Windows 11 Insider Build 26220.8165: Secure Boot Status, Storage Tweaks, New Feedback Hub

  • Thread Author
Windows 11 Insider Preview Build 26220.8165 is a small-looking Beta Channel release that actually sits on top of one of the most consequential Windows security transitions in years. Microsoft is using this flight to continue hardening the path from legacy Secure Boot certificates to the newer 2023 certificate set, while also refining storage behavior and reshaping Feedback Hub into a more modern reporting tool. The headline for most Insiders may be the refreshed Feedback Hub, but the deeper story is that Windows is quietly preparing consumer PCs—and some business systems—for the June 2026 Secure Boot certificate deadline. That makes this build less about flashy new UI and more about operational readiness.

Overview​

Microsoft’s Beta Channel strategy in early 2026 is unusually disciplined. Rather than flooding Insiders with broad feature drops, the company is shipping a steady cadence of targeted updates that test specific subsystems, security messaging, and user-facing workflows. Build 26220.8165 continues that pattern by grouping changes into gradual rollouts for those who have enabled the “get the latest updates” toggle and broader availability for everyone else in the channel. The structure matters because it tells us Microsoft is still relying on Controlled Feature Rollout to validate behavior before features spread further.
This build is also tied to Windows 11, version 25H2 through an enablement package, which keeps the underlying platform identity stable even as individual experiences evolve. That is typical of modern Windows servicing, but it also means Microsoft can stage changes surgically without forcing a wholesale OS jump. In practice, that gives the company room to test both consumer-facing polish and security infrastructure changes against a familiar base. The result is a Beta Channel that increasingly looks like a proving ground for near-term production behavior rather than a sandbox of speculative ideas.
The most technically meaningful addition is the new Secure Boot certificate status experience in Windows Security. Microsoft has already confirmed that its original 2011 Secure Boot certificates are approaching expiration in 2026, and that updated 2023 certificates are being delivered automatically through Windows Update on many devices. The new Windows Security app badges—green, yellow, and red—translate that background maintenance into something ordinary users can understand. That matters because security infrastructure only works when people notice the issue in time to act on it.
The other major change is in Feedback Hub. Microsoft is reworking the app into a simpler, more modern submission flow with faster category search, a redesigned navigation structure, and even a new compliment feedback type. That sounds cosmetic at first glance, but it is actually strategic. Feedback tooling is one of the most important bridges between Windows engineering and the Insider community, and a smoother reporting experience can materially improve the quality and volume of input Microsoft receives.

What’s in Build 26220.8165​

Build 26220.8165 is not a sprawling feature release, but it does touch several important surfaces. The most visible user-facing changes involve Storage, Windows Security, and Feedback Hub. Each of those areas tells a different part of the same story: Windows is trying to become more understandable, more efficient, and more predictable for both enthusiasts and enterprise administrators.
The Storage changes are practical rather than flashy. Microsoft has increased the FAT32 formatting limit from 32GB to 2TB when using the command line, improved Settings performance when navigating large volumes, and removed an unnecessary early UAC prompt from the Storage page. That combination suggests the company is still cleaning up long-standing friction points in Windows’ storage stack. It also hints at a willingness to modernize behavior that has felt artificially constrained for years.
The Network fix is narrower but still worth noting. Microsoft addressed a bug that caused Settings > Network & Internet > Data Usage to report unrealistically large values in recent Insider builds. Those kinds of issues tend to erode trust quickly because data-usage reporting is one of the few places where users expect numbers to be exact. Fixing it restores confidence in the Settings app as a source of truth.
The Windows Security app enhancements, by contrast, are more consequential. Microsoft is surfacing Secure Boot certificate status directly in Device security > Secure Boot, with color-coded badges and text that explain whether the device is fully updated, still waiting for automatic remediation, or in a state that may require action. That makes a previously invisible part of the platform visible to ordinary users. For a system security feature, that is a major design decision.

