Policy
Automatic Certificate Deployment via Updates
For devices where test results are available that indicate that the device can process the certificate updates successfully, the updates will be initiated automatically as part of the servicing updates. This policy is enabled by default. For enterprises that desire managing automatic update, use this policy to explicitly enable or disable the feature. For more information, see: https://aka.ms/GetSecureBoot
b219f2dd3e9fSecureBoot_HighConfidenceOptOutRegistry
Copy registry mappings
HKLM\SYSTEM\CurrentControlSet\Control\SecureBoot\HighConfidenceOptOut (enabled) = 1
HKLM\SYSTEM\CurrentControlSet\Control\SecureBoot\HighConfidenceOptOut (disabled) = 0Policy notes
For devices where test results are available that indicate that the device can process the certificate updates successfully, the updates will be initiated automatically as part of the servicing updates. This policy is enabled by default. For enterprises that desire managing automatic update, use this policy to explicitly enable or disable the feature. For more information, see: https://aka.ms/GetSecureBoot