windows-security-app-secure-boot-certificate-status-update-expiration-date-2026 title: Windows Security App Secure Boot Certificate Status Update Approaches Expiration Date 2026
Microsoft Introduces New Status Indicators for Secure Boot Certificates
Microsoft has implemented new status indicators within the Windows Security app to assist IT administrators in monitoring the secure boot certificate status of their devices.
Background Information
Microsoft’s secure boot certificates, issued in 2011, will expire in 2026. To address this, the company has introduced new indicators to display whether a device has received updated certificates and its current certificate state.
Implementation Details
The new indicators are disabled by default on managed devices, which include Windows 10 and Windows 11 clients. However, they are enabled by default on unmanaged devices, such as those running Home and Pro editions of Windows.
“Administrators can control the feature using a registry entry, specifically the ‘HideSecureBootStates’ key, where a value of 0 enables the feature and a value of 1 disables it.”
Roadmap
- Phase one: Scheduled for April 8, 2026, for certain Windows 11 and Windows Server 2025 versions, and April 14, 2026, for other Windows 10 and Windows Server versions.
- Phase two: Set for May 16, 2026, for Windows 11 and Windows Server 2025, and May 13, 2026, for other Windows 10 and Windows Server versions.
About Author
English