Coordinated industry effort across the server ecosystem

Microsoft has worked closely with the server ecosystem partners to make this transition as smooth as possible:

• Many newer server hardware and virtual machine versions built since 2024, and almost all released in 2025 are already preconfigured with the 2023 Secure Boot certificates.

• Device manufacturer and firmware partners have collaborated with Microsoft to provide supported upgrade paths for existing deployments that currently use 2011 certificates.

• Microsoft and OEMs are working together to provide holistic guidance and help customers plan and execute the update safely across diverse environments.

This coordinated effort is designed to minimize operational risk while helping to preserve the high security standards expected of modern server platforms.

Please see the Windows Blog post, “Refreshing the root of trust: industry collaboration on Secure Boot certificate updates”, to understand how Microsoft collaborated with device manufacturers and firmware partners to support an efficient and safe deployment.

Because Windows Server instances do not receive the 2023 Secure Boot certificates through Controlled Feature Rollout (CFR)—unlike Windows PCs—IT administrators must take action on servers that are in scope. As part of standard maintenance, administrators should first ensure their servers are fully up to date by installing the latest cumulative updates. They must then manually initiate the Secure Boot certificate update on Windows Server systems that have Secure Boot enabled and did not ship from the manufacturer with the 2023 Secure Boot certificates or have not otherwise been updated to include them.

Windows Server administrators call to action

Review the available methods to update Secure Boot certificates on Windows Server and plan your environment refresh well before the June 2026 expiration. Start by reviewing the official step‑by‑step guidance designed specifically for IT professionals managing server environments, which can be found here.

Microsoft has also hosted Secure Boot Ask Microsoft Anything (AMA) sessions in December 2025 and February 2026, providing deep technical context and direct answers to common questions around certificate expiration and updates. If you missed these sessions, recordings are available on demand.

If you have questions, you can join our upcoming Secure Boot AMAs in March and April and follow Windows Events on the Microsoft Tech Community to be apprised of future events. The next event is the “Secure Boot certificate updates explained - Microsoft Technical Takeoff”.

For ongoing updates, resources, and centralized guidance, bookmark the Windows Secure Boot certificate updates page. This page serves as your one‑stop resource to help understand, prepare, plan, and execute Secure Boot certificate updates on your Windows Server environment.