{"id":13336,"date":"2025-10-16T03:00:55","date_gmt":"2025-10-15T18:00:55","guid":{"rendered":"https:\/\/m365jp.net\/?p=13336"},"modified":"2025-10-16T03:04:51","modified_gmt":"2025-10-15T18:04:51","slug":"mc1173103-secure-boot-certificate-deployment-guide-and-tools","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-10-16-mc1173103-secure-boot-certificate-deployment-guide-and-tools","title":{"rendered":"MC1173103 | Secure Boot certificate deployment guide and tools"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1173103 | Secure Boot certificate deployment guide and tools<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>preventOrFixIssue<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>10\/15\/2025 17:10:43<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>10\/15\/2025 17:10:42<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>10\/15\/2026 17:10:42<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<div>Use the newly published guide and tools to start updating your organization\u2019s expiring Secure Boot certificates. As the 2011 certificate authorities (CAs) start expiring in June 2026, 2023 CAs are required. Updated CAs allow Secure Boot to continue preventing   malware early in the startup sequence. New resources are available for you to start monitoring, deploying, and troubleshooting Secure Boot CAs. These include the deployment playbook, new registry keys, Windows Event Log, and Windows Configuration System (WinCS)   APIs.&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>When will this happen:<\/b>&nbsp;<\/div>\n<ul>\n<li>The deployment guide, new registry keys, and WinCS are available today.&nbsp;<\/li>\n<li>The 2023 Secure Boot CAs are rolling out gradually as part of Windows monthly updates starting with the October 2025 security update.&nbsp;<\/li>\n<li>Additional tools will be available soon.&nbsp;<\/li>\n<li>The 2011 CAs start expiring beginning in June 2026.&nbsp;<\/li>\n<\/ul>\n<div>&nbsp;<\/div>\n<div><b>How this will affect your organization:<\/b>&nbsp;<\/div>\n<div>Devices manufactured before 2012 and those that don\u2019t already have new certificates need to be updated with the 2023 CAs. We recommend taking measures well before the 2011 CAs start expiring.&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>What you need to do to prepare:<\/b>&nbsp;<\/div>\n<div>If your organization sends diagnostic data and lets Microsoft manage your updates, your devices will automatically get updated CAs with the monthly Windows updates. You can also opt in to let Microsoft determine high-confidence devices that will get these   CAs first.&nbsp;&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div>If you prefer to deploy these CAs yourself, follow the deployment playbook to monitor, deploy, and troubleshoot Secure Boot updates. You can use new registry keys, Windows Event Log, and WinCS to do so.&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>Additional information:<\/b>&nbsp;<\/div>\n<ul>\n<li>Find the deployment playbook in the updated <a href=\"https:\/\/support.microsoft.com\/topic\/secure-boot-certificate-updates-guidance-for-it-professionals-and-organizations-e2b43f9f-b424-42df-bc6a-8476db65ab2f\" rel=\"noopener noreferrer\" target=\"_blank\">  Secure Boot certificate updates: Guidance for IT professionals and organizations.<\/a>&nbsp;&nbsp;<\/li>\n<li>Learn how to use new <a href=\"https:\/\/support.microsoft.com\/topic\/registry-key-updates-for-secure-boot-windows-devices-with-it-managed-updates-a7be69c9-4634-42e1-9ca1-df06f43f360d\" rel=\"noopener noreferrer\" target=\"_blank\">  registry keys<\/a> to monitor, deploy, and troubleshoot Secure Boot CAs.&nbsp;<\/li>\n<li>Learn how to use new <a href=\"https:\/\/support.microsoft.com\/topic\/windows-configuration-system-wincs-apis-for-secure-boot-d3e64aa0-6095-4f8a-b8e4-fbfda254a8fe\" rel=\"noopener noreferrer\" target=\"_blank\">  Windows Configuration System (WinCS) APIs<\/a> to deploy Secure Boot CAs.&nbsp;<\/li>\n<li>Learn how to use <a href=\"https:\/\/support.microsoft.com\/topic\/secure-boot-certificate-updates-guidance-for-it-professionals-and-organizations-e2b43f9f-b424-42df-bc6a-8476db65ab2f#bkmk_monitoring_event_logs\" rel=\"noopener noreferrer\" target=\"_blank\">  Windows Event Log<\/a> to monitor Secure Boot CA updates.