check before: 2023-06-01
Product:
Defender, SharePoint, Windows
Platform:
Online, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Microsoft Defender now provides IT teams centralized visibility into Secure Boot 2023 certificate readiness across your device fleet. A new assessment categorizes your devices automatically as exposed, compliant, and not applicable. In the Defender portal, go to Exposure Management > Recommendations > Devices > Misconfigurations. For exposed devices, remediation guidance is directly available through the recommendation.
When will this happen:
The new Secure Boot 2023 certificate assessment is now available in Microsoft Defender.
June 2026: Secure Boot 2011 certificates begin expiring and need to be replaced.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-04-28
updated:
2026-04-28
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Secure Boot Certificate Expiration
If devices are not updated to Secure Boot 2023 certificates before June 2026, they will lose security protections during the early boot process, leading to potential vulnerabilities.
- roles: IT Administrator, Security Officer
- references: https://aka.ms/GetSecureBoot, https://learn.microsoft.com/defender-vulnerability-management/tvm-microsoft-secure-score-devices?tabs=preview-customers
Increased Security Risks
Devices that remain on expired Secure Boot certificates may become targets for malware and other security threats, impacting overall organizational security posture.
- roles: IT Administrator, Security Officer
- references: https://aka.ms/GetSecureBoot, https://learn.microsoft.com/defender-vulnerability-management/tvm-microsoft-secure-score-devices?tabs=preview-customers
Operational Downtime
Failure to transition to the new certificates may result in devices being unable to boot, leading to operational downtime and loss of productivity.
- roles: End User, IT Support
- references: https://aka.ms/GetSecureBoot, https://learn.microsoft.com/defender-vulnerability-management/tvm-microsoft-secure-score-devices?tabs=preview-customers
User Experience Degradation
Users may experience degraded performance or inability to access their devices if Secure Boot is not properly configured, leading to frustration and decreased efficiency.
- roles: End User, IT Support
- references: https://aka.ms/GetSecureBoot, https://learn.microsoft.com/defender-vulnerability-management/tvm-microsoft-secure-score-devices?tabs=preview-customers
Increased Remediation Efforts
Without proper preparation, IT teams will face increased workload to remediate exposed devices, diverting resources from other critical tasks.
- roles: IT Administrator, Project Manager
- references: https://aka.ms/GetSecureBoot, https://learn.microsoft.com/defender-vulnerability-management/tvm-microsoft-secure-score-devices?tabs=preview-customers
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 weeks ago ago
