Add Note about CNG certificates

JustinGrote · web-flow · commit cbc3876a909c · 2020-07-08T09:00:35.000-07:00
Closes #6092
diff --git a/exchange/docs-conceptual/app-only-auth-powershell-v2.md b/exchange/docs-conceptual/app-only-auth-powershell-v2.md
@@ -93,6 +93,9 @@ For a detailed visual flow bout creating applications in Azure AD, see <https://
    - Create and configure a self-signed X.509 certificate, which will be used to authenticate your Application against Azure AD, while requesting the app-only access token.
 
    - This is similar to generating a password for user accounts. The certificate can be self-signed as well. See the [Appendix](#appendix) section later in this topic for instructions for generating certificates in PowerShell.
+   
+> [!NOTE]
+> Currently CNG (Certificate Next Generation) based certificates are not supported for app-only authentication with Exchange. CNG certificates are created by default in modern Windows versions. You must use a certificate from a CSP key provider. The [Appendix](#appendix) covers two supported methods to create a CSP certificate.
 
 4. Assign RBAC roles
 
