Ask Microsoft Anything: Secure Boot - Windows Tech Community

Event details

Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. We recently published the first version of the Secure Boot playbook, o...

Heather_Poulsen

Updated Dec 09, 2025

AMA

nipeters

Copper Contributor

Dec 09, 2025

I'm curious when checking to see if the new 2023 certs for Secure Boot get updated, why would we only be checking this cert? [System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match ‘Windows UEFI CA 2023’. This is the "How to Audit Secure Boot Configuration" portion on this page https://support.microsoft.com/en-us/topic/windows-configuration-system-wincs-apis-for-secure-boot-d3e64aa0-6095-4f8a-b8e4-fbfda254a8fe

Ashis_Chatterjee
Microsoft
Dec 10, 2025
There are multiple methods to update Certificates listed in: aka.ms/getsecureboot->Guidance for IT professionals and organizations

Secure Boot Certificate updates: Guidance for IT professionals and organizations - Microsoft Support

The Monitoring Section of this document has the Events 1801 and 1808 which check for all the relevant certificate updates and their status. This would be a complete way to Audit (also the WinCS documentation is getting updated to reflect this).