Event details
Hi Arden_White
What are the methods available for Server OS to renew secure boot certificates? we are using SCCM to manage the patching of server OS.
Is any Estimated timeline for Secure Boot Certificate renewal to be delivered through monthly cumulative updates for Windows Server OS, any additional steps required to complete the certificate renewal when using cumulative updates?
My ask is about the windows Server OS (2019, 2016, 2012R2, 2012).
MicrosoftFor Windows Server, the supported approaches today are OS‑side deployment using Group Policy or registry keys, which can be deployed and managed through tools like SCCM.
It’s important not to rely on Microsoft‑managed controlled rollout or high‑confidence servicing for servers. Those mechanisms primarily apply to client Windows and are driven by telemetry that is typically limited or unavailable on Windows Server.
Secure Boot certificate updates for Server are delivered through normal Windows servicing, but they only apply after the device is explicitly opted in using Group Policy or registry configuration. In practice, most server environments should plan for a customer‑managed rollout rather than expecting certificates to be applied automatically.