&nbsp;&nbsp;<\/li>\n<li>Bookmark <a href=\"https:\/\/support.microsoft.com\/topic\/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e\" rel=\"noopener noreferrer\" target=\"_blank\">  Windows Secure Boot certificate expiration and CA updates<\/a> as the landing page to the most up-to-date information.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<div>\u65b0\u3057\u304f\u516c\u958b\u3055\u308c\u305f\u30ac\u30a4\u30c9\u3068\u30c4\u30fc\u30eb\u3092\u4f7f\u7528\u3057\u3066\u3001\u7d44\u7e54\u306e\u6709\u52b9\u671f\u9650\u304c\u5207\u308c\u308b\u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u3092\u958b\u59cb\u3057\u307e\u3059\u30022011 \u8a8d\u8a3c\u5c40 (CA) \u306e\u6709\u52b9\u671f\u9650\u304c 2026 \u5e74 6 \u6708\u306b\u59cb\u307e\u308b\u305f\u3081\u30012023 CA \u304c\u5fc5\u8981\u3067\u3059\u3002\u66f4\u65b0\u3055\u308c\u305f CA \u306b\u3088\u308a\u3001\u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8\u306f\u8d77\u52d5\u30b7\u30fc\u30b1\u30f3\u30b9\u306e\u65e9\u3044\u6bb5\u968e\u3067\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u9632\u6b62\u3057\u7d9a\u3051\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8 CA \u306e\u76e3\u8996\u3001\u5c55\u958b\u3001\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u3092\u958b\u59cb\u3059\u308b\u305f\u3081\u306e\u65b0\u3057\u3044\u30ea\u30bd\u30fc\u30b9\u3092\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002\u3053\u308c\u3089\u306b\u306f\u3001\u30c7\u30d7\u30ed\u30a4 \u30d7\u30ec\u30a4\u30d6\u30c3\u30af\u3001\u65b0\u3057\u3044\u30ec\u30b8\u30b9\u30c8\u30ea \u30ad\u30fc\u3001Windows \u30a4\u30d9\u30f3\u30c8   \u30ed\u30b0\u3001Windows \u69cb\u6210\u30b7\u30b9\u30c6\u30e0 (WinCS) API \u304c\u542b\u307e\u308c\u307e\u3059\u3002&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>\u3053\u308c\u306f\u3044\u3064\u8d77\u3053\u308a\u307e\u3059\u304b:<\/b>&nbsp;<\/div>\n<ul>\n<li>\u5c55\u958b\u30ac\u30a4\u30c9\u3001\u65b0\u3057\u3044\u30ec\u30b8\u30b9\u30c8\u30ea \u30ad\u30fc\u3001WinCS \u306f\u3001\u672c\u65e5\u3088\u308a\u5165\u624b\u53ef\u80fd\u3067\u3059\u3002&nbsp;<\/li>\n<li>2023 \u5e74\u306e\u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8 CA \u306f\u30012025 \u5e74 10 \u6708\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u304b\u3089\u59cb\u307e\u308b Windows \u6708\u6b21\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u4e00\u90e8\u3068\u3057\u3066\u6bb5\u968e\u7684\u306b\u5c55\u958b\u3055\u308c\u307e\u3059\u3002&nbsp;<\/li>\n<li>\u8ffd\u52a0\u306e\u30c4\u30fc\u30eb\u306f\u307e\u3082\u306a\u304f\u5229\u7528\u53ef\u80fd\u306b\u306a\u308a\u307e\u3059\u3002&nbsp;<\/li>\n<li>2011 CA \u306e\u6709\u52b9\u671f\u9650\u306f 2026 \u5e74 6 \u6708\u304b\u3089\u958b\u59cb\u3055\u308c\u307e\u3059\u3002&nbsp;<\/li>\n<\/ul>\n<div>&nbsp;<\/div>\n<div><b>\u3053\u308c\u304c\u7d44\u7e54\u306b\u4e0e\u3048\u308b\u5f71\u97ff:<\/b>&nbsp;<\/div>\n<div>2012 \u5e74\u3088\u308a\u524d\u306b\u88fd\u9020\u3055\u308c\u305f\u30c7\u30d0\u30a4\u30b9\u3068\u3001\u65b0\u3057\u3044\u8a3c\u660e\u66f8\u3092\u307e\u3060\u6301\u3063\u3066\u3044\u306a\u3044\u30c7\u30d0\u30a4\u30b9\u306f\u30012023 CA \u3067\u66f4\u65b0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u30022011 \u5e74\u306e CA \u306e\u6709\u52b9\u671f\u9650\u304c\u5207\u308c\u308b\u304b\u306a\u308a\u524d\u306b\u5bfe\u7b56\u3092\u8b1b\u3058\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>\u6e96\u5099\u306b\u5fc5\u8981\u306a\u3053\u3068:<\/b>&nbsp;<\/div>\n<div>\u7d44\u7e54\u304c\u8a3a\u65ad\u30c7\u30fc\u30bf\u3092\u9001\u4fe1\u3057\u3001Microsoft \u306b\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u7ba1\u7406\u3092\u8a31\u53ef\u3057\u305f\u5834\u5408\u3001\u30c7\u30d0\u30a4\u30b9\u306f\u6bce\u6708\u306e Windows \u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u66f4\u65b0\u3055\u308c\u305f CA \u3092\u81ea\u52d5\u7684\u306b\u53d6\u5f97\u3057\u307e\u3059\u3002\u307e\u305f\u3001\u3053\u308c\u3089\u306e CA \u3092\u6700\u521d\u306b\u53d6\u5f97\u3059\u308b\u4fe1\u983c\u5ea6\u306e\u9ad8\u3044\u30c7\u30d0\u30a4\u30b9\u3092 