Event details

It's time for our second Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot play...
Heather_Poulsen
Updated Jan 29, 2026
AMA
JEverhart's avatar
JEverhart
Copper Contributor
Feb 05, 2026

What is the source of truth for whether a device is using the new certificate?

The Intune Secure Boot Status report indicates 1 number of devices being compliant with the new certificate, while a proactive remediation script I am using which checks the registry key UEFICA2023Status, looking for "In progress" or "Updated".

The built-in Intune report shows me 700+ devices, while the remediation script shows ~150. What is the built-in report using to validate the certificate status?