Event details

It's time for our second Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot play...
Heather_Poulsen
Updated Feb 19, 2026
AMA
RoySasabe's avatar
RoySasabe
Icon for Microsoft rankMicrosoft
Feb 24, 2026

Hi!

I hope this server playbook helps answer your question:

https://aka.ms/SecureBootForServer

The modules necessary for the Secure boot updates are already delivered through monthly cumulative updates for Windows Server OS. Unlike PC clients, the Secure boot cert update needs to be manually triggered by IT Administrators, and the server playbook shares the best practices on how to plan and manage this transition safely.

YHR's avatar
YHR
Occasional Reader
Mar 02, 2026

I believe some of us get confused, between getting the certificate itself (which is part of Feb CU?), and getting the secure boot using the updated certificate.  

  • Arden_White's avatar
    Arden_White
    Icon for Microsoft rankMicrosoft
    Mar 02, 2026

    Hi YHR,

    The Secure Boot certificates themselves have been included in cumulative updates since May 2025, along with Windows support to apply those certificates to firmware. Installing the CU makes the certificates available, but it does not automatically mean Secure Boot is using them. Applying the certificates to firmware is a separate step that is intentionally controlled. Because it is not possible to test every combination of device model and firmware, the rollout is being done cautiously and gives IT teams control to validate devices and manage deployment across their fleet before broad enablement.

    Arden