check before: 2026-06-01
Product:
Intune, Windows
Platform:
Online, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Secure Boot certificates begin expiring in June 2026, and IT admins should take action now to help ensure devices remain secure. Timely deployment of updated certificates is essential to preserving device startup integrity and avoiding servicing (i.e., updates) disruptions.
New guidance has recently been published to support a range of deployment scenarios. Whether your organization manages certificates through Microsoft Intune, Group Policy, or manual processes, the resources below provide detailed steps, recommended practices, and troubleshooting guidance to help you plan your updates:
Updates and announcements - This page consolidates ongoing updates, milestones, and rollout status changes for the deployment of new Secure Boot certificates across Windows devices. Use it to stay current on important servicing communications as the deployment progresses.
Sample Secure Boot E2E Automation Guide - This guide provides an end-to-end view of the PowerShell-based automation system for deploying Secure Boot certificate updates using Group Policy to domain-joined machines in a controlled, graduated manner. It includes details, examples, and operational guidance for domain-joined environments.
A Closer Look at the High Confidence Database - This article explains how Secure Boot confidence levels are calculated, how data is evaluated and published, and how Windows servicing uses this information to determine certificate deployment readiness. It's designed for IT pros, security teams, and support engineers who need deeper insights into certificate evaluation.
When will this happen:
These resources are available now. IT admins should begin reviewing the new guidance and complete certificate update planning and deployment activities as soon as possible to ensure devices remain protected and to avoid servicing or startup disruptions. Secure Boot certificate expiration begins in June 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-03-27
updated:
2026-04-17
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Startup Integrity Issues
Devices that do not receive updated Secure Boot certificates may encounter startup integrity issues, leading to potential boot failures.
- roles: IT Admin, End User
- references: https://support.microsoft.com/topic/when-secure-boot-certificates-expire-on-windows-devices-c83b6afd-a2b6-43c6-938e-57046c80c1c2
Windows Servicing Interruptions
Failure to update Secure Boot certificates may result in interruptions during Windows servicing, affecting system updates and security patches.
- roles: IT Admin, Support Engineer
- references: https://support.microsoft.com/topic/when-secure-boot-certificates-expire-on-windows-devices-c83b6afd-a2b6-43c6-938e-57046c80c1c2
Increased Support Requests
Users may experience issues with their devices, leading to an increase in support requests and troubleshooting efforts for IT teams.
- roles: Support Engineer, End User
- references: https://support.microsoft.com/topic/sample-secure-boot-e2e-automation-guide-f850b329-9a6e-40d1-823a-0925c965b8a0
Operational Downtime
Unprepared organizations may face operational downtime as devices fail to boot or receive necessary updates, impacting productivity.
- roles: IT Admin, End User
- references: https://support.microsoft.com/topic/updates-and-announcements-313b5279-2a3b-438a-83a5-3d5e2c5fc4a3
Compliance Risks
Failure to update Secure Boot certificates may lead to compliance risks, especially in regulated industries where device security is critical.
- roles: IT Admin, Compliance Officer
- references: https://support.microsoft.com/topic/a-closer-look-at-the-high-confidence-database-32382469-4505-4ed4-915b-982eff09b5d2
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 days ago ago
