DoD has mandated all Agencies convert to 16-digit Personal Identity Verification (PIV) "Authentication" Certificates for accessing DoD IT Resources. I verified the current IIS authentication settings and CAC logon is working, but I would like to know if there is anything that can be done to disable the ability to logon using the DoD email certificate or reset to use only the PIV authentication certificate? Currently users are able to use either of the two certificates. Or will I just need to create new accounts to access Orion?