Microsoft’s original Secure Boot certificates, issued back in 2011, expire in June 2026. That’s roughly 73 days from now. If your organisation’s Windows devices haven’t received the updated 2023 certificates, they’ll lose the ability to install new boot-level security protections — and that’s a problem that gets worse over time. Microsoft’s own advisory is clear: act now, not later.

For not-for-profits, this is particularly worth paying attention to. NFPs tend to run mixed fleets of hardware — some newer machines purchased with grant funding, some older devices donated or stretched well past their intended lifespan. Those older machines are the ones most likely to be missing the updated certificates. They won’t stop working on the day the certs expire, but they’ll silently stop receiving boot-level security patches. That means new firmware vulnerabilities discovered after June won’t be fixable on those devices. For organisations handling donor records, client data, or sensitive case files, that’s an unacceptable gap.

The good news is that the fix is straightforward if you act before the deadline. Devices built since mid-2024 almost certainly have the new certificates already. For older machines, the update can be pushed via Group Policy, Microsoft Intune, or a simple registry change. Microsoft has published a full playbook with step-by-step instructions. If your IT setup is managed internally by a volunteer or part-time staffer, this is worth flagging with them now — it’s a quick job if done proactively, but a headache if discovered after the deadline.

If you’re not sure which of your devices need attention, our NFP IT team can run a quick audit across your fleet and apply the updates. Better to sort it in April than scramble in June.