Notebookcheck Logo

Microsoft Autopatch adds Secure Boot report to block boot loops

The cloud-managed Microsoft Autopatch platform handles core enterprise software updates to maintain fleet compliance.
ⓘ Microsoft.com
The cloud-managed Microsoft Autopatch platform handles core enterprise software updates to maintain fleet compliance.
Prevent enterprise BitLocker recovery loops and boot failures. The new Microsoft Autopatch Secure Boot status report validates critical firmware certificate updates.
Software Security Microsoft Windows

Microsoft rolled out a Secure Boot status report for Windows Autopatch to keep corporate PCs from crashing ahead of a major firmware deadline. The update deals with expiring Third-Party UEFI Certificate Authority keys. If enterprise machines do not get the new Windows UEFI CA 2023 certificates before the June cutoff, they risk failing to boot or getting stuck in BitLocker recovery loops.

Rather than just checking if a policy reached a PC, Autopatch now uses live hardware telemetry to verify actual readiness. This gives sysadmins a realistic view of how their machines are handling the firmware migration before Microsoft triggers automated enforcement.

Tracking confidence levels in Intune

Found inside the Microsoft Intune admin center, the new report automatically groups managed hardware based on live system data. It sorts endpoints into five distinct statuses: High confidence, Under observation, No data observed, Temporarily paused, and Not supported.

This sorting allows Autopatch to handle updates without breaking systems. Machines marked High confidence get the new certificates automatically through standard Windows Update paths. If a computer shows up as Temporarily paused, it means there is a known hardware or OEM firmware conflict, telling the system to hold off until a stable BIOS patch drops.

Locating the report and event logs

Admins can access these metrics under the Windows quality updates tab in Intune, which now features a dedicated Certificate status column. Devices here are labeled as Up to date, Not up to date, or Not applicable. Note that it takes about 12 hours after a reboot for local client diagnostics to update on the cloud dashboard.

To check a specific computer on the ground, techs can jump straight into the local Windows System Event Log. Look for Event ID 1808, which confirms the hardware successfully applied the new 2023 certificates to the firmware. If the deployment fails or is blocked, the machine logs Event ID 1801 instead. 

Tracking these error events early allows IT teams to pinpoint compatibility blocks and apply necessary OEM firmware fixes before the hard June deadline triggers a sudden boot failure across the company.

Google LogoAdd as a preferred source on Google
Mail Logo
static version load dynamic
Loading Comments
Comment on this article

Related Articles

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2026 06 > Microsoft Autopatch adds Secure Boot report to block boot loops
Darryl Linington, 2026-06- 8 (Update: 2026-06- 8)