Event details

It's time for our fourth Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot play...
Pearl-Angeles
Updated Apr 15, 2026
AMA
Jpanski's avatar
Jpanski
Brass Contributor
Apr 23, 2026

On a Hyper-V host, regarding the certificate update process, is there an order to do things in meaning does it matter if the secure boot certificate update process is started first on the host and does the host need to be fully updated before starting the VMs?  I am aware of the requirements of the firmware needing to be up to date and at least the March updates being installed on both the host and VMs.  Thank you.

mihi's avatar
mihi
Brass Contributor
Apr 23, 2026

Answered at 14:30 in the video.

Secure Boot process is completely separate between Guest and Host, the order does not matter.

To enable secure boot on the host, the host needs to be powered down. This will obviously prevent the VMs from still running, but it does not matter whether they are shut down or paused.