Revoke User’s Agent Passwordless Login Certificate in the Cloud Administration Console

The Certificate Authority (CA) Service supports certificate-based authentication (CBA) for Windows MFA Agents integrated with Microsoft Entra ID. This enhancement provides centralized visibility and control over authentication certificates. In the Cloud Administration Console, you can monitor and revoke certificates issued to a user for agent-based, passwordless Windows logins. Active certificates can be revoked as needed.

This section outlines the steps to revoke an active certificate associated with a user.

Procedure 

1. In the Cloud Administration Console, click Users > Management.

2. In the Search field, enter the user's ID or email address.

3. Scroll to the Agent Passwordless Login Certificates section, which displays any registered certificates along with their statuses, then locate the active certificate and click Revoke.

4. In the confirmation dialog box that appears, click Revoke.

   The registered certificate status changes to "Revoked."

Note:  Revoked certificates are permanently invalid and cannot be reactivated.