Microsoft has added a deceptively simple feature to Windows that could help millions of users discover their computers aren't as protected as they thought.

Buried in this month's Patch Tuesday release — Microsoft's regular bundle of security fixes — is a new status indicator that confirms whether Secure Boot is actually running on your machine. According to reporting by ZDNet, the feature appears after installing the April 2026 updates and provides a clear yes-or-no answer to a question most users didn't know to ask.

The Security Layer You Can't See

Secure Boot is one of those protections that works invisibly when it's functioning, which creates a dangerous assumption problem. It's a security standard that prevents malicious code from hijacking your computer during the startup process — before Windows even loads and before traditional antivirus software can intervene.

When your PC boots up, Secure Boot verifies that each piece of startup software has a valid digital signature from a trusted source. If something's been tampered with or replaced by malware, the system refuses to load it. This blocks an entire category of sophisticated attacks, including rootkits that burrow deep into a system's foundation and boot-sector viruses that were once devastatingly common.

The problem is that Secure Boot can be disabled in your computer's firmware settings, either deliberately or accidentally. A BIOS update might reset it. A well-meaning technician might turn it off while troubleshooting. Some users disable it themselves to install Linux or older operating systems, then forget to re-enable it.

Until now, confirming Secure Boot's status required navigating to System Information or diving into PowerShell commands — steps most people would never take. The new update changes that by surfacing the information where users will actually see it.

What This Means for You

The timing matters. Boot-level attacks have become increasingly sophisticated as traditional malware defenses have improved. When attackers can't easily compromise a running system, they target the boot process instead, establishing persistence before security software even initializes.

Secure Boot has been a standard feature on Windows PCs since Windows 8 launched in 2012, and it's required for Windows 11. But "available" and "enabled" are very different states. Microsoft's own telemetry has likely revealed a significant gap between devices that support Secure Boot and devices where it's actually active — hence this new visibility measure.

The April update doesn't just add the indicator. As reported by ZDNet, it also patches multiple security vulnerabilities, continuing Microsoft's monthly cadence of addressing discovered flaws. The Secure Boot status display appears to be Microsoft's acknowledgment that passive security features only work when they're actually turned on.

Checking Your Status

After installing the latest Windows updates, users should see their Secure Boot status displayed in the Windows Security app. If it shows as disabled, re-enabling it typically requires entering your PC's UEFI firmware settings during startup — usually by pressing a key like F2, Delete, or F12 immediately after powering on.

The process varies by manufacturer, but the setting is generally found under Boot or Security menus. Enabling it is straightforward on most modern systems, though older dual-boot configurations or certain hardware setups may require additional steps.

One critical note: if Secure Boot shows as "not supported," your hardware may be too old to include the feature, or you may be running in legacy BIOS mode rather than UEFI mode. Converting from legacy to UEFI typically requires a clean Windows installation, so this becomes a more complex decision.

The Broader Security Picture

This change reflects Microsoft's evolving approach to consumer security — making protection status visible rather than assuming users will seek it out. It's similar to how browsers now prominently display connection security and how smartphones show update status.

The challenge with foundational security features is that they're most effective when least noticeable. Users don't think about Secure Boot because it works silently in the background. But that invisibility becomes a liability when the feature isn't actually running.

By surfacing this information in regular update notifications, Microsoft is essentially performing an automated security audit for millions of devices. Users who discover Secure Boot is disabled now have the knowledge to address it. Those who confirm it's enabled gain assurance their boot process is protected.

The April Patch Tuesday update is available now through Windows Update. As always with security patches, installation is recommended promptly — both for the vulnerability fixes and, now, for the visibility into whether your PC's deepest defenses are actually standing guard.