Event details

Whether you're actively managing device security or planning your next steps, this AMA is your opportunity to connect directly with Microsoft experts and get clear, actionable guidance on updating Se...
Heather_Poulsen
Updated Jun 04, 2026
AMA
wroot's avatar
wroot
Silver Contributor
Jun 02, 2026

Have found one VM in our environment with Secure Boot enabled. Used same template to build a test VM to test everything first. It is Windows Server 2025. After doing latest updates registry has all the entries as per documentation. Did the registry change 0x5944 for AvailableUpdates and task scheduler task run, reboot. It said Updated for UEFICA2023Status, AvailableUpdates changed to 0x4000. But low confidence - needed more data. 2023 certs seen in DB dump. But there was event 1801 that it was not applied to firmware.

vCenter is 8.0.3, but for some reason this template is set to legacy compatibility (Vmware 7,1). So i have updated compatibility to 8.0 U2+ for this VM. Had to do 0x5944 registry and all the dance again and now it was 1808 event, firmware updated. But VM is still using old bootmgr. So, i am still not able to fully test the whole scenario of everything updated. And i am not sure whether i should try rebuilding boot entry to force it or should i try to shutdown/reboot it 100 times or just wait for some CU/SSU update someday.

I guess my main problem/question is how to make sense of all the registries, events and figure out what is the rightest approach on a large scale. I am not getting paid enough to deal with this...

  • mihi's avatar
    mihi
    Iron Contributor
    Jun 04, 2026
    • When looking at events, you need to take into account the fourth dimension (time). I would assume the 1801 has been logged before you switched the registry key.
    • The bucket confidence data does not reflect your device's point of view. It only reflects what Microsoft has been seeing via telemetry about similar devices out in the field. If the device is exotic enough (or nobody who owns it allows telemetry), the confidence level can be low despite the updates being applied fine (as you observed)
    • Once the 0x0100 bit is cleared in AvailableUpdates, the new boot manager is installed. It will need another reboot until the system is actually booted from it (And another run of the update task until the status reflects it). I don't think you need 100 reboots, though.
    • I guess you understand that Microsoft does not have any direct or indirect impact on how large your paycheck is