate metadata for reporting and traceability.
• Streamline operations: Automate certificate issuance and renewal to minimize manual tasks and human error.
• Enable cryptographic agility: Support hybrid PKI strategies with integrated management of Microsoft CA and DigiCert Trust Lifecycle Manager.

How it integrates

• Trust Lifecycle Manager connects directly to Microsoft CA servers via secure API and enrollment interfaces.
• Uses a DigiCert sensor to discover and import certificates from one or more Microsoft CAs into the centralized TLM inventory.
• Admins can define policy, automate issuance, and trigger renewals for certificates under Microsoft CA management.
• The integration supports standard enrollment protocols (SCEP, EST, ACME) and web/API-based workflows.
• Trust Lifecycle Manager continuously monitors Microsoft CA availability and provides alerts if services go offline.

Resources

• Microsoft CA Integration Spotlight
• Microsoft CA Integration Guide
• Microsoft CA Connector
• ACME-Based Certificate Profiles for Microsoft CA