- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Ask Microsoft Anything: Secure Boot - February 2026
Visit https://aka.ms/AMA/SecureBoot to post your questions early and throughout the live event!
It's time for our second Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot playbook, but need more details or have a specific question, join us to get the answers you need to prepare for this milestone. No question is too big or too small. Update scenarios, inventorying your estate, formulating the right deployment plan for your organization -- we're here to help!
0:00 – Welcome & introductions
1:14 – Question – What happens to devices after a certificate expires?
2:18 – Question – I understand these devices will continue to boot after June 2026 even with Secure Boot active. However, what happens if there are changes e.g. to bootmgfw.efi or the underlying hardware? What would be the impact? Can we let such a device live until HW dies to avoid replacemet still good working HW?
3:53 – Question – If a firmware update for an older machine is released after June 2026, will it be possible to install/deploy the new certificates manually at that point?
5:08 – Question – Does Microsoft currently deploy the Secure Boot 2023 certificates using a hybrid rollout model (telemetry-based CFR combined with optional policy-based control)?
6:37 – Question – At what point will policybased opt in become the primary or required mechanism for IT managed devices?
9:10 – Question – Could you talk about the device's local Secure Boot enforcement mode (Strict, Standard, Audit etc.) please?
13:46 – Question – Can you confirm the minimum “eligibility checklist” for the automatic Secure Boot certificate update and which items are hard blockers vs “recommended”?
15:44 – Question – Can you elaborate on the differences between the active db and the default db? This seems to be a common point of confusion.
17:19 – Question – If diagnostic data/telemetry is disabled, what specifically stops working?
19:09 – Question – what is the process to update devices with currently safeboot disabled.?
21:32 – Question – We have several physical HyperV host servers where Secure Boot is currently disabled at the Windows hypervisor level, while the guest virtual machines have Secure Boot enabled.
22:46 – Question – Is there (or will there be) a tool or series of PowerShell commands that can be used to assess the current status of the computer and 2023 Certificate?
23:48 – Question – Can we proceed with the firmware upgrades on the physical HyperV servers with OEM Support before Microsoft releases the fix of event ID 1795 (write protected) on March 10th?
24:38 – Question – Are there other mitigations we can take in our environment to ensure devices that cannot get the certificate are less vulnerable?
26:12 – Question – You mentioned that as long as a device doesn’t log a specific Event ID indicating it’s blocked from receiving the Secure Boot update, the update will be delivered in the coming months. Which Event ID are you referring to 1801?
27:22 – Question – I thought I heard someone say that Server OS shouldn't be expected to receive updates via CFR. Did I hear that correctly?
29:34 – Question – When stating "Microsoft will push the new certificates through Windows Update", what does that mean specifically in the secure boot pipeline?
35:34 – Question – Will Microsoft force the revocation of the 2011 certs at some point?
36:51 – Question – What’s the best approach to use for dual-boot devices? Either 2 Windows instances or a Linux and Windows setup?
40:04 – Question – Is there a plan for Microsoft or OEM to only ship hardware with new 2023 certs? Assuming that when option ROM expire it will not be possible to certify new devices after this date?
41:06 – Question – What is happening with consumer hardware?
41:39 – Question – Is the presence of event ID 1808 sufficient to validate the successful Secure Boot certificate renewal or should we additionally verify the certificate expiry details?
42:14 – Question – If we don’t use Intune, what does Microsoft suggest as the most reliable method?
44:22 – Question – Can you please further document actions to undertake when a system doesn't boot after enabling secure boot from the BIOS....
43:39 – Question – For the third-party antivirus it will have any affect if the certificate doesn't update ?
46:08 – Question – I'm doing test in my lab, and i have successfully completed the update of the Secure boot via RegKey, but i have noticed that the boot loader is updated with the new certificate that will expire to May 2026, this will be update automatically during the normal patching process?
48:01 – Question – Am I correct in assuming that the default db will only be updated by an OEM's BIOS update?
49:37 – Q&A cont.
Видео Ask Microsoft Anything: Secure Boot - February 2026 канала Windows At Work
It's time for our second Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot playbook, but need more details or have a specific question, join us to get the answers you need to prepare for this milestone. No question is too big or too small. Update scenarios, inventorying your estate, formulating the right deployment plan for your organization -- we're here to help!
0:00 – Welcome & introductions
1:14 – Question – What happens to devices after a certificate expires?
2:18 – Question – I understand these devices will continue to boot after June 2026 even with Secure Boot active. However, what happens if there are changes e.g. to bootmgfw.efi or the underlying hardware? What would be the impact? Can we let such a device live until HW dies to avoid replacemet still good working HW?
3:53 – Question – If a firmware update for an older machine is released after June 2026, will it be possible to install/deploy the new certificates manually at that point?
