Event details

It's time for our fourth Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot play...
Pearl-Angeles
Updated Apr 15, 2026
AMA
MHazC's avatar
MHazC
Copper Contributor
Apr 23, 2026

What telemetry level should we have set in our org for the certs to properly install? Currently we have them set to blocked here and I know that is wrong, but I'm unsure what would be correct for this case. Is there any sort of guidance available for this?

  • mihi's avatar
    mihi
    Brass Contributor
    Apr 23, 2026

    Answered twice in the video, basic/recommended telemetry is enough if you want to take part in the CFR process. In case your machines are managed, in addition to enabled telemetry, you also need to set the Managed Device Opt In so that you take part in CFR. If you don't take part in CFR, you will get the certificates only for High Confidence devices via the LCU.