Microsoft Secureboot FAQs mention that secureboot devices that do not get updated, should continue to start and run normally after June 25th, 2026, but do you guys have any ideas if the UEFI in some servers will start prompting for certificate expiration, etc. after reboots? I am not sure if that UEFI behavior is known, but it would cause us issues.

AVD Session Hosts in Azure, have done all the relevant registry settings and UEFICA2023Status is in progress. WindowsUEFICA2023Capable is 2.

UEFICA2023Error = 0x80070005 (Access Denied)

Does not complete fully, AvailableUpdates is 4004, states KEKLastUpdateErrorReason:Firmware_Unknown. It is doing this for quite a few clients. Is there further steps to follow?  ConfidenceLevel is still Under Observation. We have set ManagedOptIn to 1. Been set for the last couple of months. 

Will Microsoft Surface Go 2 devices be getting firmware and 2023 certificates updates? 

I think Microsoft should have held some joint sessions with HP, Dell and Lenovo for example so enterprises could ask questions from the hardware manufacturer side also.

We have Microsoft cloud pcs and over 100 of those are still showing as in progress and they have been rebooted several times and have the April CU patch already installed. 
What troubleshooting steps do we need to take to look at these in the event log ?

We are also seeing cloud pcs as unknown as if no information is being sent Microsoft 

As indicated by our OEM, we're updating firmware on all devices that have an older version not including 2023 certs, before to assign the Intune Secure Boot CSP. 
But the firmware update process is complex, long and it can't be done by June 2026. 
from different sources, it's suggested to DO NOT proceed adding to CSP configuration devices with older firmware, without 2023 Certs. Is this true? 
Also, the majority of devices, even with updated firmware, are still in the "Under observation" confidence level bucket. We haven't seen it changing with latest CUs. Since this is May CU, we can expect that confidence levels will continue to be updated during the rest of the year, even after June ? 
In general, what are the guideline before June ? Use the Intune CSP only on devices with updated firmware - or add as much devices as possible and trust the Confidence Level check? 

In Japan, there are PCs all over the country, so if all the PCs could not start up, the survival of the business would be in jeopardy. There are currently 11 devices that have adopted ESU. I haven't applied the recent QU yet, but wouldn't it be a good idea to apply only the monthly cumulative updates from now on?

What's the current situation with VMware and secure boot.  Broadcom has been "working on an automated solution with Microsoft" for quite some time, and I have the feeling they will not have one before the deadline.  There's an automated script that uses the delete NVRAM method which Broadcom has since disavowed as a valid solution and warns it can cause problems with the VM.

I was on a call with a third party last week and they announced that most PCs will recieve the new certificates as part of this month's Cumulative Update. Can you confirm that and is there a definitive list of make and model devices that are receiving them this month? 

Thank you everyone at Microsoft I'm a member of a company that deploys approximately 100,000 Windows PCs. I would like to ask you two questions regarding the expiry of the secure boot certificate. It has been announced that the certificate will expire in June 2026, but it is written in the knowledge that the PC can still be started. Please tell me the reason why I can start up even though the certificate has expired. Also, there is a statement in the knowledge below that a new notice will be given 6 months before the PC will no longer be able to start, but is my understanding correct? Announcement date – implementation phase The enforcement phase will not begin until January 2026, and this article provides at least six months of advance warning before this phase begins. When enforcement phase updates are released, they will include: I'm looking forward to today