5:08 – Question – Does Microsoft currently deploy the Secure Boot 2023 certificates using a hybrid rollout model (telemetry-based CFR combined with optional policy-based control)?
6:37 – Question – At what point will policybased opt in become the primary or required mechanism for IT managed devices?
9:10 – Question – Could you talk about the device's local Secure Boot enforcement mode (Strict, Standard, Audit etc.) please?
13:46 – Question – Can you confirm the minimum “eligibility checklist” for the automatic Secure Boot certificate update and which items are hard blockers vs “recommended”?
15:44 – Question – Can you elaborate on the differences between the active db and the default db? This seems to be a common point of confusion.
17:19 – Question – If diagnostic data/telemetry is disabled, what specifically stops working?
19:09 – Question – what is the process to update devices with currently safeboot disabled.?
21:32 – Question – We have several physical HyperV host servers where Secure Boot is currently disabled at the Windows hypervisor level, while the guest virtual machines have Secure Boot enabled.
22:46 – Question – Is there (or will there be) a tool or series of PowerShell commands that can be used to assess the current status of the computer and 2023 Certificate?
23:48 – Question – Can we proceed with the firmware upgrades on the physical HyperV servers with OEM Support before Microsoft releases the fix of event ID 1795 (write protected) on March 10th?
24:38 – Question – Are there other mitigations we can take in our environment to ensure devices that cannot get the certificate are less vulnerable?
26:12 – Question – You mentioned that as long as a device doesn’t log a specific Event ID indicating it’s blocked from receiving the Secure Boot update, the update will be delivered in the coming months. Which Event ID are you referring to 1801?
27:22 – Question – I thought I heard someone say that Server OS shouldn't be expected to receive updates via CFR. Did I hear that correctly?
29:34 – Question – When stating "Microsoft will push the new certificates through Windows Update", what does that mean specifically in the secure boot pipeline?
35:34 – Question – Will Microsoft force the revocation of the 2011 certs at some point?
36:51 – Question – What’s the best approach to use for dual-boot devices? Either 2 Windows instances or a Linux and Windows setup?
40:04 – Question – Is there a plan for Microsoft or OEM to only ship hardware with new 2023 certs? Assuming that when option ROM expire it will not be possible to certify new devices after this date?
41:06 – Question – What is happening with consumer hardware?
41:39 – Question – Is the presence of event ID 1808 sufficient to validate the successful Secure Boot certificate renewal or should we additionally verify the certificate expiry details?
42:14 – Question – If we don’t use Intune, what does Microsoft suggest as the most reliable method?
44:22 – Question – Can you please further document actions to undertake when a system doesn't boot after enabling secure boot from the BIOS....
43:39 – Question – For the third-party antivirus it will have any affect if the certificate doesn't update ?
46:08 – Question – I'm doing test in my lab, and i have successfully completed the update of the Secure boot via RegKey, but i have noticed that the boot loader is updated with the new certificate that will expire to May 2026, this will be update automatically during the normal patching process?
48:01 – Question – Am I correct in assuming that the default db will only be updated by an OEM's BIOS update?
49:37 – Q&A cont.
Видео Ask Microsoft Anything: Secure Boot - February 2026 канала Windows At Work
Комментарии отсутствуют
Информация о видео
5 февраля 2026 г. 22:18:03
00:58:58
Другие видео канала
Never trust, always verify: Tips for Zero Trust with Intune – Microsoft Technical Takeoff
AMA: Android and Linux management with Intune
Edge Management | Unpacking Endpoint Management
AMA: Windows 365 - June 2025
Microsoft Security Copilot y Copilot en Intune
AMA: Cross-platform management with Microsoft Intune
Cloud-optimized PC management with Windows 365 | Windows in the Cloud
Enhance and supercharge IT management with Copilot in Intune – Microsoft Technical Takeoff
Microsoft Technical Takeoff Demo Channel
Windows in the Cloud leadership spotlight: Melissa Grant, Windows Marketing
AMA: Azure Virtual Desktop - October 18 | Windows in the Cloud
User experience updates: Windows 365 Boot and more
AMA: Secure and manage AI and agentic capabilities in Windows
I want to be a cloud-first enterprise. How do I get there? - Tackling Tech
Hybrid Azure AD Join should go away! No, it shouldn’t! | Unpacking Endpoint Management
Eliminating NTLM in Windows
Active Directory NUMA support | Demo
Windows Autopatch: Your playbook for advanced update management – Microsoft Technical Takeoff
AMA: Your guide to adopting Microsoft Intune
How to sign up for Windows known issue email alerts | Microsoft 365 admin center
Experience next-gen productivity with Windows 365 AI-enabled Cloud PCs
