Event details

It's time for our fourth Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot play...
Pearl-Angeles
Updated Apr 15, 2026
AMA
CrisLugoB's avatar
CrisLugoB
Copper Contributor
Apr 23, 2026

I can say Event ID 1808 is not absolute confirmation. I have seen systems have the cert and not have that EventID

Mabel_Gomes's avatar
Mabel_Gomes
Icon for Microsoft rankMicrosoft
Apr 23, 2026

Event ID 1808 used to be logged on every startup. As a result, if Boot Manager or certificates were updated after the device had already booted, Event ID 1808 would not appear until the next restart.

Starting with the April 2026 Windows security update, this behavior has changed. Event ID 1808 is now logged a soon as the update is applied.

  • epoch71's avatar
    epoch71
    Copper Contributor
    Apr 23, 2026

    Ok so I've been using a SCCM baseline to report compliance based on the presence of 1808 (looking back 7 days in event log, to ensure I capture a reboot).  Does this mean with your April change I'm going to start losing compliant machines from my reporting, because already updated (compliant) machines will no longer be reporting 1808?

    Or have I misunderstood your comment and 1808 does log each reboot and the change was merely just to the timing of the logging of the event at the moment the certs are updated?