This sensor helps IT teams identify whether Windows devices are ready for the Microsoft Secure Boot certificate update and UEFI CA 2023 migration. It collects critical firmware and Secure Boot details including firmware mode, Secure Boot status, installed UEFI certificate version (UEFI CA 2011 or UEFI CA 2023), available update flags, and the current Secure Boot update status (NotStarted, InProgress, or Updated). This enables administrators to quickly identify devices still using the Windows UEFI CA 2011 certificate, monitor Secure Boot update progress, take corrective actions early, and avoid deployment or boot-related issues before the Windows UEFI CA 2011 certificate expires in 2026.
Note: Check these fields for better understanding of the current Secure Boot state:

• SecureBootCertificateName Shows whether the device uses UEFI CA 2011 or UEFI CA 2023.

• CertificateStatus Displays the status as Up-to-date or Not up to date.

• CurrentStatus Indicates the Secure Boot update progress:

  • NotStarted Device is still using UEFI CA 2011.

  • InProgress Update to UEFI CA 2023 is in progress and a reboot is required.

  • Updated Device is successfully updated to UEFI CA 2023.