With the Secure Boot certificate expiration date fast approaching (June 2026), Microsoft has released a new recommendation in Microsoft Defender to assist assessing the readiness of your environment.
Off course, this means devices (either client or server) must be onboarded onto Microsoft Defender, which can be done either with Intune for clients or scripts or SCCM package for servers or clients not managed by Intune.
To review if you have devices which still need to be remediated, connect to your Security/Defender portal (Home – Microsoft Defender) to access the Exposure management\recommendations blade.
From there open the Misconfiguration option for Devices and search for Ensure devices are updated to Secure Boot 2023 certificates and boot manager.
