Boot Environment Audit

Summary

This view provides a centralized, single-pane-of-glass dashboard for monitoring the boot environment and security posture of all your Windows endpoints. By aggregating the data collected during the Boot Environment Audit, this view allows technicians to quickly identify systems that are missing critical OEM driver updates, lack proper Secure Boot configurations, or need BIOS firmware upgrades to support modern security standards (like the CA 2023 certificates). It also highlights endpoints with active network boot (PXE) configurations, alternative operating systems (Dual-Boot), or disabled recovery environments, making it simple to spot misconfigurations and vulnerabilities across your entire managed fleet.

Note: Views are user-specific and cannot be shared. Each user must create their own view.

Details

Field Name	Description
Name	The name of the endpoint.
Status	The current online or offline status of the endpoint.
Site Name	The site location to which the endpoint is assigned.
Company Name	The company or client associated with the endpoint.
Operating System	The current operating system installed on the endpoint.
BIOS Manufacturer	The manufacturer of the device's BIOS/firmware (e.g., Dell, HP, Lenovo).
SB_OEM_Updates_Count	Number of available driver updates from the OEM (Dell Command Update, HP Image Assistant, Lenovo Updates, or Windows Update).
SB_SecureBoot_Status	Current Secure Boot state: Enabled, Disabled, or Unknown.
SB_Telemetry_Status	Windows telemetry setting: Enabled or Disabled (based on registry and DiagTrack service).
SB_DB_Certificate_Status	UEFI db certificate status: Updated (CA 2023), Out of date, or Not present.
SB_KEK_Certificate_Status	UEFI KEK certificate status: Updated (Microsoft KEK 2K CA 2023), Out of date, or Not present.
SB_DBDefault_Certificate_Status	Default db certificate status: Updated (CA 2023), Out of date, or Not present.
SB_Current_Cumulative_Update	Latest installed Windows cumulative update identifier (e.g., KB5012345).
SB_Nov_2025_CU_Installed	True if the November 2025 or newer cumulative update is installed; False otherwise.
SB_BiosVersion	BIOS/firmware version string collected from the system.
SB_CA2023_Supported_BIOS_Version	Minimum BIOS version required for CA 2023 Secure Boot support per the OEM; 'Not listed' if the model is not found in the lookup.
SB_PXE_Present	True if firmware boot entries include PXE/network boot options; False otherwise.
SB_DualBoot_Or_NonWindowsEFI	True if non-Windows EFI boot entries are detected (Ubuntu, Debian, GRUB, rEFInd, etc.); False otherwise.
SB_WinRE_Enabled	True if the Windows Recovery Environment is enabled; False otherwise.
SB_Present_Conditions	Comma-separated summary of detected boot conditions (e.g., 'PXE, DualBoot/NonWindowsEFI, WinREEnabled').
SB_PXE_Evidence	Detailed boot firmware entries indicating PXE/network boot (extracted from bcdedit output).
SB_DualBoot_Evidence	Detailed boot firmware entries indicating non-Windows EFI loaders (extracted from bcdedit output).
SB_Available_Updates	Secure Boot registry value for available UEFI updates; 'Not exist' if the key is not present.
SB_UEFICA2023_Status	Secure Boot servicing registry value indicating CA 2023 enrollment status; 'Not exist' if the key is not present.
SB_UEFICA2023_Error	Secure Boot servicing registry value showing CA 2023 enrollment errors; 'Not exist' if the key is not present.
SB_WindowsUEFICA2023_Capable	Secure Boot servicing registry value indicating device hardware CA 2023 capability; 'Not exist' if the key is not present.
SB_Confidence_Level	Secure Boot servicing registry confidence level for CA 2023 enrollment; 'Not exist' if the key is not present.
SB_Confidence_Update_Type	Secure Boot servicing registry update type for CA 2023; 'Not exist' if the key is not present.
SB_BucketHash	Secure Boot servicing registry bucket hash for troubleshooting; 'Not exist' if the key is not present.
SB_Data_Collection_Time	Timestamp (yyyy-MM-dd HH:mm:ss) when the data was collected.

Dependencies

• Custom Field: SB_OEM_Updates_Count
• Custom Field: SB_SecureBoot_Status
• Custom Field: SB_Telemetry_Status
• Custom Field: SB_DB_Certificate_Status
• Custom Field: SB_KEK_Certificate_Status
• Custom Field: SB_DBDefault_Certificate_Status
• Custom Field: SB_Current_Cumulative_Update
• Custom Field: SB_Nov_2025_CU_Installed
• Custom Field: SB_BiosVersion
• Custom Field: SB_CA2023_Supported_BIOS_Version
• Custom Field: SB_PXE_Present
• Custom Field: SB_DualBoot_Or_NonWindowsEFI
• Custom Field: SB_WinRE_Enabled
• Custom Field: SB_Present_Conditions
• Custom Field: SB_PXE_Evidence
• Custom Field: SB_DualBoot_Evidence
• Custom Field: SB_Available_Updates
• Custom Field: SB_UEFICA2023_Status
• Custom Field: SB_UEFICA2023_Error
• Custom Field: SB_WindowsUEFICA2023_Capable
• Custom Field: SB_Confidence_Level
• Custom Field: SB_Confidence_Update_Type
• Custom Field: SB_BucketHash
• Custom Field: SB_Data_Collection_Time
• Custom Field: Boot Environment Audit
• Task: Boot Environment Audit
• Solution: Boot Environment Audit

View Setup Path

• Tasks Path: ENDPOINTS ➞ Devices (Preview)

View Creation

Instructions

Devices (Preview) Page - Custom View

View Name

• Boot Environment Audit

Row Density

• Compact

Columns

• Name
• Status
• Site Name
• Company Name
• Operating System
• BIOS Manufacturer
• SB_OEM_Updates_Count
• SB_SecureBoot_Status
• SB_Telemetry_Status
• SB_DB_Certificate_Status
• SB_KEK_Certificate_Status
• SB_DBDefault_Certificate_Status
• SB_Current_Cumulative_Update
• SB_Nov_2025_CU_Installed
• SB_BiosVersion
• SB_CA2023_Supported_BIOS_Version
• SB_PXE_Present
• SB_DualBoot_Or_NonWindowsEFI
• SB_WinRE_Enabled
• SB_Present_Conditions
• SB_PXE_Evidence
• SB_DualBoot_Evidence
• SB_Available_Updates
• SB_UEFICA2023_Status
• SB_UEFICA2023_Error
• SB_WindowsUEFICA2023_Capable
• SB_Confidence_Level
• SB_Confidence_Update_Type
• SB_BucketHash
• SB_Data_Collection_Time

Filters

Columns	Operator	Value
Operating System	matches	Windows

Sort

Columns	Value
Name	Sort by ASC

Completed Screenshot

Changelog

2026-05-14

• Initial version of the document