Secure Boot 2023 Certs
Posted by y0da822@reddit | sysadmin | View on Reddit | 9 comments
How are you guys handling this for your servers? I can see that all my AVD machines are fine and already updated. MS only told me explicitly to do AVD - but I know this affects all Trusted Launch/Secure Boot machines
Rude_Palpitation8755@reddit
A practical approach is usually to treat this as a lifecycle problem instead of a single patch. Centralized image management, clear version tracking, and scheduled validation of Secure Boot state across environments reduce the risk of silent misconfigurations later. The update itself is simple, but consistency across infrastructure is what determines whether it stays stable.
Master-IT-All@reddit
For virtual it's pretty no brainer for hyper-v hosted systems, just update the host, and then some work in Hyper-V, then update the guests as I recall.
Bare metal install, that's more tricky and basically the same as a W11 desktop, get an updated BIOS if needed, then update the secure boot.
y0da822@reddit (OP)
I’m all azure but confused on how to handle server 2022. Looks like something has to be done manually on the os level. I’m confused because I don’t think I really understand what’s happening.
Master-IT-All@reddit
Oh, you likely only need to enable the secure boot update by flipping the registry value.
y0da822@reddit (OP)
Yea that’s what I read. Feel like I’m hitting the red button about to blow something up. Avd it did it itself. They all say updated there. What happens if I don’t do these servers?
Master-IT-All@reddit
Almost nothing. You might get a an update that won't run later.
y0da822@reddit (OP)
I feel like they should do it when hosted on azure. Messing with secure boot always concerns me that server won’t boot after. I have two domain controllers to do also.
Master-IT-All@reddit
Azure Virtual Desktops are not actually managed by you the administrator, at least not in all ways. For example, when I had some older AVD systems that couldn't update to 24H2, I found out that basically I'd need to build a new VM to replace, not upgrade.
y0da822@reddit (OP)
Yea I’m in that now going to 25H2. Never fully understood why.
I have to make all the pools again.
Granted all from an image but still.