check before: 2026-02-10
Product:
Copilot, Intune, Microsoft 365 Apps, Microsoft 365 Copilot, Windows
Platform:
Mac, Online, Web, Windows Desktop, World tenant
Status:
Launched
Change type:
Admin impact
Links:
Details:
Secure Boot is a foundational Windows security feature that runs at startup, before Windows load, and helps ensure that only trusted, digitally signed software can execute. After more than 15 years of continuous service, the original Secure Boot certificates are reaching the end of their planned lifecycle and begin expiring in late June 2026.
To learn more about Microsoft's effort to update these certificates, see the blog post Refreshing the root of trust: industry collaboration on Secure Boot certificate updates. To prevent disruption and maintain secure startup across Windows environments, plan for these certificates update following the guidance in the Secure Boot playbook.
When this will happen:
The 2011 Secure Boot certificates begin expiring in June 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability
Created:
2026-02-11
updated:
2026-02-11
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
Secure Boot ensures only trusted software runs during startup by using digitally signed certificates, which need updating before they expire in June 2026, with guidance provided by Microsoft's Secure Boot playbook and specific methods for Windows devices using Microsoft Intune.
Direct effects for Operations**
Secure Boot Certificate Expiration
Failure to update Secure Boot certificates may lead to system boot failures, preventing users from accessing their devices and applications.
- roles: IT Administrator, End User
- references: https://aka.ms/GetSecureBoot, https://techcommunity.microsoft.com/blog/windows-itpro-blog/secure-boot-playbook-for-certificates-expiring-in-2026/4469235
Increased Support Tickets
Users experiencing boot issues due to expired certificates will likely generate a high volume of support tickets, overwhelming IT support resources.
- roles: Help Desk Technician, IT Support Manager
- references: https://support.microsoft.com/kb/5068198, https://support.microsoft.com/kb/5068202
Security Vulnerabilities
Outdated Secure Boot certificates may expose systems to security vulnerabilities, as untrusted software could potentially execute during startup.
- roles: Security Analyst, System Administrator
- references: https://blogs.windows.com/windowsexperience/?p=180181, https://aka.ms/GetSecureBoot
" target="_blank" rel="nofollow noopener noreferrer">https://aka.ms/GetSecureBoot
User Productivity Loss
Users may face significant downtime and productivity loss if their devices fail to boot due to certificate issues, impacting business operations.
- roles: End User, Project Manager
- references: https://aka.ms/GetSecureBoot, https://techcommunity.microsoft.com/blog/windows-itpro-blog/secure-boot-playbook-for-certificates-expiring-in-2026/4469235
Compliance Risks
Failure to update Secure Boot certificates could lead to non-compliance with security standards and regulations, resulting in potential legal and financial repercussions.
- roles: Compliance Officer, IT Manager
- references: https://support.microsoft.com/kb/5068198, https://support.microsoft.com/kb/5068202
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
Hypothetical Work Council Statement**
XXXXXXX ... paid membership only
DPIA Draft**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 5 days ago ago