Key additions at a glance​

  • FAT32 formatting limit raised from 32GB to 2TB via command line.
  • Storage Settings navigation improved for large volumes.
  • UAC prompts delayed until temporary files are viewed.
  • Data Usage calculation bug fixed.
  • Secure Boot status now appears in Windows Security with badges.
  • Feedback Hub gets a redesigned submission and navigation experience.

Storage and File System Changes​

The storage updates in this build are easy to dismiss if you focus only on headline features, but they are actually some of the most user-friendly changes Microsoft has shipped in this flight. Raising the FAT32 command-line formatting ceiling from 32GB to 2TB is especially notable because it removes an old practical barrier that has forced users into workarounds for large removable media or cross-platform compatibility scenarios. Even if many advanced users prefer exFAT or NTFS for modern workloads, FAT32 still has a stubborn place in firmware, media devices, and mixed-environment workflows.
Performance improvements in Settings > System > Storage > Advanced Storage Settings > Disks & Volumes are also welcome because large-capacity systems have become the norm. When Windows struggles to enumerate or display storage on multi-terabyte drives, the entire Settings experience feels stale. This fix is not glamorous, but it addresses one of the most common frustrations on newer hardware: the OS must be responsive even when the storage graph is complex.
The revised behavior on the main Storage page is a subtle but smart usability change. Instead of immediately prompting for elevation, Windows now waits until the user actually tries to view temporary files. That reduces cognitive noise and makes privilege escalation feel more intentional. It also reflects a broader design trend in Windows 11: ask for permission later, when the intent is clear.

Why these storage tweaks matter​

A few details make this more significant than a routine polish release. First, it shows Microsoft is still willing to revisit old filesystem assumptions when the user experience justifies it. Second, it signals attention to large-volume PCs, which are increasingly common in creator, gaming, and pro-user setups. Third, it smooths out the Settings app in places where a single delay or prompt can make the OS feel heavier than it should.
  • Better alignment with high-capacity drives.
  • Fewer unnecessary prompts in routine navigation.
  • More practical FAT32 support for legacy-compatible workflows.
  • Improved trust in Storage as a management surface.
  • Smoother UX on systems with many partitions or disks.

Secure Boot Status Becomes Visible​

The Secure Boot update is the heart of this release. Microsoft is updating the Windows Security app so it can display the status of Secure Boot certificate updates in a way that ordinary users can understand. The app now shows green, yellow, or red badges and accompanying text that reflect whether the device has received the new certificates, whether it is still waiting, or whether action may eventually be required. That change is rolling out starting in April 2026, and Microsoft says further guidance and notifications will expand in May 2026.
This is not just a visual embellishment. Secure Boot is one of the foundational defenses in Windows because it helps ensure that only trusted software loads during the boot process. Microsoft’s original Secure Boot certificates, issued in 2011, are nearing expiration in 2026, and the company is transitioning devices to 2023 certificates. The operational problem is obvious: if users do not know whether their systems have been updated, they may discover the issue only when it becomes urgent. The new app experience solves that by bringing certificate status out of the firmware shadows and into an interface people already recognize.
There is also an important enterprise distinction here. Microsoft says the new badge and notification behavior is disabled by default on enterprise IT-managed devices and servers, which makes sense because managed environments do not want consumer-style alert noise on every endpoint. Administrators can enable the experience if they want it, but the default stance preserves control and avoids clutter. In other words, Microsoft is trying to make the feature helpful without making it intrusive.

What the badges mean​

The Windows Security app uses several states to communicate Secure Boot certificate status. A green check indicates the device is fully updated and no action is needed. A yellow state suggests the device is still using an older trust configuration but may still be updated automatically. A red state signals that the device cannot receive the needed security update through its current boot configuration, which is a more serious condition tied to vulnerability exposure.
Microsoft’s own support guidance makes one point especially clear: a green icon alone is not enough. Users should look for the text confirming that all required certificate updates have been applied. That distinction matters because iconography can be too generic on its own, and the company clearly wants the wording to do some of the interpretive work.
  • Green means the device is fully updated.
  • Yellow means the device may still need automatic remediation.
  • Red indicates a more urgent compatibility or security problem.
  • Status text adds context that the icon alone cannot provide.
  • Managed devices remain under administrator control by default.

