Event details
If we don't get all the devices up-to-date before June, will it be possible to get them up-to-date later, or will they be stuck on old Boot Certs.
- Arden_White
Microsoft
Yes, the devices will continue to boot and run. Not updating the certificates will begin to put your devices at risk.
More details here:
Arden_White How is Windows 10 LTSC, Win10 IOT LTSC, and Windows 11 IOT LTSC affected by the certificates? Will the new 2023 certificates be install on these devices? Win10LTSC and Win10 IOT LTSC should still be getting windows updates without the extended licensing. Thank you.
- Arden_White
Hi TxRedinTN,
The new 2023 Secure Boot certificates are delivered through Windows updates for all in‑support versions of Windows, including Windows 10 LTSC, Windows 10 IoT LTSC, and Windows 11 IoT LTSC. If those devices are fully up to date, the certificates should already be present on disk.
What typically remains is the final step of applying those certificates from the OS into UEFI firmware. Whether that step happens automatically depends on the platform and configuration.
For Windows client devices, Microsoft uses diagnostic telemetry to safely manage phased rollout and automatic application. That signal is much stronger for client SKUs.
For Windows IoT (and Windows Server), telemetry coverage is more limited and device configurations are often specialized. As a result, these devices are less likely to automatically apply the certificates, even though the updates are installed. In those cases, administrators may need to explicitly initiate the Secure Boot certificate update using the supported methods for their environment.
Arden
