← Back
Enable Secure Boot certificate update status in the Windows Security app
MC1268714 · build prod-20251231-200323
Category
stayInformed
Severity
normal
Major change
False
Last modified
2026-04-02 17:05:09
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
Action by (AI)
2026-06-30 00:00:00
Services
Windows
Tags
Admin impact
Master tags
User, Admin, Security
Roadmap IDs

One-line summary

Starting April 2026, admins can enable Secure Boot certificate status indicators in Windows Security app; 2011 Secure Boot certs expire June 2026, so update to 2023 certs to stay protected.

Similar updates

More like this
MC1185931 Secure Boot playbook for certificates expiring in 2026
Secure Boot playbook for certificates expiring in 2026 Secure Boot certificates on many Windows devices will expire in June 2026; admins should monitor, prepare, and update certificates to ensure continued protection. Secure Boot helps ensure that only trusted software runs during the boot sequence. Secure Boot certificates on many Windows.
MC1139443 Secure Boot certificate expiration: What Windows IT admins need to know now
Secure Boot certificate expiration: What Windows IT admins need to know now Microsoft is updating Secure Boot certificates before current ones expire in 2026; IT admins must ensure systems accept new certificates to maintain security and updates. Secure Boot protects Windows systems by validating firmware and boot components using trusted.
MC1104112 (Updated) Act now: Secure Boot certificates expire in June 2026
(Updated) Act now: Secure Boot certificates expire in June 2026 Microsoft will roll out updated Secure Boot certificates for Windows systems; current certificates start expiring June 2026, requiring firmware and policy updates to maintain security. Updated July 8, 2025: survey link changed In the coming months, Microsoft will be rolling out.
MC1173103 Secure Boot certificate deployment guide and tools
Secure Boot certificate deployment guide and tools Update expiring Secure Boot certificates to 2023 CAs using new guides and tools; 2011 CAs start expiring June 2026, with 2023 CAs rolling out via Windows updates from October 2025. Use the newly published guide and tools to start updating your organization’s expiring Secure Boot certificates. As.
MC1193371 How to use Microsoft Intune to update expiring Secure Boot certificates
How to use Microsoft Intune to update expiring Secure Boot certificates Admins can now use Intune to deploy, manage, and monitor Secure Boot certificate updates on Windows clients, with new settings available for streamlined management. When will this happen:   The following settings are now available in the Intune settings catalog:  Configure.
MC1192217 Secure Boot AMA: Ask Microsoft Anything on December 10
Secure Boot AMA: Ask Microsoft Anything on December 10 Microsoft hosts a live AMA on Dec 10, 2025, to guide IT admins on updating Secure Boot certificates before their June 2026 expiry, covering deployment planning and best practices. ...before they expire in June 2026This event gives IT admins the chance to ask questions and get expert guidance.

Details

Body (from Message Center)

Starting April 2026, the Windows Security app can show users the status of their Secure Boot certificate updates. This experience is disabled by default on enterprise-managed Windows 10 and Windows 11 client devices and Windows Server. If you want to enable this experience for devices in your organization, see the complete guidance at IT admin guide: Secure Boot certificate update status in the Windows Security app.   
 
When will this happen: 
  • In April 2026, this enhancement brings green, yellow, and red-color badges to Device security > Secure Boot
  • In May 2026, notifications will appear outside the app (such as system alerts). 
  • In late June 2026, the 2011 Secure Boot certificates begin expiring. Devices need updated 2023 certificates by this date to remain protected and productive. 
 
How this will affect your organization: 
This feature is available in Windows 11, Windows 10, Windows Server 2025, Windows Server 2022, and Windows Server 2019. It’s disabled by default on enterprise IT-managed devices. If enabled, visual indicators and warnings can help users know their Secure Boot certificate update status. If action is required, notifications will guide users to take appropriate steps. This isn’t a replacement but a complement to the IT monitoring and deployment guidance in Secure Boot playbook for certificates expiring in 2026. 
 
What you need to do to prepare: 
If you don’t wish to enable this feature for users at your organization, no action is required. 
On the contrary, please use the registry key guidance in IT admin guide: Secure Boot certificate update status in the Windows Security app. See additional information for more helpful resources. 
 
Additional information: 

Raw JSON (for debugging)

Expand/collapse the full payload below.
Show/hide raw 
{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": "2026-06-30T00:00:00Z",
    "ai_actions": [
      "Plan to update Secure Boot certificates by June 2026",
      "Decide whether to enable certificate status feature",
      "Review admin guidance for deployment"
    ],
    "ai_master_tags": [
      "User",
      "Admin",
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "Starting April 2026, admins can enable Secure Boot certificate status indicators in Windows Security app; 2011 Secure Boot certs expire June 2026, so update to 2023 certs to stay protected.",
    "ai_topics": [
      "Windows",
      "Windows 10",
      "Windows 11",
      "Windows Server"
    ],
    "category": "stayInformed",
    "details_map": {},
    "id": "MC1268714",
    "importance": 2,
    "is_major_change": false,
    "last_modified": "2026-04-02T17:05:09Z",
    "ms_products": [
      "Windows"
    ],
    "platforms": null,
    "roadmap_ids": [],
    "services": [
      "Windows"
    ],
    "severity": "normal",
    "tags": [
      "Admin impact"
    ],
    "title": "Enable Secure Boot certificate update status in the Windows Security app"
  }
}