Policy

Certificate Deployment via Controlled Feature Rollout

Microsoft Windows

Back to Secure BootBack to main
Certificate Deployment via Controlled Feature Rollout
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Secure Boot
Supported on
At least Windows Server 2012, Windows 8 or Windows RT

Supported OS tags: Windows10, Windows10RT, Windows11, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

For enterprises that desire assistance in deploying the new Secure Boot certificates to their devices, this setting can be enabled. Note: The device must be sending required diagnostic data to Microsoft to use this feature. For more information, see: https://aka.ms/GetSecureBoot

Internal name
SecureBoot_MicrosoftUpdateManagedOptIn
Policy ID
34b0b01ee3fc
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
SYSTEM\CurrentControlSet\Control\SecureBoot
Value name
MicrosoftUpdateManagedOptIn
REG_DWORD
HKLM
22852
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
SYSTEM\CurrentControlSet\Control\SecureBoot
Value name
MicrosoftUpdateManagedOptIn
Hive
HKLM
Enabled value
22852
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.