One of client had Logic Monitor kick off the following ticket:
Eventsource: Windows Exchange EventsWindows
Event ID: 25
Message: The Exchange certificate [Subject] CN=11f90176-4bca-4cec-90fa-2a7bdc7b5181
[Issuer] CN=MS-Organization-P2P-Access 
[Serial Number] 128616464061E8F328FAE2380BB88E82
[Not Before] 7/1/2022 5:46:40 PM
[Not After] 7/2/2022 5:51:40 PM
[Thumbprint] 8E1AA568E95C7BAE26E1BCEB8728E2D43D54DD21 will expire very soon on 7/2/2022 5:51:40 PM.
The certificate in question looks like:
What is a AD Service Principal “P2P Server” Certificate?
A MS-Organization-P2P-Access certificate is:
- valid for only 24 hours
- generated by Azure and issued to an on-premise server
- enables Azure AD credentials to be used in an RDP session
It only has a one day life because the MS-Organization-P2P-Access is not generally needed for longer. You will notice that is starts appearing in Windows logs after AD FS Device Registration has been enabled.
These MS-Organization-P2P-Access certificates are NOT automatically renewed when they expire; they are automatically replaced only when they are needed again.
You can safely ignore them and the fact that they are expiring.
Who Issues MS-Organization-P2P-Access Certificates?
Look in Local Computer\AAD Token Issuer\Certificates and you will see your own on-premise computer issues the MS-Organization-P2P-Access certificates.
The certs are issued to both the user and the computer so they are present in both:
- Local Computer\Personal\Certificates
- Current User\Personal\Certificates