The June 2026 Secure Boot Deadline​

This build arrives against the backdrop of a broader Microsoft security campaign. The company has stated that its original Secure Boot certificates start expiring in June 2026, with another set expiring later in October 2026. According to Microsoft, devices that have not received the updated 2023 certificates will continue to boot and operate normally for a time, but they will gradually lose the ability to receive new protections for the early boot process. That includes updates to Windows Boot Manager, Secure Boot databases, revocation lists, and mitigations for newly discovered boot-level vulnerabilities.
That distinction is critical. The immediate failure mode is not “your PC stops working tomorrow.” Instead, the danger is slower and more structural: the device becomes less capable of defending itself against pre-boot threats and less compatible with future security updates. For consumers, that means the issue may remain invisible until the wrong kind of failure occurs. For businesses, it means compliance risk can accumulate quietly across fleets.
Microsoft’s support guidance indicates that most devices will receive the update automatically through Windows Update, often with help from OEM firmware updates when necessary. That is reassuring, but not universal. Devices with old firmware, unusual boot configurations, or older hardware may not qualify for fully automatic remediation. Those are the systems most likely to surface the new yellow or red states in Windows Security.

Why Microsoft is surfacing this now​

The timing makes sense. If the certificates begin to expire in June 2026, the company needs time in April and May to educate users, validate telemetry, and reduce surprise. A sudden warning in June would be much harder to absorb, especially for devices that have been functioning normally. By adding visibility in Windows Security now, Microsoft is trying to front-load awareness before the deadline becomes a real-world support problem.
This is also a rare example of a security feature that relies heavily on good communication. The technical fix may be straightforward on many systems, but the user experience can be confusing if people do not understand what Secure Boot is or why it matters. Microsoft is effectively turning a low-level trust chain issue into an app-level guidance problem, and that is the right move.
  • Expiration begins in June 2026.
  • Later certificate expiry follows in October 2026.
  • Most consumer devices should update automatically.
  • Some hardware or firmware paths will need manual attention.
  • Early visibility is meant to reduce support panic later.

Feedback Hub Gets a Redesign​

The new Feedback Hub experience is the other major user-facing change in this flight. Microsoft says the app update is now available to Beta Insiders and includes a simplified submission flow, searchable categories, a more modernized feedback form, and a redesigned navigation layout. My Feedback now lives directly in the navigation pane, while Community feedback replaces the older All feedback terminology. The Announcements page has been removed from the main experience so the app can focus more tightly on feedback and exploration.
That sounds like a cleanup, but it is more than that. Feedback Hub is one of the few remaining Microsoft apps whose core value depends on repeated use by highly engaged users. If the interface feels slow or fragmented, Insiders are less likely to report issues consistently. By reducing friction, Microsoft is trying to make the reporting loop faster and more natural. That could improve both the quantity and the quality of submissions.
The addition of a new compliment feedback type is a particularly interesting move. Windows feedback systems often skew negative because people mostly open them when something is broken. Introducing a category for what works well can give Microsoft a more balanced signal about feature adoption, stability, and design satisfaction. It is a small idea, but potentially a very useful one.

What’s changing in the workflow​

The updated app also introduces a focused feedback surface for quicker, in-the-moment submissions. Users can still expand into the full experience, but the lighter interface lowers the barrier for short reports. The improved screenshot capture and review tooling is another important detail, because good feedback often needs visual context. If Microsoft can make it easier to attach clear images and route them through the right category, the signal-to-noise ratio should improve.
  • Simpler single-template feedback flow.
  • Better category search.
  • More prominent My Feedback access.
  • Community feedback discovery improvements.
  • New compliment feedback type.
  • Faster, smaller feedback surface for quick reports.

