In June 2026, Windows 11 will start enforcing Secure Boot requirements that millions of PCs don't meet. Microsoft just revealed what happens to machines that don't comply, and it's going to affect a lot of users who have no idea this is coming.

This is the kind of technical policy decision that gets made in Redmond and affects millions of people who just want their computer to work.

Here's the situation: Secure Boot is a security feature that's been part of UEFI firmware since 2012. It prevents malware from loading before the operating system boots by verifying cryptographic signatures on boot loaders. From a security perspective, it's genuinely useful—rootkits and bootkits are nasty pieces of malware that are very hard to remove once installed.

Microsoft has been pushing Secure Boot requirements for years. Windows 11 technically required it from launch, but the company was lenient about enforcement. That leniency is ending. After June 2026, systems that can't meet the Secure Boot requirement will start seeing warnings and eventually may be blocked from receiving updates.

The problem is that a lot of PCs can't do Secure Boot. Older hardware doesn't support it at all. Some motherboards support it but have it disabled by default, and enabling it can break dual-boot setups with Linux. Some custom-built PCs never had it configured properly.

For enthusiasts who know what UEFI settings are, this is manageable. Check your motherboard settings, enable Secure Boot, maybe adjust some boot parameters. Done.

For everyone else—which is most people—this is going to be confusing and frustrating. Your computer works fine today. Microsoft is going to tell you it doesn't meet security requirements and might stop getting updates. That's not a great user experience.

The bigger question is whether this is the right trade-off. Secure Boot does provide real security benefits, particularly against sophisticated malware. But the threat model it addresses—bootkits and rootkits—is not the primary risk for most users. Phishing, social engineering, and unpatched software are far more common attack vectors.

Microsoft's position is that security hygiene requires everyone to meet baseline standards, even if it's inconvenient. There's logic to that. You can't have optional security features in a world where botnets exploit the weakest targets.

But forcing hardware upgrades for security features that most users won't directly benefit from feels heavy-handed. The policy makes sense for enterprise deployments and security-conscious users. For someone who just wants to check email and browse the web on a five-year-old PC, it's overkill.

The environmental angle is also worth considering. How many functioning computers are going to be thrown away because they don't support a firmware feature? Microsoft has sustainability goals; this policy seems to conflict with them.

There's still time to check if your PC supports Secure Boot and enable it. Microsoft has documentation and tools to verify compatibility. But most people won't know to look until they start seeing warnings.

The technology is solid. The policy is defensible. The user experience is going to be terrible. And the message it sends—that your working computer is suddenly inadequate—is going to generate a lot of frustration.

The question is whether Microsoft thinks the security benefits are worth the backlash. We'll find out in June.