MicrosoftDetails are vague, what are you doing in the updates? Adding the 2023 certificate and updating the bootmgr only? Are you revoking the 2011 certificate as part of this processes? Are you enabling the SVN requirement? As linked to here: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932
I have diagnostic data fully enabled and I'm using Autopatch, so I fall into this category "Enterprise IT-managed systems that send diagnostic data" , which says you'll just do things for me. Is there a way to opt-out of MS doing this automatically? I am currently using my own remediation process and rollout plan, and have no wishes of Microsoft overriding what I'm doing though my change processes.
