Article ID: 2832607
NoticeThe third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
Microsoft updated the Windows Intune root certificate from the GTE CyberTrust Root certificate to the Baltimore CyberTrust Root certificate. Baltimore-based certificates are not supported on Android devices of versions earlier than 2.3.4 (Gingerbread). Therefore, these devices may be unable to connect to the Windows Intune service. For Android devices of version 2.3.4 and later versions, there is native support in the Android operating system for Baltimore-based certificates.
Important This information is provided as general guidance. Because device compatibility for certificates may vary, we recommend that you contact your Android device manufacturer.
On September 5, 2012, Microsoft updated its publicly trusted SSL infrastructure with a new 2,048-bit root (the Baltimore CyberTrust Root) in order to comply with the latest industry standards for minimal key strength certificates. This change means that SSL certificates that all connecting device requests after this change will be issued from the new Baltimore root. All certificates that were obtained before the change were issued from the GTE root. Certificates that were issued from the GTE root will see no immediate effect until after July 31, 2013. Currently, these certificates will no longer be valid even if their "valid to" date is after July 31, 2013.
Android added support for Baltimore CyberTrust Root certificates in version 2.3.4 of the operating system. Device versions before this update may not support the Baltimore certificate and therefore will be unable to connect to the Windows Intune service. We recommend that you contact your device manufacturer to determine whether Baltimore support was added to your Android device.