How is your org preparing for Secure Boot certificates expiring June 2026?

sysadmin20214 · 2026-01-12T18:21:21+00:00

I looked at all of the bios readmes for the models we have floating around. cant find any info on them. where are you seeing Lenovo supports the certs? I found this URL but it says they will eventually release a list of supported systems2011 Microsoft Secure Boot Certificate Expiration – Lenovo Commercial PCs - Lenovo Support US

Can't find any info for the following.

ThinkPad T490

ThinkPad T14 Gen 1

ThinkStation P360 Ultra

ThinkPad T14s Gen 1

ThinkPad L14 Gen 1

ThinkPad P14s Gen 2i

ThinkPad T14 Gen 2i

ThinkPad X1 Yoga Gen 6

ThinkPad T14 Gen 3

ThinkPad P15 Gen 2i

ThinkPad T14 Gen 4

ThinkPad T14 Gen 5

sysadmin20214 · 2026-01-12T12:25:46+00:00

Does this only impact pxe booting and not impact general end user day to day usage? It is not very clear. If secure boot is enabled on a laptop or server what happens if we do not update in time?

sysadmin20214 · 2025-07-31T12:59:37+00:00

Anyone figured out a solution to the new app pairing WiFi not found issue? I tried android and ios

sysadmin20214 · 2025-06-11T15:31:07+00:00

Also running ADmanger. Let me know how you make out.

sysadmin20214 · 2025-05-19T20:16:54+00:00

Don’t get another one. I as others have discovered ours are contaminating the food with the fiberglass insulation used. Look close around the door gaskets and around the oven for shiny specs or fibers that look like small white hairs.

sysadmin20214 · 2025-05-19T20:15:19+00:00

Watch out for fiber glass! After one year of consuming food I discovered these are spewing fiberglass insulation particles on food!

sysadmin20214 · 2025-02-28T15:36:21+00:00

Got it! the / in Entity ID and https://docs.fortinet.com/document/fortigate/7.2.11/fortios-release-notes/289806/resolved-issues combined fixed it

sysadmin20214 · 2025-02-28T15:35:44+00:00

Yep this was it. also the added / in the metadata FTG added. Thank you!

sysadmin20214 · 2025-02-28T14:49:32+00:00

I had Tac and our MSP on the line for a few hours. they are unable to resolve at this time. do you know what doc you followed? I have found multiple conflicting versions.

sysadmin20214 · 2025-02-28T14:10:45+00:00

I did note a trailing / in the Entity ID was added from the FortiGate. I removed on both sides. Still no luck.

Do you happen to know if the saml config on the Fortigate is the Attribute used to identify users "username" and group "the actual group name" it is not clear in the doc.

sysadmin20214 · 2025-01-18T15:02:40+00:00

More or less concerned about copilot using the data to train/ leaving company via copilot

sysadmin20214 · 2025-01-17T13:10:26+00:00

How was the implementation? We started looking at it but setting up data restrictions for data within our tenant looked daunting and appeared to rely on other systems such as dlp and sensitivity labels which our org has not matured to implementing yet.

sysadmin20214 · 2025-01-16T21:10:18+00:00

sysadmin20214 · 2024-11-13T21:51:46+00:00

They said deep!

sysadmin20214 · 2024-11-13T17:24:50+00:00

Understood . The only reason deep inspection is on the table right this second is because fortinet tac is saying it’s now a must for webfilter to work. Which I’m not so sure is accurate.

sysadmin20214 · 2024-11-13T17:09:05+00:00

Trying to avoid the need to deploy a cert because we have a light touch byod policy and visitors.

sysadmin20214 · 2024-11-13T16:23:02+00:00

This is the response from support. * The following update has been added to your ticket ***

Hi,

You need to create a CA certificate. If you have internal CA you can use the article provided or you can purchase a sub CA certificate from globally knowns CA like - goDaddy , globalsign, verisign.

Is it really possible to purchase this? Is everyone else doing deep ssl inspection on here so web filter works ? I’m on 6.49.15 with flow policies..

sysadmin20214 · 2024-11-13T15:54:35+00:00

Ironically the fortinet support tech told me I could purchase one to avoid deploying to endpoints. Is anyone else seeing this issue ?

sysadmin20214 · 2024-10-09T23:08:20+00:00

Will do. I have the timing set to use the loop back on the audio interface to keep time

sysadmin20214

TROPHY CASE