Event details

Want to ensure you maintain a trusted boot environment for your Windows devices? Walk through essential guidance - including how to test firmware, monitor device readiness, deploy updated certificate...
Pearl-Angeles
Updated Mar 05, 2026
Technical Takeoff
mihi's avatar
mihi
Brass Contributor
Mar 10, 2026

Assuming they are on current patchlevel, I would assume they have been delivered with the new 2023 certificates from the factory and therefore the job would have never needed to update anything.

Arden_White's avatar
Arden_White
Icon for Microsoft rankMicrosoft
Mar 10, 2026

It would be worth checking to see if the System Event log has 1801 or 1808 events. If 1808 events, then all is well. If 1801, then it may be that the KEK and/or the 3rd party CAs were not shipped as part of the firmware.

The WindowsUEFICA2023Capable key can be misleading as it only indicates status of the 1st party CA and boot manager. I don't recommend using this key for that reason.