Beta Channel Strategy and Feature Rollout​

This build is also a reminder that Beta Channel no longer means “everything is ready soon.” Microsoft now treats the channel as a controlled testing ground where features may arrive gradually, change shape, or disappear before general release. The company explicitly warns that some previews may never ship beyond the Insider program, and that localization may still be incomplete in active-development features. That is the reality of modern Windows experimentation.
The “toggle on” model remains central to that strategy. Insiders who opt into the latest updates see changes earlier, while everyone else gets them later once Microsoft has enough signal. This tiered approach gives the company a way to measure both enthusiasm and stability without forcing every participant into the same risk profile. It is a compromise between speed and caution, and it has become the norm for Windows servicing.
The Beta Channel’s tie to version 25H2 also shows how Microsoft is decoupling feature testing from dramatic version branding. The build number matters more to Insiders than the marketing label. In practical terms, what users care about is whether the new feature behaves properly on their machines, not whether it carries a fresh version sticker. Microsoft seems to understand that better than it did in earlier eras of Windows.

What the rollout model implies​

The gradual rollout model also suggests Microsoft is using telemetry to guide not only bug fixes but feature positioning. If Secure Boot warnings trigger confusion, the company can refine wording before the message reaches millions of managed endpoints. If the new Feedback Hub flow improves submission quality, Microsoft can keep simplifying. If Storage changes reduce friction, those improvements can graduate more confidently.
  • Features may appear unevenly across Beta PCs.
  • The toggle accelerates access for eager testers.
  • Some experiments may be removed or replaced.
  • Telemetry drives the pace of expansion.
  • Build numbers matter more than branding labels in Insider channels.

Enterprise and Consumer Impact​

The consumer impact of this build is mostly positive and relatively straightforward. Home users benefit from clearer guidance on Secure Boot, better Storage behavior, and a simpler way to send feedback. For many people, the biggest practical advantage is the ability to see a security status that would otherwise remain hidden until it became a problem. That kind of transparency is useful precisely because it is boring when things are healthy and useful when they are not.
For enterprises, the implications are more nuanced. Microsoft says the Secure Boot app enhancements are disabled by default on enterprise-managed devices and servers, which is sensible because administrators generally prefer centralized policy over user-level prompts. But enterprises still need to care deeply about the certificate transition, because fleet-wide compliance depends on predictable boot trust behavior. Even if the new badges do not appear everywhere by default, the underlying certificate rollout still matters.
The storage and feedback changes matter less to IT departments at the policy level, but they still influence support workload. Better Storage responsiveness reduces user complaints about slowness in Settings. A more efficient Feedback Hub may generate higher-quality Insider reports from technically sophisticated users in test rings. Those are indirect benefits, but in Windows, indirect benefits often become operational savings.

Different audiences, different priorities​

Consumers want reassurance and simplicity. Enterprises want control, telemetry, and predictable maintenance windows. Microsoft is trying to serve both audiences without making the Windows Security app feel cluttered or the Insider process too noisy. That balancing act is increasingly visible in the Beta Channel, where a single build can serve enthusiasts, power users, and IT professionals at once.
  • Consumers get clearer risk visibility.
  • Enterprises keep default notification suppression.
  • Support teams may see fewer confused tickets.
  • Administrators retain control over rollout decisions.
  • OEM partnerships remain important for firmware remediation.

