Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
ConfigureHighConfidenceOptOut
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 21H2 [10.0.19044] and later |
./Device/Vendor/MSFT/Policy/Config/SecureBoot/ConfigureHighConfidenceOptOut
This policy provides permission to opt out of high confidence buckets that will automatically be applied as part of the LCU.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | (Enabled) Opt out of high confidence buckets that will automatically be applied as part of the LCU. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | SecureBoot_HighConfidenceOptOut |
| Path | SecureBoot > AT > WindowsComponents > SecureBootCategory |
ConfigureMicrosoftUpdateManagedOptIn
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 21H2 [10.0.19044] and later |
./Device/Vendor/MSFT/Policy/Config/SecureBoot/ConfigureMicrosoftUpdateManagedOptIn
This policy controls provides permission to opt-in to CFR servicing (Microsoft Managed)
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | SecureBoot_MicrosoftUpdateManagedOptIn |
| Path | SecureBoot > AT > WindowsComponents > SecureBootCategory |
EnableSecurebootCertificateUpdates
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 21H2 [10.0.19044] and later |
./Device/Vendor/MSFT/Policy/Config/SecureBoot/EnableSecurebootCertificateUpdates
This policy enables the Secure Boot certificate update process. Setting this to Enabled causes the new Secure Boot certificates to be installed and installs the 2023 signed boot manager for all devices where the policy is applied.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Disabled. |
| 22852 | (Enabled) Initiates the deployment of new secure boot certificates and related updates. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | SecureBoot_AvailableUpdatesPolicy |
| Path | SecureBoot > AT > WindowsComponents > SecureBootCategory |