MC1160163 – Frequently asked questions about the Secure Boot update process

Product:

Office 365 general, Windows

Platform:

Online, World tenant

Status:

Change type:

Admin impact

Links:

Details:

Do you have questions about Windows Secure Boot certificate expiration? It's best to update Secure Boot certificates well before the June 2026 expiration date. Check out an initial set of frequently asked questions and answers that will be updated with time. Explore different scenarios and recommendations that will help you plan and prepare.

When will this happen:
The questions and answers are already available to you. More questions and answers might be added with time.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-09-26

updated:
2025-09-26

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Secure Boot Certificate Expiration
Failure to update Secure Boot certificates before expiration may lead to system boot failures, causing downtime and loss of productivity.
   - roles: IT Administrator, End User
   - references: https://support.microsoft.com/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e

User Access Issues
If Secure Boot is not updated, users may experience access issues to critical applications, impacting their ability to perform daily tasks.
   - roles: End User, Help Desk Support
   - references: https://support.microsoft.com/topic/frequently-asked-questions-about-the-secure-boot-update-process-b34bf675-b03a-4d34-b689-98ec117c7818

Increased Support Tickets
Unprepared changes may lead to a surge in support tickets as users encounter issues, overwhelming IT support resources.
   - roles: Help Desk Support, IT Administrator
   - references: https://support.microsoft.com/topic/windows-devices-with-it-managed-updates-e2b43f9f-b424-42df-bc6a-8476db65ab2f

Compliance Risks
Not updating Secure Boot certificates could result in non-compliance with security policies, leading to potential legal and financial repercussions.
   - roles: Compliance Officer, IT Administrator
   - references: https://support.microsoft.com/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e

System Vulnerabilities
Outdated Secure Boot certificates may expose systems to security vulnerabilities, increasing the risk of cyber attacks.
   - roles: IT Security Officer, IT Administrator
   - references: https://support.microsoft.com/topic/windows-devices-with-it-managed-updates-e2b43f9f-b424-42df-bc6a-8476db65ab2f

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Streamlined Certificate Management
Implementing a centralized management system for Secure Boot certificates can enhance operational efficiency and reduce the risk of certificate expiration oversight. This system could automate reminders for updates and provide a dashboard for monitoring certificate statuses.
   - next-steps: Research and evaluate certificate management solutions that integrate with existing IT infrastructure. Pilot the selected solution in a controlled environment before full deployment.
   - roles: IT Administrators, System Engineers, Security Officers
   - references: https://www.csoonline.com/article/3603005/what-is-certificate-management-and-why-is-it-important.html, https://www.techrepublic.com/article/automating-certificate-management-how-to-reduce-risk-and-increase-efficiency/

Enhanced User Communication
Creating a dedicated communication channel or platform for Secure Boot updates can improve user awareness and compliance. This could include regular newsletters, updates on the intranet, or scheduled Q&A sessions to address user concerns directly.
   - next-steps: Develop a communication plan that outlines the frequency and format of updates. Assign a team member to manage communications and gather user feedback for continuous improvement.
   - roles: IT Support Staff, Communication Managers, HR Managers
   - references: https://www.forbes.com/sites/forbescommunicationscouncil/2021/06/07/how-to-improve-internal-communication-in-your-organization/?sh=6cbd1a1f7e6f, https://www.cio.com/article/239597/how-to-communicate-it-changes-to-employees.html

Training and Awareness Programs
Implementing training sessions focused on Secure Boot and its importance can empower employees and reduce the likelihood of errors related to certificate management. This training can cover best practices and troubleshooting techniques.
   - next-steps: Identify key topics and create a training curriculum. Schedule training sessions and consider utilizing online platforms for broader reach. Gather feedback to refine future training sessions.
   - roles: Training Coordinators, IT Managers, Compliance Officers
   - references: https://www.td.org/insights/the-importance-of-training-and-development-in-the-workplace, https://www.shrm.org/resourcesandtools/hr-topics/organizational-development/pages/training-and-development.aspx

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only