# "Secure Boot" Page of the Patch My PC Advanced/Patch Insights for Intune Dashboard *Applies to: Advanced Insights for Intune* {% hint style="info" %} **Note** The **Secure Boot** page is only available in Advanced Insights for Intune, which requires an Enterprise Premium license. {% endhint %} {% hint style="info" %} **Note** See [About Patch My PC Advanced/Patch Insights for Intune Dashboards](/patch-my-pc-cloud/insights-intune/about-dashboards.md) and [Working with Advanced/Patch Insights for Intune](/patch-my-pc-cloud/insights-intune/working-dashboards.md) for more information. Also, only devices running the Patch My PC (PMPC) Client appear on this page. See [Manage the Patch My PC Client](/patch-my-pc-cloud/manage/settings/client.md) for more details on deploying and managing the PMPC Client. {% endhint %} Secure Boot reporting is another feature of Advanced Insights for Intune. The Patch My PC (PMPC) Client gathers Secure Boot inventory data, including details of the 2023 certificate rollout. The *Secure Boot* page of Advanced Insights for Intune shows key statistics from your environment and is split into the following sections: * [Statistics](#statistics) * [Table](#table) * [Device modal tab](#device-modal-tab) * [Donut charts](#donut-charts) ## Statistics The top row of the Secure Boot page is called *Statistics* and displays the following statistics.

Statistic	Shows the number of…
Secure Boot Enabled	Reported devices with Secure Boot enabled
Completed 2023 Certificate Rollout	Devices with secure boot enabled that have completed the 2023 certificate process
Devices blocked by pending reboot	Devices that require a reboot to proceed with the 2023 certificate rollout
Devices blocked by firmware	Devices that require firmware updates to complete the 2023 certificate rollout

Clicking any statistic opens the device list modal, which contains the following additional information:

Statistic	Shows information about the…
Secure Boot Enabled	Secure Boot state for devices, including: Computer Name, User Name, Manufacturer, Model, and Secure Boot Enabled.
Completed 2023 Certificate Rollout	Devices that have completed the 2023 certificate process, including: Computer Name, Manufacturer, Model, Firmware, LastEventId, DbUpdated, and KEKUpdated.
Devices blocked by pending reboot	Devices that require a reboot to continue, including: Computer Name, Manufacturer, Model, Firmware, LastEventId, DbUpdated, and KEKUpdated.
Devices blocked by firmware	Devices identified as needing a firmware update to complete the 2023 certificate rollout, including: Computer Name, Manufacturer, Model, Firmware, and Firmware Minimum.

## Table The *Table* section of the Secure Boot page lists devices and their current Secure Boot rollout data. Use this table to view detailed 2023 Certficate rollout data across all devices with Secure Boot enabled.

## Donut charts The *Donut charts* section of the Secure Boot page contains the following donut charts. Clicking the action menu (![](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAWCAMAAAAcqPc3AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAABmUExURR4eLJGSrqutzXN0jScoN0RFV4+Qraiqy2lqgmVmfXh5koyNqU1OYT0+UDAwQUFBVCkpOKKjwoqMqIiJpZGTsISGoZGTryIiMT4+UR8fLV5fdklJXaqszEhJXF1edI2Pq25viFdYbaiGMgwAAAAJcEhZcwAADsQAAA7EAZUrDhsAAABeSURBVChTvc63FoAgEERRxLgmVMzZ//9JK3anoeVVnFsMq1SQIi3F4DrhZ5qB5wW5ygq8ZiZqwFsjdeD9YF3jBO77d/bcucj8uoHvPG/tAe67/7x4537AX9j5wIP3A/rcB3/2YYkqAAAAAElFTkSuQmCC)) for a chart allows you to switch between the following views:

Chart	Shows a breakdown by…
Rollout Progress	High-level 2023 certificate rollout progress across all devices where Secure Boot is enabled.
Rollout Progress (Detailed Statuses)	Detailed 2023 certificate rollout progress across all devices where Secure Boot is enabled.

{% hint style="info" %} **Note** When you click a segment, the device list modal displays the data only for that segment. Likewise, if you switch to a different view and click a segment of the donut, the device list modal only displays the data for the selected view and that segment. {% endhint %} ## Device modal tab Clicking a device in any Secure Boot list opens that device’s modal. The **Secure Boot** tab shows detailed Secure Boot status and 2023 certificate rollout details for the selected device.

*** ## Data Explainations {% hint style="info" icon="circle-question" %} ### Data Explaination - Minimum Firmware Detection Any firmware requirements are calculated using data provided by OEMs. As such, firmware requirements can only be detected on supported models where data has been provided from HP, Dell, and Lenovo Please use the following external vendor documentation to validate model support and firmware requirements: * [DELL](https://www.dell.com/support/kbdoc/en-uk/000347876/microsoft-2011-secure-boot-certificate-expiration) * [HP](https://support.hp.com/us-en/document/ish_13070353-13070429-16) * [Lenovo](https://support.lenovo.com/us/en/solutions/ht518129) {% endhint %} {% hint style="info" icon="circle-question" %} ### Data Explaination - "Status" We compute a single **Secure Boot Status** for each device by evaluating all available Secure Boot–related properties and events. The goal is to reduce a complex and highly fragmented dataset into a single status that clearly communicates the device’s current state in the Secure Boot certificate rollout. For example, if we detect a device does not meet the minimum firmware requirements to install the 2023 Secure Boot certificates, its status is set to **`RequiresFirmwareUpdate`**. All Possible Statuses: * Unknown * Completed * RequiresFirmwareUpdate * EventId1800RebootRequired * EventId1796UnexpectedError * EventId1797Ca2023NotInDb * EventId1798BootManagerNotSigned * EventId1795FirmwareUpdateError * EventId1802BlockedByCondition * EventId1803KekNotFound * KekUpdateFailed * Uefi2023ErrorOccurred * Stage1DeployCertificates * Stage2AddCa2023ToDb * Stage3ApplyOptionRomCa2023 * Stage4ApplyMicrosoftCa2023 * Stage5ApplyKek2023 * Stage6ApplyBootmgfw * CertsInstalledPendingSignature * KekUpdatedDbPending * RolloutInProgress * RolloutNotStarted {% endhint %} {% hint style="info" icon="circle-question" %} ### Microsoft Documentation [Microsoft Support - Registry keys for Secure Boot](https://support.microsoft.com/en-us/topic/registry-key-updates-for-secure-boot-windows-devices-with-it-managed-updates-a7be69c9-4634-42e1-9ca1-df06f43f360d) [Microsoft Support - Secure Boot Event Ids](https://support.microsoft.com/en-gb/topic/secure-boot-db-and-dbx-variable-update-events-37e47cf8-608b-4a87-8175-bdead630eb69) {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.patchmypc.com/patch-my-pc-cloud/insights-intune/about-dashboards/secure-boot-page-of-the-patch-my-pc-advanced-patch-insights-for-intune-dashboard.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.