Event details

Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. We recently published the first version of the Secure Boot playbook, o...
Heather_Poulsen
Updated Dec 09, 2025
AMA
Simone_Termine's avatar
Simone_Termine
Brass Contributor
Dec 16, 2025

Hello everyone!
To make it predictable, measurable, and safe, I published an Intune Remediation to help the community handle Microsoft’s Secure Boot certificate update in a clean, repeatable way. 🚀 

You can also adapt it for SCCM.

What you get (ready to use):
✅ Detection + Remediation scripts
✅ Idempotent + guarded logic (no pointless re-triggers)
✅ Clear outputs for easier reporting/troubleshooting
✅ A short README with usage notes + operational tips
✅ Can handle “In Progress” and pending reboot (AvailableUpdates = 0x4100) states

Secure Boot remediation (README) 👉 https://github.com/SimoneTermine/MicrosoftIntune/tree/main/scripts/00-Devices/Remediations/SecureBoot_UpdateCerts