Event details

It's time for our second Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot play...
Heather_Poulsen
Updated Jan 29, 2026
AMA
McGoldrick's avatar
McGoldrick
Occasional Reader
Feb 05, 2026

1) What is level of confidence that devices that cannot update their certificate will remain functional. Has it been tested somehow?

 

2) Any concerns with Registry key for enabling secureboot certificate updates being set on devices that are not able to update it (out of support devices that will not get a firmware update).

 

3) How quick should we expect to see BIOS updates for this to be made available in WUfB? Seems like there are a lot missing in our fleet

 

4) Will a device that does not get the latest secureboot certificate, still receive monthly cumulative updates if it is on a supported OS?

 

5) Any other impact/risk to devices that are not able to update their SecureBoot certificate?

 

6) Are there other mitigations we can take in our environment to ensure devices that cannot get the certificate are less vulnerable?

  • Pearl-Angeles's avatar
    Pearl-Angeles
    Icon for Community Manager rankCommunity Manager
    Feb 06, 2026

    Thanks for your questions! Panelists covered question #6 at 24:38 during the live AMA.