{"id":14189,"date":"2025-12-09T07:01:11","date_gmt":"2025-12-08T22:01:11","guid":{"rendered":"https:\/\/m365jp.net\/?p=14189"},"modified":"2025-12-09T07:06:09","modified_gmt":"2025-12-08T22:06:09","slug":"mc1193371-how-to-use-microsoft-intune-to-update-expiring-secure-boot-certificates","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-12-09-mc1193371-how-to-use-microsoft-intune-to-update-expiring-secure-boot-certificates","title":{"rendered":"MC1193371 | How to use Microsoft Intune to update expiring Secure Boot certificates"},"content":{"rendered":"
\n
\n
\n\n\n\n
MC1193371 | How to use Microsoft Intune to update expiring Secure Boot certificates<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n\n\n\n\n\n\n\n\n
Classification<\/th>\nstayInformed<\/td>\n<\/tr>\n
Last Updated<\/th>\n12\/08\/2025 21:59:20<\/td>\n<\/tr>\n
Start Time<\/th>\n12\/08\/2025 21:59:19<\/td>\n<\/tr>\n
End Time<\/th>\n12\/08\/2026 21:59:19<\/td>\n<\/tr>\n
Message Content<\/th>\n\n
You can now deploy, manage, and monitor Secure Boot certificate updates. This method represents an alternative to setting registry keys and using Group Policy. You can use Intune to deploy on all domain-joined Windows clients, opt out of high-confidence buckets, and opt in to Microsoft managing these updates. <\/div>\n
 <\/div>\n
When will this happen:<\/b> <\/div>\n
The following settings are now available in the Intune settings catalog: <\/div>\n
    \n
  • Configure Microsoft Update Managed Opt-In <\/li>\n
  • Configure High-Confidence Opt-Out <\/li>\n
  • Enable SecureBoot Certificate Updates <\/li>\n<\/ul>\n
     <\/div>\n
    How this will affect your organization:<\/b> <\/div>\n
    As the 2011 Secure Boot certificates will start expiring in June 2026, it is essential that organizations start planning for and updating to 2023 certificates. You can now use Microsoft Intune, in addition to registry keys and Group Policy, to deploy, manage, and monitor this update process. The three new settings are disabled by default. Enable them to start taking advantage of the desired capabilities. <\/div>\n
     <\/div>\n
    What you need to do to prepare:<\/b> <\/div>\n
    To manage Secure Boot certificate updates in Intune, enable the new settings by navigating to the Microsoft Intune admin center: <\/div>\n
      \n
    1. Under\u202fDevices\u202f<\/b>>\u202fManage devices<\/b>,\u202fselect\u202fConfiguration<\/b>. <\/li>\n
    2. Select\u202fCreate\u202f<\/b>and select\u202fNew Policy.<\/b> <\/li>\n
    3. Select Create a profile<\/b>\u202fin the right-hand pane. <\/li>\n
    4. Fill in\u202fPlatform\u202f<\/b>with\u202fWindows 10 and later<\/b>. <\/li>\n
    5. Select the\u202fSettings Catalog<\/b>\u202funder the\u202fProfile Type<\/b>.\u202f\u200b\u200b\u200b\u200b\u200b <\/li>\n
    6. Begin creating a profile by giving the profile a name. Press\u202fNext<\/b>.\u200b\u200b\u200b\u200b\u200b\u200b <\/li>\n
    7. Under\u202fConfiguration settings<\/b>, select\u202fAdd settings<\/b>.\u202fIn the Settings picker, search for Secure Boot.<\/em>\u202fThere should be three settings in the Secure Boot category. <\/li>\n
    8. Select the desired settings for your organization: Configure Microsoft Update Managed Opt-In, Configure High-Confidence Opt-Out, and Enable SecureBoot Certificate Updates (preselected for you). <\/li>\n
    9. Finish the profile for the devices that will use these settings. <\/li>\n<\/ol>\n
Machine Translation<\/th>\n\n
\u73fe\u5728 \u3001Secure Boot\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u3092\u5c55\u958b\u3001\u7ba1\u7406\u3001\u76e3\u8996\u3067\u304d\u307e\u3059\u3002 \u3053\u306e\u65b9\u6cd5\u306f\u30ec\u30b8\u30b9\u30c8\u30ea\u30ad\u30fc\u306e\u8a2d\u5b9a \u3084\u30b0\u30eb\u30fc\u30d7\u30dd\u30ea\u30b7\u30fc\u306e \u4ee3\u66ff\u624b\u6bb5\u3067\u3059\u3002 Intune \u3092\u4f7f\u3063\u3066\u30c9\u30e1\u30a4\u30f3\u53c2\u52a0\u6e08\u307f\u306eWindows\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3059\u3079\u3066\u306b \u30c7\u30d7\u30ed\u30a4 \u3057\u3001\u9ad8\u4fe1\u983c\u5ea6\u30d0\u30b1\u30c3\u30c8\u304b\u3089\u30aa\u30d7\u30c8\u30a2\u30a6\u30c8\u3057\u3001 Microsoft\u306b\u3053\u308c\u3089\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u7ba1\u7406\u3055\u305b\u308b\u3053\u3068\u304c\u53ef\u80fd\u3067\u3059 \u3002 <\/div>\n
 <\/div>\n
\u3053\u308c\u306f\u3044\u3064\u5b9f\u73fe\u3057\u307e\u3059\u304b:<\/b> <\/div>\n
\u4ee5\u4e0b\u306e\u8a2d\u5b9a\u304c Intune   \u306e\u8a2d\u5b9a\u30ab\u30bf\u30ed\u30b0\u3067  \u5229\u7528 \u53ef\u80fd\u306b\u306a\u308a\u307e\u3057\u305f:   <\/div>\n