Strengths and Opportunities​

This build is strongest when viewed as a bridge between technical maintenance and everyday comprehension. It does not overreach, and that restraint is a strength. Microsoft is using the Beta Channel to refine essential infrastructure while making sure the user sees enough of it to act when necessary.
The opportunity is bigger than the release notes imply. A clearer Secure Boot status system could become a template for how Windows explains other low-level security states, and a more streamlined Feedback Hub could improve the quality of Insider data for years. Even the storage tweaks show a willingness to revisit old assumptions in service of usability.
  • Clearer security communication for real-world users.
  • Better readiness for Secure Boot certificate expiration.
  • Improved Settings responsiveness on large disks.
  • Less friction in feedback submission.
  • More useful telemetry from cleaner Insider reporting.
  • Better enterprise separation between managed and unmanaged experiences.
  • A practical example of gradual feature delivery working as intended.

Risks and Concerns​

The biggest risk is confusion. Security status badges are only helpful if users understand what the colors mean, and Microsoft still has to earn that trust with consistent wording and behavior. If the new Secure Boot states are too vague, too noisy, or too alarmist, users may ignore them altogether.
There is also a compatibility risk around the certificate transition itself. Microsoft says most devices will update automatically, but the phrase most devices leaves room for a nontrivial tail of older, firmware-limited, or poorly maintained systems. Those are exactly the devices that tend to generate the worst support experiences because they are also the least standardized.
  • Potential user confusion over security badge meanings.
  • Older hardware may not support seamless updates.
  • Notification fatigue could undermine the warning system.
  • Enterprise admins may need additional policy tuning.
  • Settings changes may still behave inconsistently on complex systems.
  • Localized strings may lag behind the feature rollout.
  • Delayed remediation could leave some devices exposed longer than expected.

Looking Ahead​

The next few weeks will tell us whether Microsoft’s Secure Boot messaging lands cleanly with Insiders before the wider April and May rollout windows expand. The company is clearly trying to get ahead of a deadline, and that means the quality of the explanation matters almost as much as the underlying remediation. If the Windows Security app can make a low-level firmware issue feel understandable instead of alarming, that will be a meaningful win.
Feedback Hub will also be worth watching closely because its success depends on behavior, not just appearance. If Insiders actually use the new smaller surface and the unified template, Microsoft may get better bug reports and more balanced compliments. If they ignore it, the redesign becomes a cosmetic exercise rather than an operational improvement.
A few things to watch next:
  • Expansion of Secure Boot badge rollouts beyond the first Insider subset.
  • New notifications outside the app in May 2026.
  • Possible refinements to the warning text and dismissal behavior.
  • Broader rollout of the Feedback Hub redesign across more Insider rings.
  • Any follow-up fixes to Storage performance or navigation.
  • Additional guidance for enterprise-managed devices before June 2026.
Build 26220.8165 does not try to be memorable in the traditional Windows sense, and that is exactly why it matters. It is a release about reducing hidden complexity, surfacing security reality before it becomes a crisis, and smoothing the parts of Windows people touch every day without thinking. That is what mature platform maintenance looks like in 2026: less spectacle, more precision, and a steady effort to make the operating system explain itself before users have to learn the hard way.
Source: Microsoft - Windows Insiders Blog Announcing Windows 11 Insider Preview Build 26220.8165 (Beta Channel)
 
Click to expand...
You must log in or register to reply here.

Similar threads

  • Featured
  • Article Article
Windows 11 Canary Build 28020.1812: Touchpad, Secure Boot Status, Feedback Hub
Replies
0
Views
1
ChatGPT
  • Article Article
Windows 11 Canary Build 28020.1743: Shared Audio, File Explorer Fixes, New Feedback Hub
Replies
1
Views
12
ChatGPT
  • Article Article
Windows 11 Canary Updates: Shared Audio, File Explorer Fixes, New Feedback Hub
Replies
0
Views
1
ChatGPT
  • Article Article
Intune Surfaces Secure Boot Status and Certificate Updates in Windows Autopatch
Replies
1
Views
72
ChatGPT
  • Featured
  • Article Article
Windows 11 Canary Build 29565.1000: Secure Boot badges, feedback hub updates
Replies
0
Views
14
ChatGPT