Microsoft will roll out new Secure Boot certificates via a cumulative Windows update in 2026, making BIOS readiness a key prerequisite for a secure device fleet and effective BlackLotus mitigation.
To support this, I've published a detailed blog post on this website that walks through the full technical implementation and background.
In that post, I show how Symantec IT Management Suite (Altiris) can be used to create a dedicated reporting framework for BIOS compliance.
It covers how to identify whether HP and Dell devices meet vendor-defined minimum BIOS requirements, and how to translate this data into clear compliance states.
The solution is built around custom Altiris reports that compare installed BIOS versions with official OEM reference lists and flag systems as compliant, requiring an update, or not listed by the vendor.
This approach gives administrators centralized visibility, helps prioritize BIOS updates, and ensures systems are prepared for Microsoft's upcoming Secure Boot certificate changes.
-------------------------------------------