With the April 2026 Update, Microsoft shipped several meaningful changes, including the ability to turn Smart App Control on or off without reinstalling Windows 11. But another improvement that deserves attention is support for Secure Boot certificate status in the Windows Security app.Secure Boot certificates are used to validate boot software, and if they are expired, your computer could be exposed to boot-level malware (bootkits) or unauthorized modifications in the worst-case scenario.It’s been known for a while that Secure Boot certificates originally issued in 2011 are set to expire in June 2026. Microsoft has already confirmed that these older certificates will be replaced with Secure Boot 2023 via Windows Update. While that sounds like a good plan, the catch is that Secure Boot status has mostly been unclear to regular users.You can verify whether the Secure Boot 2023 certificate is applied to your computer using PowerShell commands or Event Viewer logs. But you can’t expect a regular user to be familiar with that process, which is why Microsoft is finally adding Secure Boot certificate status to Windows Security.This means that if you open the Windows Security app and go to the Device Security page, you can check whether Secure Boot is enabled and whether the certificate is up to date.In my case, Secure Boot 2023 certificates are applied, and the Windows Security app clearly reports that no action is required.“Secure Boot is on, and all required certificate updates have been applied. No further certificate changes are needed,” the alert reads.For those unaware, Secure Boot is one of the mandatory requirements for officially installing and running Windows 11. However, if you bypassed the requirement to upgrade from Windows 10, you may see a red alert stating that Secure Boot is not enabled on your PC and that you’re missing the newer certificates.How does Secure Boot status work in Windows Security?Microsoft told Windows Latest that the Secure Boot status in Windows Security is rolling out via Windows 11 KB5083769 (Build 26200.8246 / 26100.8246 or newer), but it won’t show up immediately on all PCs.It’s yet another gradual rollout, but I am told that the rollout is expected to finish by the end of April 2026, so if you don’t see it already, it should appear soon.“Updated 2023 certificates are being delivered automatically through Windows Update. The Windows Security app now shows whether your device has received these updates, what your current status is, and whether any action is needed,” Microsoft explained in a support document spotted by Windows Latest.As I mentioned, the Windows Security app clearly shows that no attention is required on my PC because the Secure Boot 2023 certificate is already applied. But that might not be the case for everyone.Microsoft says it’s still working to replace Secure Boot certificates, and it’s a slow rollout with plans to wrap up before June 2026, which is when the original Secure Boot 2011 certificates expire.How can you verify the Secure Boot certificate expiry status in Windows 11?You can quickly verify how secure your Secure Boot setup is by looking at the badge in Windows Security > Device Security > Secure Boot.The Secure Boot section showing the “fully updated” status with a green checkmark icon.If it’s green, your device is fully protected, but if it’s yellow, it means there’s a recommendation for you. A recommendation could be to reach out to your PC manufacturer for updated firmware.The Secure Boot section showing the “Not yet updated” status with a yellow warning icon.This happens when the current firmware does not allow Microsoft to roll out newer Secure Boot certificates via Windows Update.The Secure Boot section showing the “Requires action” status with a red stop icon.There’s also a red icon, which means Windows needs immediate attention for Secure Boot, and you’re likely to run into it when it’s impossible for Microsoft to apply the certificates to your PC due to hardware limitations. For example, this could happen if you bypassed Windows 11’s Secure Boot requirements and installed the operating system.StatusOfficial definitionCourse of action recommended by MSFTGreen check markYour device is protected and no action is needed.No action needed.Yellow warningYour device has a safety recommendation.Check the message and update your device if needed.Red XYour device needs immediate attention.Fix the issue as soon as possible.In either case, you don’t have to panic, as Microsoft has assured that it’ll take care of Secure Boot certificates on most PCs.Even if you never receive Secure Boot 2023 certificates, it doesn’t mean your device is unstable. Most consumers will almost never experience security issues due to outdated Secure Boot certificates.The post Windows 11 April update now reveals if Secure Boot 2023 certificate is applied to your PC appeared first on Windows Latest