When submitting a CSR to a Microsoft CA, the enrollment fails with the following error message:
The request is not supported. 0x80070032
This issue may be caused by a Group Policy setting that dictates whether outbound NTLM traffic is enabled. By default, the GPO policy ‘Restrict NTLM: Outgoing NTLM traffic to remote servers’ is configured to enable outbound traffic. If this policy is changed to ‘Deny All’, certificate enrollment will fail with the above message.
Change policy to allow outgoing NTLM traffic.