Forum Discussion
Secure Boot Certificate Updates via InTune Policy
We are currently having issues applying the settings required to install secure boot cert updates using the InTune policy method. A brief overview to quickly explain : We are a reasonably large comp...
Just an update on the above. Our support ticket is still open with Microsoft as we would like a permanent fix if possible.
In the interim we have implemented a SCCM CI for detection of anything other than a KMS key and then a remediation to KMS if required. This does temporarily change the Windows edition and allow the policy to apply (and hopefully any future cert updates), but does mean that the CI needs to run every day as the device still reverts to Pro OEM after a reboot.
Happy to post an example of our script but not sure if that is allowed in a community forum?