MicrosoftI am confused, what exactly is to be done here?
First of all this update is mentioned here: https://support.microsoft.com/en-us/topic/february-13-2024-kb5034768-os-build-17763-5458-f06ecec0-23b0-4860-880b-74a2fd1b56c0
What does opt for this change exactly mean in that article? Opt-in, opt-out? Is it only adding a certificate to the UEFI DB but doesn't use it? Can we safely deploy this update and nothing in the UEFI process changes and breaks things?
Then when clicking on the link in the article we get to this: https://support.microsoft.com/en-gb/topic/kb5036210-deploying-windows-uefi-ca-2023-certificate-to-secure-boot-allowed-signature-database-db-a68a3eae-292b-4224-9490-299e303b450b
Why do we need to take action? Why is this not an automatic process and why do we need to test, didn't you guys test? If you have tested can you provide us with a list of all devices that will be giving us issues, and which are ok? You expect us to perform said action (changing registry) on all of our machines, including servers, and ask our users to reboot, twice? What if two reboots are needed and only one is performed, what might break, what are the symptoms? Will this setting be enforced in a future update? Which update and what timeframe are we talking about here exactly?
Then we come to this article and same questions applies as the previous point. Also here, you expect us to perform inventories on our total environments, on prem as well as Azure and/or Intune? Do you guys have pointers and or scripts to do inventories using SCCM, Intune, etc.?
