So if the DB shows the following (Dell machines in our enviroment) - 

SecureBootDB=Dell Bios DB Key; Dell Bios FW Aux Authority 2018; Microsoft Windows Production PCA 2011; Windows UEFI CA 2023

SecureBootKEK=Dell Inc. Key Exchange Key; Microsoft Corporation KEK CA 2011; Microsoft Corporation KEK 2K CA 2023

Does that mean its successful and we don't need to do anything more? 

Just a couple of questions: 

On the question on AVD machines, we have hosts showing as non-compliant for the Secure Boot 2023 certificate update. The machines are Gen 2 VMs with Secure Boot disabled, no TPM, running on Hyper-V UEFI.

For AVD hosts where Secure Boot is disabled and there is no TPM (i.e. not using Trusted Launch), do we actually need to take any action before June 2026, or are these machines effectively out of scope for this update?

Thanks!