Event details
Hi,
We have updated most of our laptop devices using the remediation scripts and the following status is now being returned:
Secure Boot Windows UEFI CA 2023 exist in DB
SecureBootEnabled=Enabled
SecureBootPK=Dell Inc. Platform Key
SecureBootKEK=Dell Inc. Key Exchange Key; Microsoft Corporation KEK CA 2011; Microsoft Corporation KEK 2K CA 2023
SecureBootDB=Dell Bios DB Key; Dell Bios FW Aux Authority 2018; Microsoft Windows Production PCA 2011; Windows UEFI CA 2023
SecureBootDBHas2023=True
FirmwareType=UEFI
TPMPresent=True
TPMEnabled=True
HWMake=Dell Inc.
HWModel=Latitude 5450
OSJulySecureBootPatch=True
Reg:UEFICA2023Status=Updated
Reg:WindowsUEFICA2023Capable=0x2
Reg:UEFICA2023Error=
Reg:UEFICA2023ErrorEvent=
Reg:AvailableUpdates=0x4000
Can you confirm whether this is the correct expected outcome for the certificate updates?
The issue we still have relates to our AVD machines.
We have Azure Virtual Desktop session hosts showing as non-compliant for the Secure Boot 2023 certificate update. The machines are Gen 2 VMs with Secure Boot disabled, no TPM, running on Hyper-V UEFI.
They currently show:
UEFICA2023Status=InProgress
WindowsUEFICA2023Capable=0x0
Error code: 2147946825 (0x704)
Our question is:
For AVD hosts where Secure Boot is disabled and there is no TPM (i.e. not using Trusted Launch), do we actually need to take any action before June 2026, or are these machines effectively out of scope for this update?
If action is required, what steps would be needed?
Kind regards,
Luke