Windows 11 April Update: Check if Secure Boot 2023 Certificate is Enabled on Your PC

Windows 11 April Update: Check if Secure Boot 2023 Certificate is Enabled on Your PC

Enhancements in the Windows 11 April 2026 Update: Secure Boot Certificate Status

The April 2026 Update from Microsoft has introduced several significant enhancements, notably the added flexibility of enabling or disabling Smart App Control without necessitating a full Windows 11 reinstallation. Another crucial upgrade is the inclusion of Secure Boot certificate status within the Windows Security app—a feature that deserves careful consideration.

Secure Boot certificates play a pivotal role in validating boot software. When these certificates expire, systems can become vulnerable to boot-level malware, commonly referred to as bootkits, and unauthorized modifications, potentially leading to severe security risks.

It’s been widely recognized that Secure Boot certificates first issued in 2011 are set to expire in June 2026. Microsoft has committed to replacing these older certificates with updated Secure Boot 2023 versions via Windows Update. While this initiative offers a promising solution, many users have found the status of their Secure Boot unclear.

Previously, users could confirm their Secure Boot certificate status using PowerShell commands or by delving into Event Viewer logs. However, these procedures are not user-friendly, prompting Microsoft to integrate Secure Boot certificate status directly into the Windows Security interface.

Accessing Secure Boot Status in Windows Security

With this update, users can easily verify their Secure Boot capabilities. By navigating to the Windows Security app and clicking on the Device Security page, individuals can quickly check if Secure Boot is activated and if their certificates are current.

Secure Boot certificate status in Windows 11

For example, my PC shows that Secure Boot 2023 certificates are in place, with the Windows Security app indicating that no further actions are required. The alert reads: “Secure Boot is on, and all required certificate updates have been applied. No further certificate changes are needed.”

It’s vital to note that Secure Boot is a fundamental requirement for the installation and operation of Windows 11. Those who bypassed this prerequisite during their upgrade from Windows 10 may encounter warnings informing them that Secure Boot is not enabled, along with messages indicating the absence of newer certificates.

How the Secure Boot Status Functions

According to Microsoft, the Secure Boot status feature is being rolled out through Windows 11 KB5083769 (Build 26200.8246 / 26100.8246 or later).However, this feature may not appear on all devices immediately, and the complete rollout is anticipated to conclude by the end of April 2026.

Microsoft states, “Updated 2023 certificates are being delivered automatically through Windows Update. The Windows Security app now shows whether your device has received these updates, what your current status is, and whether any action is needed, ” as detailed in a support document referenced by Windows Latest.

While my system confirms the successful application of the Secure Boot 2023 certificate, this may not hold true for every device. Microsoft is actively engaged in replacing the Secure Boot certificates, and this rollout will be gradual, with completion aimed before June 2026, coinciding with the expiration date of the original Secure Boot 2011 certificates.

Verifying Secure Boot Certificate Expiry Status in Windows 11

Users can swiftly assess their Secure Boot security status by checking the badge in Windows Security > Device Security > Secure Boot.

The Secure Boot section showing the “fully updated” status with a green checkmark icon.
The Secure Boot section showing the “fully updated” status with a green checkmark icon.

If the status is green, your device is fully protected. Conversely, a yellow status indicates a recommendation for action, such as contacting your PC manufacturer for updated firmware.

The Secure Boot section showing the “Not yet updated” status with a yellow warning icon.
The Secure Boot section showing the “Not yet updated” status with a yellow warning icon.

A yellow warning signifies that the firmware currently in use does not permit the rollout of newer Secure Boot certificates. Additionally, a red icon indicates that your system requires immediate attention regarding Secure Boot; this could arise if the Secure Boot requirements were bypassed during the installation of Windows 11.

Status Definition Recommended Action
🟢 Green Check Mark Your device is secure and no action is required. No action required.
🟡 Yellow Warning A safety recommendation is in place. Review notifications and update if necessary.
🔴 Red X Your device requires immediate intervention. Address the issue promptly.

Nevertheless, there is no cause for alarm, as Microsoft assures that it will handle Secure Boot certificates on the majority of computers. It’s essential to note that even if your device does not receive the new Secure Boot 2023 certificates, it does not imply instability. The vast majority of consumers are unlikely to encounter security issues stemming from outdated Secure Boot certificates.

Source & Images

Related Articles:

Unionized MindsEye Developers Sue Build a Rocket Boy Management for Employee Surveillance
Samsung Delays HBM5E Memory Production Indefinitely Due to Underperforming D1d DRAM Yields

Leave a Reply

Your email address will not be published. Required fields are marked *