Hey everyone! I'm curious about how you're all addressing the upcoming Secure Boot certificate expirations set for 2026. Is this on your radar? Are you feeling a bit of panic, or are you just hoping it'll sort itself out? Do you have any automation in place for updates? I'd love to hear how you're approaching this situation!
5 Answers
It seems straightforward at first, but once my team realized we have over 50 different models and over 20,000 endpoints, it got complicated! We need to upgrade the BIOS on most of them, some can be done remotely, while others will require manual work. We really need to get this sorted before opting into the registry changes, but we're not even sure what the consequences are if we miss the deadline.
There are loads of discussions out there about this! It's super important to handle it before the expiration date; otherwise, you could face real issues. Better to tackle it now than regret it later!
I've raised this issue with my team a few times, but they don’t seem to care much because they think the systems will still boot. They're caught up with other priorities. I'm trying to sort out an inventory process to gauge how big this issue could be, but my plate is already full with tickets and customer requests.
Just wait until the updates start rolling in every 47 days! It's going to be a wild ride.
Just to clarify, those specific updates aren't for the same certificates we're discussing.
We enabled some registry keys through Intune and set up Dell Command Update to run weekly. We're making good progress on this front, about 90% complete now!
Just a heads up, that approach might not be suitable for servers.
Yeah, the problems aren’t just far off; they could hit you right away! Devices might still boot, but they become vulnerable to rootkit attacks.