check before: 2026-06-01
Product:
Windows, Windows Server
Platform:
Online, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Learn about tools and options available to organizations to update Secure Boot certificates on Windows Server. Certificates begin expiring in June 2026. You must update them before that date to help keep your security posture. Many recent platforms already include the supported 2023 certificates in firmware. However, for the ones that need to be updated, you need to manage this process manually.
When will this happen:
The tools are already available to help you to proactively inventory, monitor, and apply updated certificates to your Windows Server devices.
June 2026: The 2011 Secure Boot certificate authorities (CAs) begin expiring.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-02-24
updated:
2026-02-24
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Windows Server Secure Boot certificates, issued in 2011, will expire in June 2026, necessitating updates to maintain system security, with tools available to identify and guide the replacement process for systems lacking the updated 2023 certificates.
Direct effects for Operations**
Expired Secure Boot Certificates
If Secure Boot certificates expire without being updated, systems may fail to boot or operate with reduced security, exposing the organization to vulnerabilities.
- roles: System Administrators, Security Officers
- references: https://techcommunity.microsoft.com/blog/windows-itpro-blog/secure-boot-playbook-for-certificates-expiring-in-2026/4469235, https://www.microsoft.com/windows-server/blog/2026/02/23/prepare-your-servers-for-secure-boot-certificate-updates
" target="_blank" rel="nofollow noopener noreferrer">https://www.microsoft.com/windows-server/blog/2026/02/23/prepare-your-servers-for-secure-boot-certificate-updates
Increased Downtime
Failure to update Secure Boot certificates may lead to unexpected downtime as systems may not boot, impacting business operations.
- roles: IT Operations Managers, End Users
- references: https://techcommunity.microsoft.com/event/windowsevents/secure-boot-certificate-updates-explained/4490529, https://aka.ms/SecureBootForServer
Security Vulnerabilities
Running on expired certificates can lead to a degraded security posture, making systems more susceptible to attacks and breaches.
- roles: Security Officers, Compliance Managers
- references: https://aka.ms/GetSecureBoot" target="_blank" rel="nofollow noopener noreferrer">https://aka.ms/GetSecureBoot, https://techcommunity.microsoft.com/blog/windows-itpro-blog/secure-boot-playbook-for-certificates-expiring-in-2026/4469235
" target="_blank" rel="nofollow noopener noreferrer">https://techcommunity.microsoft.com/blog/windows-itpro-blog/secure-boot-playbook-for-certificates-expiring-in-2026/4469235
Increased Support Calls
Users may experience issues with system access, leading to an increase in support calls and tickets, straining IT resources.
- roles: Help Desk Technicians, System Administrators
- references: https://www.microsoft.com/windows-server/blog/2026/02/23/prepare-your-servers-for-secure-boot-certificate-updates, https://aka.ms/SecureBootForServer
Compliance Issues
Failure to update Secure Boot certificates may result in non-compliance with security standards and regulations, leading to potential legal and financial repercussions.
- roles: Compliance Managers, IT Auditors
- references: https://techcommunity.microsoft.com/blog/windows-itpro-blog/secure-boot-playbook-for-certificates-expiring-in-2026/4469235, https://aka.ms/GetSecureBoot" target="_blank" rel="nofollow noopener noreferrer">https://aka.ms/GetSecureBoot
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
