Blog Post

Microsoft Intune Blog

4 MIN READ

Understanding readiness for Windows 11 with Microsoft Endpoint Manager

Microsoft

Sep 21, 2021

With the announcement of Windows 11, you might be wondering how your organization can prepare for the upgrade, as well as what you can do right now to set yourself up for success. One of the first th...

Updated Sep 21, 2021

Version 1.0

microsoft intune

Zach Dvorak

Microsoft

Joined November 30, 2017

View Profile

Microsoft Intune Blog

Follow this blog board to get notified when there's new activity

MattHempel

Copper Contributor

Jan 11, 2022

The readiness script always returns a Pass for SecureBoot for me even if SecureBoot is disabled.

Might need something like below ?

try {
    $isSecureBootEnabled = Confirm-SecureBootUEFI
	
	if ($isSecureBootEnabled) {
		$outObject.logging += $logFormatWithBlob -f $SECUREBOOT_STRING, $CAPABLE_STRING, $PASS_STRING
		UpdateReturnCode -ReturnCode 0		
	}
	else {
		$outObject.logging += $logFormatWithBlob -f $SECUREBOOT_STRING, $CAPABLE_STRING, $FAIL_STRING
		UpdateReturnCode -ReturnCode 1
		$exitCode = 1
	}
}
catch [System.PlatformNotSupportedException] {

ok , just found that it is not a requirement for Windows 11 to have SecureBoot enabled, system just needs to be capable.

https://support.microsoft.com/en-us/windows/windows-11-and-secure-boot-a8ff1202-c0d9-42f5-940f-843abef64fad