If you’re an IT admin using Windows Autopatch, a new report is now available to monitor the status of Secure Boot across your organization. As the 2011 Secure Boot certificates start expiring in June 2026, this report helps you start by identifying devices that have Secure Boot enabled. Out of those, see which devices are fully up to date and which ones still need updated certificates.
When will this happen:
- The Secure Boot status report is now available in Windows Autopatch.
- The 2011 Secure Boot certificates (or CAs) start expiring in June 2026.
How this will affect your organization:
The Secure Boot status report in Windows Autopatch is designed to help you understand the Secure Boot posture of your fleet. It can help you identify devices that may require attention—before issues occur.
What you need to do to prepare:
If you don’t yet use Windows Autopatch, consider how it can help you manage Windows across your organization. If none of your devices have Secure Boot enabled, no action is required. Devices that use Secure Boot to prevent boot-level malware at startup need updated certificates. The new report can help with the inventory and monitoring of the Secure Boot certificate status. See Additional information to learn more.
Additional information: