check before: 2026-04-30
Product:
Defender, Defender for Endpoint, Defender XDR, Windows
Platform:
Online, World tenant
Status:
Change type:
New feature, Admin impact
Links:
Details:
Summary:
Microsoft Defender for Endpoint will add a new Secure Score recommendation in late April 2026 to help organizations prepare for Secure Boot 2023 certificate updates replacing expiring certificates in June 2026. It provides visibility into device readiness, tracks progress, and is enabled by default.
Details:
[Introduction]
We're introducing a new Microsoft Secure Score recommendation in Microsoft Defender for Endpoint (MDE) to help organizations assess and prepare for the transition to Secure Boot 2023 certificates. Secure Boot 2023 certificates replace older certificates (such as Windows UEFI CA 2011) that are scheduled to expire in June 2026, helping ensure devices continue to boot securely and receive future protections. This recommendation improves visibility into device readiness and helps organizations maintain a trusted and secure boot process.
[When this will happen:]
Public Preview (Worldwide): We will begin rolling out in late April 2026 and expect to complete by early May 2026.
General Availability (Worldwide): We will begin rolling out in early May 2026 and expect to complete by late May 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-04-28
updated:
2026-04-28
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Device Readiness for Secure Boot
If organizations do not prepare for the transition to Secure Boot 2023 certificates, devices may fail to boot securely after the expiration of older certificates in June 2026, leading to potential downtime and security vulnerabilities.
- roles: IT Admin, Security Officer
- references: https://aka.ms/GetSecureBoot, https://aka.ms/secureboot-mde
Visibility and Tracking Progress
Without preparation, organizations may lack visibility into which devices are ready for the Secure Boot updates, making it difficult to track compliance and readiness, potentially leading to unaddressed vulnerabilities.
- roles: IT Admin, Compliance Officer
- references: https://aka.ms/GetSecureBoot, https://aka.ms/secureboot-mde
Future Protections and Security Risks
Failure to update to Secure Boot 2023 certificates may result in devices not receiving future security protections, increasing the risk of security breaches and operational disruptions.
- roles: IT Admin, Security Officer
- references: https://aka.ms/GetSecureBoot, https://aka.ms/secureboot-mde
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
Hypothetical Work Council Statement**
XXXXXXX ... paid membership only
DPIA Draft**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 week ago ago
