The technology industry is retiring trust in the DigiCert Global Root G1 certificate. This change affects some Azure IoT devices and applications connecting to Azure IoT service APIs. Specifically, customers using Azure Government (Fairfax) or Azure China (Mooncake) environments are impacted if their operating systems or trust stores are updated to remove trust for this older root. Azure public cloud customers are not affected as their endpoints already use newer certificate chains. This is a client-side trust store change, not a security incident or service outage.The issue arises when updated client trust stores no longer recognize the DigiCert Global Root G1. Devices and applications that rely on these updated trust stores may fail to establish TLS connections and encounter certificate trust errors. Symptoms include an inability to connect to Azure IoT during the TLS handshake, "untrusted root" or "unknown CA" errors, and the cessation of telemetry or API calls.To mitigate this, it is recommended to validate OS, firmware, and CA bundle updates in a test environment before production rollout. If connectivity issues arise after an update, pausing the rollout and rolling back the update may restore functionality. For persistent issues, contacting Microsoft Support is advised. Checking if recent updates occurred and if the errors are certificate-related can help diagnose the problem. The core of the issue lies in the client's trust store no longer recognizing a previously trusted root certificate.