– Microsoft’s new Secure Boot status report uses live hardware telemetry, not just policy checks, to verify readiness.
– The report sorts managed devices into five statuses: High confidence, Under observation, No data observed, Temporarily paused, and Not supported.
– Machines marked High confidence automatically receive new UEFI CA 2023 certificates; Temporarily paused devices are blocked due to known firmware conflicts.
– Admins can monitor device status via a dedicated Certificate status column in the Windows quality updates tab within Intune.
– Locally, Event IDs 1808 (success) and 1801 (failure/block) in the System Event Log help IT teams identify and fix compatibility issues before the June deadline.
Microsoft rolled out a Secure Boot status report for Windows Autopatch to keep corporate PCs from crashing ahead of a major firmware deadline. The update deals with expiring Third-Party UEFI Certificate Authority keys. If enterprise machines do not get the new Windows UEFI CA 2023 certificates before the June cutoff, they risk failing to boot or getting stuck in BitLocker recovery loops.
Live Telemetry Integration
Rather than just checking if a policy reached a PC, Autopatch now uses live hardware telemetry to verify actual readiness. This gives sysadmins a realistic view of how their machines are handling the firmware migration before Microsoft triggers automated enforcement.
Status Grouping in Intune
Found inside the Microsoft Intune admin center, the new report automatically groups managed hardware based on live system data. It sorts endpoints into five distinct statuses: High confidence, Under observation, No data observed, Temporarily paused, and Not supported.
This sorting allows Autopatch to handle updates without breaking systems. Machines marked High confidence get the new certificates automatically through standard Windows Update paths. If a computer shows up as Temporarily paused, it means there is a known hardware or OEM firmware conflict, telling the system to hold off until a stable BIOS patch drops.
Dashboard Metrics Access
Admins can access these metrics under the Windows quality updates tab in Intune, which now features a dedicated Certificate status column. Devices here are labeled as Up to date, Not up to date, or Not applicable. Note that it takes about 12 hours after a reboot for local client diagnostics to update on the cloud dashboard.
Local Event Log Checks
To check a specific computer on the ground, techs can jump straight into the local Windows System Event Log. Look for Event ID 1808, which confirms the hardware successfully applied the new 2023 certificates to the firmware. If the deployment fails or is blocked, the machine logs Event ID 1801 instead.
Tracking these error events early allows IT teams to pinpoint compatibility blocks and apply necessary OEM firmware fixes before the hard June deadline triggers a sudden boot failure across the company.