Blog Post

Microsoft Intune Blog
4 MIN READ

Understanding readiness for Windows 11 with Microsoft Endpoint Manager

Zach Dvorak's avatar
Zach Dvorak
Icon for Microsoft rankMicrosoft
Sep 21, 2021
With the announcement of Windows 11, you might be wondering how your organization can prepare for the upgrade, as well as what you can do right now to set yourself up for success. One of the first th...
Updated Sep 21, 2021
Version 1.0
microsoft intune
MattHempel's avatar
MattHempel
Copper Contributor
Jan 11, 2022

The readiness script always returns a Pass for SecureBoot for me even if SecureBoot is disabled.

Might need something like below ?

 

 

try {
    $isSecureBootEnabled = Confirm-SecureBootUEFI
	
	if ($isSecureBootEnabled) {
		$outObject.logging += $logFormatWithBlob -f $SECUREBOOT_STRING, $CAPABLE_STRING, $PASS_STRING
		UpdateReturnCode -ReturnCode 0		
	}
	else {
		$outObject.logging += $logFormatWithBlob -f $SECUREBOOT_STRING, $CAPABLE_STRING, $FAIL_STRING
		UpdateReturnCode -ReturnCode 1
		$exitCode = 1
	}
}
catch [System.PlatformNotSupportedException] {

 

ok , just found that it is not a requirement for Windows 11 to have SecureBoot enabled, system just needs to be capable.

https://support.microsoft.com/en-us/windows/windows-11-and-secure-boot-a8ff1202-c0d9-42f5-940f-843abef64fad