MicrosoftMy experience at a 4000 devices customer ist that the OptIn setting alone does nothing. Non of the devices installed the new cert to DB. All settings via Intune.
The Updates Enabled setting alone slowly gets most devices to install the cert. This is after days of error 65000 from Intune, then one or two days until status = updated. I also check (intune remediation) the uefi db for phrase ..ca2023.. which is always also there if status = updated.
My first try was to set OptIn AND Enabled for some machines, but nothing happened.
From that 4000 devices, only the newest ones have installed the cert automatically without any settings. Devices older mid 2025 wont do anything automatically alone.
Can someone explain that experience?
Best regards
