Event details

Join us in May for our fourth Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they start expiring in June of 2026. If you've already bookmarked Secure Boot playbook, but need more details or have a specific question, join us to get the answers you need to prepare for this milestone. No question is too big or too small. Update scenarios, inventorying your estate, formulating the right deployment plan for your organization -- we're here to help!

How do I participate?

Registration is not required. Simply select Add to calendar then sign in to the Tech Community and select Attend to receive reminders. Post your questions in advance, or any time during the live broadcast

Get started with these helpful resources

Heather_Poulsen
Updated May 18, 2026
AMA
Technical Takeoff

114 Comments

Show More
  • deltavictorindialima's avatar
    deltavictorindialima
    Copper Contributor
    May 18, 2026

    In the Secure Boot status report in Intune, what is the column Confidence level for? Most of my systems show "Under Observation - More Data Needed" for that column. My Certificate status column shows "Up to date" for all the same systems. I thought I was done, is there more I need to do?

  • SimoneTac's avatar
    SimoneTac
    Copper Contributor
    May 18, 2026

    Using Intune CSP - the majority of our devices, including ones with updated firmware, are still in the "Under observation" confidence level bucket, according to Autopatch Secure Boot report. 
    We haven't seen it changing with latest CUs. 
    should we now push using the AvailableUpdare=0x5944 before June?

     

  • Claude_Boucher_OEM's avatar
    Claude_Boucher_OEM
    Brass Contributor
    May 18, 2026

    Dear all,
    I recently update CheckCA2023 to 1.6.0 :

    https://github.com/claude-boucher/CheckCA2023

    I hope it could be helpfull.

  • SUP_EricJ's avatar
    SUP_EricJ
    Occasional Reader
    May 18, 2026

    If we are using VMWare vSphere and not using Secure Boot and using legacy BIOS, this cause issues after June 2026. Also, how do we get the server setup like this compliant?

     

  • deltavictorindialima's avatar
    deltavictorindialima
    Copper Contributor
    May 18, 2026

    So we're using intune/autopilot for our systems. We've seen a small percentage of our systems have blue screen errors during our rollout of the CA2023 update with intune. The errors we've observed are:

    7_0_800000001_80000001_SecureBoot_SecureBoot_7_6_ccfc...

    7_2_800000001_80000001_KEK_KEK_7_7_63af...

    Any ideas why these systems got messed up? Firmware was up-to-date on them. Basically disabling bitlocker and waiting for our bitlocker policy to re-enable it worked on these systems.

  • ZaheerAI's avatar
    ZaheerAI
    Copper Contributor
    May 18, 2026

    we are using Intune --> Autopilot to deploy our computers 

     

    If you don’t update and the certificate expires. When a device enrolls will the secure boot process actually be enabled or will it fail to bind to bitlocker and take that with it in one or more policies

  • iamVinay's avatar
    iamVinay
    Copper Contributor
    May 18, 2026

    How about MacBooks running Windows in Bootcamp/natively?

  • wingmanerik's avatar
    wingmanerik
    Occasional Reader
    May 18, 2026

    A comment was made regarding bootable media in regards to the secure boot certificates. We have several USB sticks and PEs used to build systems. If the certificates are expired in the boot media / PE, will those stop working completely in June? Or only when the old certificates are revoked?

    Thank you!

    • IvanCardim's avatar
      IvanCardim
      Icon for Microsoft rankMicrosoft
      May 18, 2026

      Expiration alone won't impact existing boot media that is working today - they'll only stop working when the 2011 certs are explicitly revoked via a DBX update.

  • kichumurali's avatar
    kichumurali
    Occasional Reader
    May 18, 2026

    1. A lot of our w365 cloud PCs are showing not upto date and when I applied tge policy it moved to in progress and showing event id 1795. I can see an article which says Microsoft is working on fixing this. How can I make sure if my issue is covered under this.

    2. After June how can I update these certificates?