After today's AMA, I think I understand that as long as IT managed systems are configured with this reg key / value - 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\AvailableUpdates' to '0x5944', that should trigger the system to apply the updated Secure Boot certs as long as the firmware supports the update and the machine has the certs via CU. Can you please verify that my understanding is correct? If it's not correct, what additional requirements am I missing? Additionally, with the above configuration, what does timing look like? Should the certs be applied relatively quickly or is there still a wait period before you should expect the updated certs?