> For the complete documentation index, see [llms.txt](https://docs.nexthink.com/platform/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.nexthink.com/platform/library-packs/security-and-compliance/secure-boot-readiness-and-compliance/usage-guide-secure-boot-readiness-and-compliance.md).

# Usage guide: Secure Boot readiness and compliance

{% hint style="warning" %}
This page outlines various ways to use the pack, including use case examples.

Administrators can refer to the [Configuration guide: Secure Boot readiness and compliance](/platform/library-packs/security-and-compliance/secure-boot-readiness-and-compliance/configuration-guide-secure-boot-readiness-and-compliance.md) to set up and customize the installed content.
{% endhint %}

The Secure Boot readiness and compliance library pack enables EUC teams to:

* Assess fleet readiness for Microsoft Secure Boot 2023 certificate updates.
* Identify non-compliant or at-risk devices before 2011 certificate expiration deadlines.
* Prioritize remediation using actionable insights from live dashboards and Remote Actions.
* Monitor rollout progress across firmware, certificates, and update stages.

In addition, this library pack provides preconfigured **Remote Actions** to collect accurate telemetry and support decision-making.

## Library pack uses

{% hint style="info" %}
Jump to [Use cases](#use-cases) on this page to see relevant scenario applications.
{% endhint %}

Use the library pack content for the following purposes.

### Monitoring readiness from the Summary dashboard

The **Secure Boot readiness and compliance** **live dashboard** is the starting point. The **Summary** tab consolidates key readiness indicators in one place.

<figure><img src="/files/VNiUX1sU0yjpvhnAXrzw" alt=""><figcaption></figcaption></figure>

You can:

* Identify devices requiring action via **Secure Boot and firmware posture**.
* Detect rollout blockers with **Key** **update pending state**.
* Track overall compliance using **Certificate presence**.
* Ensure eligibility using **Telemetry health**.

This view helps you quickly understand fleet posture and focus remediation efforts.

### Investigating compliance gaps

Use dashboard widgets to drill down into affected devices.

* Secure Boot and firmware posture highlights devices marked Not ready.
* Certificate presence reveals missing firmware certificates.
* Key update pending state shows devices stalled due to pending updates or reboots.

From the **live dashboard**, drill down into devices and open **Investigations** for deeper analysis.

Use the corresponding tab to drill down into the detailed metrics and device-level specifics for each section shown on the Summary (main) page.

### Collecting accurate telemetry data

The **Admin** tab relies on **Remote Actions** for up-to-date insights.

Key actions include:

* Get Secure Boot Compliance Details
* Get Windows telemetry status

Ensure these remote actions are scheduled and executed regularly. Without sufficient data, readiness insights may be incomplete.

### Supporting remediation and rollout

Use insights from the dashboard to prioritize actions:

* Deploy missing Secure Boot certificates.
* Trigger required updates.
* Enforce device reboots when needed.
* Restore telemetry configuration for affected devices.

This structured approach aligns with Microsoft’s staged rollout process.

## Use cases

In addition to the relevant use cases covered below, you may uncover other troubleshooting scenarios specific to your environment.

### Identifying non-compliant devices

Use the **Secure Boot Readiness and Compliance** **live dashboard** to find devices requiring action.

1. Open the **Summary** tab in the dashboard.
2. Review the **Secure Boot compliance** widget.
3. Select **Not ready** devices to drill down.
4. Open results in **Investigations** to analyze root causes.

Focus on devices missing certificates or failing compliance checks.

### Validating certificate readiness

Ensure devices have the required 2023 Secure Boot certificates.

1. In the **Summary** tab, locate **Certificate presence**.
2. Identify devices under **Missing certificates**.
3. Drill down to view affected endpoints.
4. Trigger remediation using deployment tools or scripts.

Devices must include:

* Windows UEFI CA 2023
* Microsoft UEFI CA 2023
* Microsoft KEK CA 2023

### Resolving update blockers

Detect devices stuck in the rollout process.

1. Go to **Update readiness** in the **Summary** tab.
2. Review devices marked **Pending**.
3. Drill down to identify causes (deployment or reboot).
4. Trigger updates or enforce reboot policies.

A status of **0x0** confirms no pending updates.

### Restoring telemetry coverage

Ensure accurate readiness classification.

1. Check **Telemetry coverage** in the dashboard.
2. Identify devices under **Not reporting**.
3. Run **Get Windows telemetry status** via **Remote Actions**.
4. Verify telemetry service and configuration.

Accurate telemetry is required for Microsoft rollout eligibility.

### Ensuring telemetry health compliance

Fix devices flagged in **Telemetry health**.

1. Open the **Telemetry health** widget.
2. Drill down into devices marked **Action needed**.
3. Investigate issues such as:
   * Disabled telemetry service
   * Diagnostic data levels
   * Unknown configuration states
4. Apply configuration fixes using endpoint management tools.

Healthy telemetry ensures proper classification and update eligibility.

Each section shown in the **Summary** tab has a dedicated tab to view more detailed information in each one.

### RELATED TOPICS

* [Overview page: Secure boot readiness and compliance](/platform/library-packs/security-and-compliance/secure-boot-readiness-and-compliance.md)
* [Configuration guide: Secure Boot readiness and compliance](/platform/library-packs/security-and-compliance/secure-boot-readiness-and-compliance/configuration-guide-secure-boot-readiness-and-compliance.md)
* [Manage live dashboards](https://nexthink.gitbook.io/opd/user-guide/live-dashboards/managing-live-dashboards)
* [Manage remote actions](https://nexthink.gitbook.io/opd/user-guide/remote-actions/managing-remote-actions)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.nexthink.com/platform/library-packs/security-and-compliance/secure-boot-readiness-and-compliance/usage-guide-secure-boot-readiness-and-compliance.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.