search
Ctrlk

"Secure Boot" Page of the Patch My PC Advanced/Patch Insights for Intune Dashboard

Applies to: Advanced Insights for Intune

circle-info

Note

The Secure Boot page is only available in Advanced Insights for Intune, which requires an Enterprise Premium license.

circle-info

Note

See About Patch My PC Advanced/Patch Insights for Intune Dashboards and Working with Advanced/Patch Insights for Intune for more information.

Also, only devices running the Patch My PC (PMPC) Client appear on this page. See Manage the Patch My PC Client for more details on deploying and managing the PMPC Client.

Secure Boot reporting is another feature of Advanced Insights for Intune. The Patch My PC (PMPC) Client gathers Secure Boot inventory data, including details of the 2023 certificate rollout.

The Secure Boot page of Advanced Insights for Intune shows key statistics from your environment and is split into the following sections:

hashtag
Statistics

The top row of the Secure Boot page is called Statistics and displays the following statistics.

Statistic
Shows the number of…

Secure Boot Enabled

Reported devices with Secure Boot enabled

Completed 2023 Certificate Rollout

Devices with secure boot enabled that have completed the 2023 certificate process

Devices blocked by pending reboot

Devices that require a reboot to proceed with the 2023 certificate rollout

Devices blocked by firmware

Devices that require firmware updates to complete the 2023 certificate rollout

'Hardware' page

Clicking any statistic opens the device list modal, which contains the following additional information:

Statistic
Shows information about the…

Secure Boot Enabled

Secure Boot state for devices, including:

Computer Name, User Name, Manufacturer, Model, and Secure Boot Enabled.

Completed 2023 Certificate Rollout

Devices that have completed the 2023 certificate process, including:

Computer Name, Manufacturer, Model, Firmware, LastEventId, DbUpdated, and KEKUpdated.

Devices blocked by pending reboot

Devices that require a reboot to continue, including:

Computer Name, Manufacturer, Model, Firmware, LastEventId, DbUpdated, and KEKUpdated.

Devices blocked by firmware

Devices identified as needing a firmware update to complete the 2023 certificate rollout, including:

Computer Name, Manufacturer, Model, Firmware, and Firmware Minimum.

hashtag
Table

The Table section of the Secure Boot page lists devices and their current Secure Boot rollout data.

Use this table to view detailed 2023 Certficate rollout data across all devices with Secure Boot enabled.

Charts

hashtag
Donut charts

The Donut charts section of the Secure Boot page contains the following donut charts.

Clicking the action menu () for a chart allows you to switch between the following views:

Chart
Shows a breakdown by…

Rollout Progress

High-level 2023 certificate rollout progress across all devices where Secure Boot is enabled.

Rollout Progress (Detailed Statuses)

Detailed 2023 certificate rollout progress across all devices where Secure Boot is enabled.

Charts
Charts
circle-info

Note

When you click a segment, the device list modal displays the data only for that segment. Likewise, if you switch to a different view and click a segment of the donut, the device list modal only displays the data for the selected view and that segment.

hashtag
Device modal tab

Clicking a device in any Secure Boot list opens that device’s modal.

The Secure Boot tab shows detailed Secure Boot status and 2023 certificate rollout details for the selected device.

Charts

hashtag
Data Explainations

circle-question

hashtag
Data Explaination - Minimum Firmware Detection

Any firmware requirements are calculated using data provided by OEMs. As such, firmware requirements can only be detected on supported models where data has been provided from HP, Dell, and Lenovo

Please use the following external vendor documentation to validate model support and firmware requirements:

circle-question

hashtag
Data Explaination - "Status"

We compute a single Secure Boot Status for each device by evaluating all available Secure Boot–related properties and events. The goal is to reduce a complex and highly fragmented dataset into a single status that clearly communicates the device’s current state in the Secure Boot certificate rollout.

For example, if we detect a device does not meet the minimum firmware requirements to install the 2023 Secure Boot certificates, its status is set to RequiresFirmwareUpdate.

All Possible Statuses:

  • Unknown

  • Completed

  • RequiresFirmwareUpdate

  • EventId1800RebootRequired

  • EventId1796UnexpectedError

  • EventId1797Ca2023NotInDb

  • EventId1798BootManagerNotSigned

  • EventId1795FirmwareUpdateError

  • EventId1802BlockedByCondition

  • EventId1803KekNotFound

  • KekUpdateFailed

  • Uefi2023ErrorOccurred

  • Stage1DeployCertificates

  • Stage2AddCa2023ToDb

  • Stage3ApplyOptionRomCa2023

  • Stage4ApplyMicrosoftCa2023

  • Stage5ApplyKek2023

  • Stage6ApplyBootmgfw

  • CertsInstalledPendingSignature

  • KekUpdatedDbPending

  • RolloutInProgress

  • RolloutNotStarted

circle-question

hashtag
Microsoft Documentation

Microsoft Support - Registry keys for Secure Bootarrow-up-right

Microsoft Support - Secure Boot Event Idsarrow-up-right

Previous"Hardware" PageNext"Intune" Page

Last updated

Was this helpful?