Event details

It's time for our third Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot playb...
Pearl-Angeles
Updated Mar 11, 2026
AMA
Jacob3's avatar
Jacob3
Occasional Reader
Mar 12, 2026

what happens if I deploy the updated certificates to a device that does not meet the minimum firmware version?

  • Ashis_Chatterjee's avatar
    Ashis_Chatterjee
    Icon for Microsoft rankMicrosoft
    Mar 12, 2026

    If the minimum firmware version is not met, quite likely it is old firmware that is not being updated by OEM/ODM and has the old Secure Boot UEFI variable defaults. In this case, if you Toggle Secure Boot ON->OFF->ON, the older 2011 defaults from Firmware will overwrite and the Secure Boot Certificates in OS will need to be re-applied. If you do not Toggle Secure Boot OFF, which is not recommended, and you updated the Certificates, all is good, and you will continue to be secure.