Event details
We have Autopatch enabled on our devices and the April update has already been deployed. yet autopatch still reports a large qty of devices needing the cert update. Is autopatch going to push those updates or do we need to configure a setting?
- Mabel_Gomes
Microsoft
You will need an Intune policy do deploy the AvailableUpdates registry key to trigger Secure Boot Update tasks on demand. See details here: Microsoft Intune method of Secure Boot for Windows devices with IT-managed updates - Microsoft Support.
Not using Autopatch myself, but I do not think Autopatch will push Secure Boot updates to devices that are not yet marked High Confidence in any way, so if you want the rate to go up, you'd manually need to trigger the updates (or opt into CFR process via Microsoft Managed Opt In) via one of the supported methods (Intune, WinCS, Group Policy, Registry).
