{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreifbym4ao4gfsudugh6xpahwi7zv2kwkpfa24xsapfu6nu7kyyd7za",
    "uri": "at://did:plc:xxrzfynfiasdpbxteqxi4jgq/app.bsky.feed.post/3mh7rj2b5tbu2"
  },
  "description": "Windows 365 Cloud PCs with Secure Boot enabled must update from 2011 to 2023 Secure Boot certificates before June 2026 to maintain protection and compatibility. PCs without Secure Boot are unaffected. Microsoft has released updates; ensure they are applied by the deadline.",
  "path": "/m365-message-center/message/mc1253743/",
  "publishedAt": "2026-03-17T01:00:10.000Z",
  "site": "https://blog.tophhie.cloud",
  "tags": [
    "here",
    "https://aka.ms/securebootW365",
    "https://aka.ms/securebootITpro",
    "https://aka.ms/getsecureboot",
    "https://aka.ms/securebootplaybook",
    "https://aka.ms/securebootFAQ"
  ],
  "textContent": "🚨\n\n**Major Update:** This post contains a significant change that may impact your organisation.\n\nBeginning in June 2026, the Secure Boot 2011 certificate authorities (CAs) will expire. To maintain Secure Boot protection and compatibility, Windows 365 Cloud PCs that have Secure Boot enabled must transition to the Secure Boot 2023 certificates before June 2026.\n\nSecure Boot helps protect Cloud PCs during startup by ensuring that only trusted bootloaders and software are allowed to run.\n\n## How this will affect your organization\n\nThis change applies to Windows 365 Cloud PCs configured with **Secure Boot enabled**.\n\nIf affected Cloud PCs continue relying on the 2011 certificates after June 2026, they may:\n\n  * Experience reduced protection against boot-level malware.\n  * Be unable to validate newer signed boot components released after June 2026.\n\n\n\nCloud PCs without Secure Boot enabled are not impacted.\n\n## What you need to do to prepare\n\nMicrosoft has released the Secure Boot 2023 certificates through supported update mechanisms.\n\nIf your Cloud PCs do not use Secure Boot:\n\n  * No action is required.\n\n\n\nIf your Cloud PCs are Generation 2 with Secure Boot enabled:\n\n  * Ensure Secure Boot remains enabled.\n  * Confirm that required updates are applied before June 2026.\n\n\n\nFor an overview of what happens when Secure Boot certificates expire, see the Microsoft documentation here.\n\n**Additional Information**\n\nReview the Secure Boot certificate guidance and update your Windows 365 Cloud PCs as needed before June 2026:\n\n  * **Secure Boot certificate updates for Windows 365:** https://aka.ms/securebootW365\n  * **Guidance for IT professionals and organizations:** https://aka.ms/securebootITpro\n  * **New Secure Boot certificates overview:** https://aka.ms/getsecureboot\n  * **Monitoring and deployment guidance:** https://aka.ms/securebootplaybook\n  * **Secure Boot FAQ:** https://aka.ms/securebootFAQ\n\n\n\nCompliance considerations\n\nNo compliance considerations identified, review as appropriate for your organization.",
  "title": "MC1253743: Action required: Secure Boot certificate updates for Windows 365 Cloud PCs before June 2026",
  "updatedAt": "2026-03-17T01:00:10.291Z"
}