Event details

Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. We recently published the first version of the Secure Boot playbook, o...
Heather_Poulsen
Updated Dec 09, 2025
AMA
JW100's avatar
JW100
Copper Contributor
Dec 10, 2025

Hi,

My registry keys show the following values:

UEFI2023Status = Not started

WindowsUEFICA2023Capable = 0

Endpoints are managed via MECM and built via PXE boot. How do I ensure that PXE boot is utilising the newer cert?

Please can you indicate a generalised approach for me to investigate?

 

Many Thanks,

  • HeyHey16K's avatar
    HeyHey16K
    Iron Contributor
    Dec 11, 2025

    We have this too! I know the MS team said in the webinar they will come back on this point, I hope they do as the NotStarted status doesn't seem to be covered anywhere... Ours are managed by Intune (inc. Windows Updates) and built by Autopilot