# Secure boot readiness and compliance Microsoft Secure Boot protects devices from boot-level threats by ensuring only trusted components load during startup. The Secure Boot readiness and compliance library pack helps you monitor and validate the presence of Microsoft’s updated 2023 Secure Boot certificates across your fleet before the 2011 certificates expire. {% hint style="warning" %} Devices that do not trust the 2023 Secure Boot certificates before expiration deadlines may stop receiving critical pre-boot updates and become vulnerable or non-compliant. {% endhint %} ## Problem Microsoft’s 2011 Secure Boot certificates expire in 2026. Many organizations lack visibility into certificate trust status across endpoints. Without centralized monitoring: * Devices may not receive pre-boot security updates * New boot loaders may not be trusted * Endpoints can silently fall out of compliance * IT teams face reactive and complex remediation at scale Traditional tools do not provide fleet-wide reporting on Secure Boot trust chains, increasing operational risk. ## Solution By implementing the **Secure Boot readiness and compliance** pack, you gain real-time visibility into certificate trust across your environment. The solution enables you to: * Monitor certificate presence and trust state across all endpoints * Identify devices missing the 2023 certificates * Track readiness using a dedicated **dashboard** with clear KPIs * Filter impacted devices by OS, model, region, or business unit * Execute a **remote action** to collect certificate and boot trust data * Feed collected data automatically into dashboards for analysis This approach allows you to detect risks early and prioritize remediation before expiration deadlines. ## Benefits and outcome By implementing the **Secure Boot certificate readiness** library pack, you: * Proactively identify devices missing updated certificates * Maintain trusted boot chains and strengthen endpoint security * Prevent boot failures and service disruptions * Ensure compliance with Microsoft recommendations * Replace manual validation with automated fleet-wide monitoring * Improve operational efficiency with targeted remediation * Gain executive visibility through readiness tracking and trends ## Getting started with "Secure Boot readiness and compliance" Configure and start using your packs by following these links: * ​[Usage guide: Secure Boot readiness and compliance](/platform/library-packs/security-and-compliance/secure-boot-readiness-and-compliance/usage-guide-secure-boot-readiness-and-compliance.md) for standard users * [​Configuration guide: Secure Boot readiness and compliance](/platform/library-packs/security-and-compliance/secure-boot-readiness-and-compliance/configuration-guide-secure-boot-readiness-and-compliance.md) only accessible to users with an [administrator](/platform/user-guide/administration/account-management/roles.md#roles-administration) role. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nexthink.com/platform/library-packs/security-and-compliance/secure-boot-readiness-and-compliance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.