Windows Security App to Display Secure Boot Update Status
Starting in April 2026, the Windows Security app will provide users with more detailed information regarding the status of Secure Boot certificate updates on their Windows devices. The new feature will be accessible under the “Device security” section, specifically within “Secure Boot.” This update arrives as Microsoft’s original Secure Boot certificates, issued in 2011, approach their expiration date in 2026.
Secure Boot is a crucial security feature of the Unified Extensible Firmware Interface (UEFI) that protects against malware infecting a computer’s bootloader. It verifies the Windows bootloader’s legitimacy by checking it against a security certificate stored in the UEFI. The approaching expiration of these certificates necessitates updates to maintain system security.
Updated 2023 certificates are being automatically delivered to consumer devices and some business devices through Windows Update. The Windows Security app will now indicate whether a device has received these updates, its current status, and if any action is required. More information about the updates can be found at aka.ms/getsecureboot.
For IT administrators, the new enhancements within the Windows Security app are disabled by default on managed devices. However, administrators can enable these features using existing controls, as detailed in this article. The update signals Microsoft’s proactive approach to maintaining the integrity of the Windows ecosystem.
On Windows Server 2019 and newer versions with the Desktop Experience, the Windows Security app and its Device security page, including the Secure Boot section, are present. However, the Windows Security notification service does not automatically start on Server, meaning Secure Boot certificate status checks won’t occur automatically. Users will necessitate to manually launch the Windows Security app to view badge, notification, or status updates. Further details about the certificate renewal process and how to check your PC’s status can be found here.
Updating Secure Boot requires not only changes at the Windows level but likewise firmware updates from PC manufacturers and compatibility with newer certificate chains. This coordinated effort is essential for a smooth transition and continued system protection.
