Modern endpoint security doesn’t start when the operating system loads – it starts much earlier, at the firmware level.
One of the most important developments in this space recently has been the need for organisations to update and align to the latest Secure Boot certificates. While this is a critical step in strengthening device trust and protecting against low-level threats, it has presented a real challenge for many IT teams.
The Challenge Organisations Are Facing
While this update has been sign-posted for some time, the nature of it sitting outside of regular patching processes has meant that it has been one where action has been neglected by some IT departments, and in truth the world wont collapse if the deadline is missed. Sitting at the intersection of firmware, operating systems, and device configuration – meaning success depends on multiple factors being correctly aligned. Across many environments, organisations are encountering challenges such as:
- Devices requiring coordinated firmware (BIOS/UEFI) updates
- Dependencies on Windows Update and device check-ins
- Configuration inconsistencies, such as Secure Boot not being enabled
- Users needing to restart devices at the right point in the process
- Limited visibility over where devices are in the update journey
For organisations managing devices in a traditional or fragmented way, this creates a significant operational burden. Devices may be distributed, inconsistently managed, or reliant on users being physically present – making coordinated progress difficult.
Our Approach: Structured, Consistent, and Tailored
While every customer environment is different, we approached this challenge in a consistent and controlled way across all clients. As an MSP managing lots of environments, we are lucky in many ways that we have been planning and executing updates such as these at scale all the time. This activity for our customers led itself to ownership via small discrete targeted technical activity, with a structured methodology that could be tailored to each environment without losing consistency.
Our approach included:
1. Establishing Visibility We worked to quickly understand the state of each device estate – identifying where devices were compliant, in progress, or blocked. This provided a clear baseline and allowed us to prioritise effort effectively.
2. Categorising and Resolving Blockers Rather than treating this as a single issue, we broke it down into common scenarios such as firmware dependencies, reboot requirements, update sequencing, and configuration gaps.
Each category was addressed with the appropriate technical action.
3. Remote Remediation at Scale Because our customers’ devices are managed through Microsoft Intune, we were able to take decisive action remotely – regardless of device location.
This allowed us to:
- Push required updates centrally
- Trigger and monitor remediation activities
- Guide devices through the necessary stages without disruption to end users
4. Continuous Monitoring and Progress Tracking We maintained ongoing visibility throughout the activity, ensuring that progress continued and that any newly surfaced issues were quickly addressed.
Why Modern Management Made the Difference
A key enabler in this activity has been the use of modern device management.
For our customers, being managed through Intune meant we could:
- Maintain a real-time view of device status
- Take remote action without requiring physical access
- Apply consistent controls across the entire estate
- Progress updates even when devices are off-site or mobile
In contrast, organisations relying on traditional management approaches often face delays, reduced visibility, and a reliance on manual intervention.
The Outcome
While the technical complexity of Secure Boot certificate updates should not be underestimated, the right approach makes a significant difference. Through a structured, repeatable methodology combined with modern management, we have successfully driven this activity forward across multiple customer environments.
The result is:
- Stronger assurance around device trust and boot integrity
- A consistent and controlled update process
- Continued progress toward fully aligned, secure estates
Final Thoughts
Security improvements at the firmware level are becoming increasingly important – but they also highlight the gap between traditional and modern IT management approaches. This activity has reinforced a clear message:
Organisations with modern, cloud-managed device estates are significantly better positioned to respond to emerging security requirements – quickly, consistently, and at scale.