Skip to main content
  1. CloudM
  2. Continuity
  3. Administration
  4. Connection Management

Rotating Microsoft 365 Credentials

Updated

The Microsoft 365 connection in CloudM Continuity uses an Azure AD application with certificate-based authentication. Certificates have an expiry date, so you need to rotate them periodically. This article explains how to generate a new certificate and update it in both Azure AD and CloudM Continuity.

Why rotate credentials?

  • Certificate expiry. Self-signed certificates expire after the period set when they were created (typically one year). When a certificate expires, the connection stops working and sync operations fail.
  • Security best practice. Regular rotation limits the impact of a compromised private key.
  • Compliance requirements. Your organisation's security policy may require periodic credential rotation.

Before you start

  • You need Application Administrator or Global Administrator access to your Azure AD tenant
  • You need Super Admin or Admin access in CloudM Continuity
  • You need a Windows machine with PowerShell to generate the new certificate
  • Know which Azure AD app registration is used for the connection (typically named "CloudM Continuity" or similar)

Step-by-step rotation

Step 1: Generate a new certificate

Open PowerShell and run the following commands to create a new self-signed certificate:

$cert = New-SelfSignedCertificate `
    -Subject "CN=CloudM Continuity" `
    -CertStoreLocation "Cert:\CurrentUser\My" `
    -KeyExportPolicy Exportable `
    -KeySpec Signature `
    -KeyLength 2048 `
    -KeyAlgorithm RSA `
    -HashAlgorithm SHA256 `
    -NotAfter (Get-Date).AddYears(1)

Export the PFX file (you will upload this to CloudM Continuity):

$password = ConvertTo-SecureString -String "YourPassword" -Force -AsPlainText
Export-PfxCertificate -Cert "Cert:\CurrentUser\My\$($cert.Thumbprint)" `
    -FilePath ".\CloudM-Continuity.pfx" -Password $password

Export the CER file (you will upload this to Azure AD):

Export-Certificate -Cert "Cert:\CurrentUser\My\$($cert.Thumbprint)" `
    -FilePath ".\CloudM-Continuity.cer"

Step 2: Upload the new certificate to Azure AD

  1. Sign in to the Azure Portal at portal.azure.com
  2. Navigate to Azure Active Directory > App registrations
  3. Select the app registration used for CloudM Continuity
  4. Go to Certificates & secrets
  5. Under Certificates, click Upload certificate
  6. Upload the .cer file you exported and click Add

Do not remove the old certificate yet

Keep the old certificate in Azure AD until you've updated CloudM Continuity and validated the new connection. This ensures there's no gap in service if something goes wrong.

Step 3: Update the certificate in CloudM Continuity

  1. In CloudM Continuity, go to Connections in the sidebar
  2. Click on your Microsoft 365 connection
  3. Upload the new .pfx file in the Private key field
  4. Update the Certificate password with the password you set when exporting the PFX
  5. Click Save

Step 4: Validate the connection

  1. Use the three-dot menu on the connection card and select Test connection
  2. Confirm the status shows Active

If the connection test fails, check that you uploaded the correct .pfx file and that the certificate password matches the one used during export.

Step 5: Remove the old certificate

  1. Once the new certificate is validated and sync is running normally, return to Azure AD
  2. Go to Certificates & secrets in your app registration
  3. Under Certificates, delete the old certificate (identify it by its earlier expiry date or thumbprint)

Checking certificate expiry dates

To find when your current certificate expires:

  1. In the Azure Portal, go to your app registration
  2. Navigate to Certificates & secrets
  3. Under Certificates, the Expires column shows the expiry date for each certificate

Set a reminder

Set a calendar reminder at least 2 weeks before your certificate expires. This gives you time to rotate without risking sync disruption.

What happens if a certificate expires

Impact Details
Sync operations All sync jobs using this connection will fail with an authentication error
Existing data Data already synced to Google Workspace is not affected
Recovery Generate a new certificate, upload it to Azure AD and CloudM Continuity, then test the connection. Sync resumes on the next cycle.

Troubleshooting

Issue Solution
Validation fails after updating the certificate Ensure you uploaded the .pfx file (private key), not the .cer file (public key). CloudM Continuity needs the PFX.
Certificate password error The password must match the one used when running Export-PfxCertificate. If you've forgotten it, generate a new certificate with a new password.
Multiple certificates exist and you're unsure which is active Check the Expires column and the Thumbprint in Azure AD. Remove any expired certificates and verify the remaining one works by validating in CloudM Continuity.
Was this article helpful?
0 out of 0 found this helpful