en-US

Certificate Deployment via Controlled Feature Rollout

Supported on: At least Windows Server 2012, Windows 8 or Windows RT

Registry

HKLM SYSTEM\CurrentControlSet\Control\SecureBoot

Value name: MicrosoftUpdateManagedOptIn

Enabled: MicrosoftUpdateManagedOptIn = 22852

Disabled: MicrosoftUpdateManagedOptIn = 0

Description

For enterprises that desire assistance in deploying the new Secure Boot certificates to their devices, this setting can be enabled. Note: The device must be sending required diagnostic data to Microsoft to use this feature. For more information, see: https://aka.ms/GetSecureBoot