Microsoft \u304c\u6c7a\u5b9a\u3067\u304d\u308b\u3088\u3046\u306b\u30aa\u30d7\u30c8\u30a4\u30f3\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002&nbsp;&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div>\u3053\u308c\u3089\u306e CA \u3092\u81ea\u5206\u3067\u5c55\u958b\u3059\u308b\u5834\u5408\u306f\u3001\u5c55\u958b\u30d7\u30ec\u30a4\u30d6\u30c3\u30af\u306b\u5f93\u3063\u3066\u3001\u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u76e3\u8996\u3001\u5c55\u958b\u3001\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u3057\u307e\u3059\u3002\u3053\u308c\u3092\u884c\u3046\u306b\u306f\u3001\u65b0\u3057\u3044\u30ec\u30b8\u30b9\u30c8\u30ea \u30ad\u30fc\u3001Windows \u30a4\u30d9\u30f3\u30c8 \u30ed\u30b0\u3001\u304a\u3088\u3073 WinCS \u3092\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>\u8ffd\u52a0\u60c5\u5831:<\/b>&nbsp;<\/div>\n<ul>\n<li>\u5c55\u958b\u30d7\u30ec\u30a4\u30d6\u30c3\u30af\u306f\u3001\u66f4\u65b0\u3055\u308c\u305f <a href=\"https:\/\/support.microsoft.com\/topic\/secure-boot-certificate-updates-guidance-for-it-professionals-and-organizations-e2b43f9f-b424-42df-bc6a-8476db65ab2f\" rel=\"noopener noreferrer\" target=\"_blank\">  \u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0: IT \u30d7\u30ed\u30d5\u30a7\u30c3\u30b7\u30e7\u30ca\u30eb\u3068\u7d44\u7e54\u5411\u3051\u306e\u30ac\u30a4\u30c0\u30f3\u30b9\u306b\u3042\u308a\u307e\u3059\u3002<\/a>&nbsp;&nbsp;<\/li>\n<li>\u65b0\u3057\u3044 <a href=\"https:\/\/support.microsoft.com\/topic\/registry-key-updates-for-secure-boot-windows-devices-with-it-managed-updates-a7be69c9-4634-42e1-9ca1-df06f43f360d\" rel=\"noopener noreferrer\" target=\"_blank\">  \u30ec\u30b8\u30b9\u30c8\u30ea \u30ad\u30fc<\/a> \u3092\u4f7f\u7528\u3057\u3066\u3001\u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8 CA \u3092\u76e3\u8996\u3001\u5c55\u958b\u3001\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u3059\u308b\u65b9\u6cd5\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u307e\u3059\u3002&nbsp;<\/li>\n<li>\u65b0\u3057\u3044 <a href=\"https:\/\/support.microsoft.com\/topic\/windows-configuration-system-wincs-apis-for-secure-boot-d3e64aa0-6095-4f8a-b8e4-fbfda254a8fe\" rel=\"noopener noreferrer\" target=\"_blank\">  Windows \u69cb\u6210\u30b7\u30b9\u30c6\u30e0 (WinCS) API<\/a> \u3092\u4f7f\u7528\u3057\u3066\u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8 CA \u3092\u30c7\u30d7\u30ed\u30a4\u3059\u308b\u65b9\u6cd5\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u307e\u3059\u3002&nbsp;<\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/topic\/secure-boot-certificate-updates-guidance-for-it-professionals-and-organizations-e2b43f9f-b424-42df-bc6a-8476db65ab2f#bkmk_monitoring_event_logs\" rel=\"noopener noreferrer\" target=\"_blank\">Windows \u30a4\u30d9\u30f3\u30c8 \u30ed\u30b0<\/a>\u3092\u4f7f\u7528\u3057\u3066\u30bb\u30ad\u30e5\u30a2   \u30d6\u30fc\u30c8 CA \u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u76e3\u8996\u3059\u308b\u65b9\u6cd5\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u307e\u3059\u3002&nbsp;&nbsp;<\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/topic\/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e\" rel=\"noopener noreferrer\" target=\"_blank\">Windows \u30bb\u30ad\u30e5\u30a2 \u30d6\u30fc\u30c8\u8a3c\u660e\u66f8\u306e\u6709\u52b9\u671f\u9650\u3068 CA \u306e\u66f4\u65b0<\/a>\u3092\u30e9\u30f3\u30c7\u30a3\u30f3\u30b0 \u30da\u30fc\u30b8\u3068\u3057\u3066\u30d6\u30c3\u30af\u30de\u30fc\u30af\u3057\u3001\u6700\u65b0\u60c5\u5831\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1173103 | Secure Boot certificate deployment guide and tools Classification preventOrFixIssue Last Updated 1 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13336","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/13336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=13336"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/13336\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=13336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=13336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=13336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}