Outgrowing the Microsoft PKI Active Directory Certificate Services (ADCS), sometimes also just called the Microsoft CA, has been an easy choice for many organizations as it is well integrated in the Microsoft infrastructure. It supports standard enterprise PKI needs such as securing web servers (TLS), certificate-based authentication (WIFI, Win Logon), digital signatures for documents, encrypting emails (S/MIME). However, PrimeKey’s experience is that many organizations that have been using ADCS for a while get stuck. Organizational changes, operational challenges and new business opportunities can no longer be supported in an effective way. Three of the most common reasons for outgrowing a Microsoft PKI are listed below.