Event details

Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. We recently published the first version of the Secure Boot playbook, o...
Heather_Poulsen
Updated Dec 09, 2025
AMA
David_Swenson's avatar
David_Swenson
Iron Contributor
Dec 10, 2025

I deployed the new Settings Catalog options via Intune as described here. The deployment failed with no conflicts just error devices in Intune. 

Build 26200.7296

  1. Configure High Confidence Opt Out
    1. State = Disabled, Result = ✅ Succeeded
  2. Configure Microsoft Update Managed Opt In
    1. State = Enabled, Result = ❌ Failed
  3. Enable Secureboot Certificate Updates
    1. State = Enabled, Result = ❌ Failed
David_Swenson's avatar
David_Swenson
Iron Contributor
Dec 10, 2025

Is this not available yet? 

  • OvativeFye's avatar
    OvativeFye
    Copper Contributor
    Dec 10, 2025

    Hey David, chiming in here as I had the same issue. Pretty sure those two settings for Opt in and Enable the certs is broken, see here for workarounds: https://evil365.com/intune/SecureBoot-Cert-Expiration/#option-3---self-managed-rollout-using-intune-policies

    I personally used a detection/remediation script to do this.

    • David_Swenson's avatar
      David_Swenson
      Iron Contributor
      Dec 12, 2025

      Thanks OvativeFye​! Would be great if Microsoft could actually respond to this... 

      • OvativeFye's avatar
        OvativeFye
        Copper Contributor
        Dec 19, 2025

        No problem David_Swenson​ - They are really bad at stuff like that :)