Policy

Automatic Certificate Deployment via Updates

For devices where test results are available that indicate that the device can process the certificate updates successfully, the updates will be initiated automatically as part of the servicing updates. This policy is enabled by default. For enterprises that desire managing automatic update, use this policy to explicitly enable or disable the feature. For more information, see: https://aka.ms/GetSecureBoot

Policy
Pack Microsoft Windows
Category Windows Components / Secure Boot
Policy ID b219f2dd3e9f
Internal name SecureBoot_HighConfidenceOptOut

Registry

Copy registry mappings

HKLM\SYSTEM\CurrentControlSet\Control\SecureBoot\HighConfidenceOptOut (enabled) = 1
HKLM\SYSTEM\CurrentControlSet\Control\SecureBoot\HighConfidenceOptOut (disabled) = 0

Policy notes

For devices where test results are available that indicate that the device can process the certificate updates successfully, the updates will be initiated automatically as part of the servicing updates. This policy is enabled by default. For enterprises that desire managing automatic update, use this policy to explicitly enable or disable the feature. For more information, see: https://aka.ms/GetSecureBoot

Related policies

Certificate Deployment via Controlled Feature RolloutEnable Secure Boot Certificate Deployment