can we use older ESXi like version 7 seeing issue where its not applying the KEK and giving error. solution is to renaming the nvram which is not really ideal for large enterprise. 

Can you elaborate on the differences between the active db and the default db? This seems to be a common point of confusion. 

If diagnostic data/telemetry is disabled, what specifically stops working? Does it prevent Microsoft from delivering the secure boot update altogether, or does it mainly impact reporting and insights?

how to monitor the secure certificate deployment? If we do the deployment from Intune. and choose MS patch to obtain it.

If you select to push the certificate update through GPO / Intune, with the policy Enable Secure Boot certificate deployment / Enable SecureBoot Certificate Updates

How far does the process go?

As I understand it, there 4 steps
1. DB is updated with certificates
2. Boot manager is updated to use the new certificate
3. Old 2011 certificate is untrusted in DBX
4. SVN is updated

My concern is step 3, because that causes the machine to no longer trust ones current pxe boot image, and it’s not ideal that happens at some random time.

Does the GPO / Intune setting go through all 4 steps in a matter of x reboots, or are the last steps something that happens in a windows update?

The Intune policies that configure the secure boot cert updates - are those needed or will Microsoft automatically deploy the certs? Testing those policies in Intune are giving us a 65000 error - any idea why?

what is the process to update devices with currently safeboot disabled. 

1. Can we proceed with the firmware upgrades on the physical Hyper‑V servers with OEM Support before Microsoft releases the fix on March 10th?
2. Do we need to wait for the automatic renewal process to begin, or should we initiate the manual renewal using the required registry key? As we have tough Deadline towards June,2026.
3. We have several physical Hyper‑V host servers where Secure Boot is currently disabled at the Windows hypervisor level, while the guest virtual machines have Secure Boot enabled. Please confirm whether it is still necessary to update the compatible firmware on these Hyper‑V host servers.
4. Is the presence of Event ID 1808 sufficient to validate the successful Secure Boot certificate renewal, or should we additionally verify the certificate expiry details?
5. What is the expected downtime, how many reboot requires during the Secure Boot certificate renewal process, and how can we effectively manage this within the controlled patching window? Additionally, if we perform one reboot as part of the current monthly patching cycle and defer the second reboot to the next month’s patch schedule, would this cause any performance issues or operational risks on the affected servers?
6. Is there any potential impact on installed applications following the renewal of Secure Boot certificates? Is there any rollback plan in case of any issues?
7. When we will have Secure Boot certificate renew status reports in SCCM ?

Is there (or will there be) a tool or series of PowerShell commands that can be used to assess the current status of the computer and 2023 Certificate?

Hello, how to join this call now? There is no link available.