Certificate Deployment via Controlled Feature Rollout
Supported on: At least Windows Server 2012, Windows 8 or Windows RT
Registry
HKLM
SYSTEM\CurrentControlSet\Control\SecureBoot Value name: MicrosoftUpdateManagedOptIn
Enabled: MicrosoftUpdateManagedOptIn = 22852
Disabled: MicrosoftUpdateManagedOptIn = 0
Description
For enterprises that desire assistance in deploying the new Secure Boot certificates to their devices, this setting can be enabled. Note: The device must be sending required diagnostic data to Microsoft to use this feature. For more information, see: https://aka.ms/GetSecureBoot