Event details

It's time for our second Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot play...
Heather_Poulsen
Updated Jan 29, 2026
AMA
fritz-the-witz's avatar
fritz-the-witz
Copper Contributor
Feb 05, 2026

How can I easily check which devices got the updates and which not? Is it clear that newer hardware gets the update and older hardware don't get the updates?

 

  • mihi's avatar
    mihi
    Copper Contributor
    Feb 05, 2026

    There are PowerShell scripts posted here to check the UEFI variables, or you can check for the event ids mentioned in the webinar.

     

    It does not need to be older hardware that does not get the updates. It depends on how well the UEFI has been programmed by the vendor and how closely they worked with Microsoft to submit the new KEK updates.

    And for the confidence buckets in the LCU it depends on how common your device is and if anyone using it has telemetry enabled.

     

    On the other hand,, everything that is Logo certified for Windows 11 25H2 should already include the certificates.