check before: 2026-04-01
Product:
Windows, Windows Server
Platform:
Online, Windows Desktop, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Starting April 2026, the Windows Security app can show users the status of their Secure Boot certificate updates. This experience is disabled by default on enterprise-managed Windows 10 and Windows 11 client devices and Windows Server. If you want to enable this experience for devices in your organization, see the complete guidance at IT admin guide: Secure Boot certificate update status in the Windows Security app.
When will this happen:
In April 2026, this enhancement brings green, yellow, and red-color badges to Device security > Secure Boot.
In May 2026, notifications will appear outside the app (such as system alerts).
In late June 2026, the 2011 Secure Boot certificates begin expiring. Devices need updated 2023 certificates by this date to remain protected and productive.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-04-03
updated:
2026-04-03
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
User Awareness and Action
If the feature is enabled without preparation, users may be unaware of the status of their Secure Boot certificates, leading to potential security vulnerabilities if certificates expire without timely updates.
- roles: End Users, IT Support Staff
- references: https://aka.ms/getsecureboot, https://support.microsoft.com/help/5087135
System Alerts and Notifications
Enabling the feature without prior communication may result in users receiving unexpected notifications and alerts, causing confusion and potential disruption in their workflow.
- roles: End Users, IT Support Staff
- references: https://techcommunity.microsoft.com/blog/windows-itpro-blog/secure-boot-playbook-for-certificates-expiring-in-2026/4469235, https://techcommunity.microsoft.com/blog/windowsservernewsandbestpractices/windows-server-secure-boot-playbook-for-certificates-expiring-in-2026/4495789
Operational Stability
Without proper preparation, the transition to the new Secure Boot certificate update status may lead to operational instability, as users may not know how to respond to the new visual indicators and warnings.
- roles: End Users, IT Support Staff
- references: https://aka.ms/getsecureboot, https://support.microsoft.com/topic/5ce39986-7dd2-4852-8c21-ef30dd04f046
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 6 days ago ago
