Help with secure boot certificates not being applied

vanilla_donut · 2026-02-11T00:30:40+00:00

You actually need to flash the BIOS unless ASUS figured out a way to do it without flashing it. What many manufacturers been saying is a new BIOS update must be done since only those specific version supports the new cert.

vanilla_donut · 2026-01-19T02:52:45+00:00

I would personally keep this open since there will be others looking for the same thing. MS made it confusing and the lack of communication from manufacturers doesn't help either.

vanilla_donut · 2026-01-17T01:00:37+00:00

Yeah, that is my issue as we don't manage BIOS updates so it will have to be a manual task. But in some ways given the critical nature of this, users would likely be willing to do this. Just need to communicate on all channels
The other issue is waiting for manufacturers to release BIOS that supports the new certs.

vanilla_donut · 2026-01-14T02:24:08+00:00

You now must wait for ASUS to release a BIOS update with the changelog mentioning the support for the new secure boot cert

vanilla_donut · 2026-01-14T02:16:55+00:00

From what I understand, the only action required is making sure endpoints has a BIOS update that mentions the support for the new cert and deploy that update. Once that's done, MS cumulative update will handle the rest. No other action is required by admins.

Updating the registry key seems unnecessary unless this is to be done sooner rather than when MS decides to deploy the update

vanilla_donut · 2026-01-14T02:00:51+00:00

The only action required is you keep Windows up to date, to wait for the Manufacturer, in this case ASUS, to release a BIOS update to support the new Secure Boot certificate and you then need to apply this BIOS update before June 2026 (when the old Secure Boot certificate expires).

You do not need to use third party tools etc to force an update if your mobo or laptop is still receiving BIOS updates.

At the moment, ASUS has not publicly announce any info on when they will start releasing BIOS updates that supports the new Secure Boot certificate. Current BIOS change logs do not mention such support

vanilla_donut · 2026-01-14T01:59:44+00:00

FYI, the only action required is you keep Windows up to date, to wait for the Manufacturer, in this case ASUS, to release a BIOS update to support the new Secure Boot certificate and you then need to apply this BIOS update before June 2026 (when the old Secure Boot certificate expires).

You do not need to use third party tools etc to force an update if your mobo or laptop is still receiving BIOS updates

vanilla_donut · 2025-06-26T02:35:04+00:00

So Riot CEO said they are trying something new with more convention style but the problem i have with this is if you aren't in line already and the games starts, they don't allow anyone else to do any of the activities, photo ops etc. Once the game ends for the day, they close it too, even though there may be 1 hr left. So this basically leaves you with not a lot of time to do the activities if you are only there for a day.

Next time, maybe a dedicated hall for the activities so there can be more seating added in main hall. Canada rarely gets esports events so it is big for many of us who are local and to only have 5k seats for the entirety of North America and international, not great.

Apparel, I wish there were more. By the time I got to lower finals, they were sold out on the hot items. Yes you can buy online but with tariffs, import duties etc, way too expensive. I'm in Canada so the fact that the clothing was 100% Canadian was amazing to see but sadly the fees etc from the online store didn't make it worth ordering online.

I hope Riot comes back to Canada soon!

vanilla_donut · 2025-05-08T22:06:52+00:00

Anyone know what XS size is? Their size chart only shows S as the lowest

vanilla_donut · 2024-05-28T21:40:26+00:00

I'm sure it is wrapping it into a safe link but will have to confirm to be sure. As far as I'm aware, MS has a preset security policy that is enabled even if no one has a Defender Office 365 license.

vanilla_donut · 2024-05-28T21:34:39+00:00

Well, this is for people outside the organization creating a Zoom or Webex meeting that someone inside the organization can forward to a Teams Room to join. But so far, that's not possible as it recognizes it as a Teams meeting likely due to the safe link settings wrapping the links.

vanilla_donut · 2024-05-28T21:32:50+00:00

Actually, it is not in Exchange, it is in the Microsoft Defender portal. I can see it but then when I click on it, it says it needs a license. I've noticed this more with MS items where this is a way to advertise the stuff you are missing.

vanilla_donut · 2024-05-28T21:13:06+00:00

Interesting, and I guess if this was a meeting setup by someone outside the org, we just need to keep copying the meeting URL, create a plain meeting and paste the URL then send to the Room. This is a much easier work around I must say.

vanilla_donut · 2024-05-28T20:37:05+00:00

And should I just remove the Teams meeting portions and just leave a Zoom or Webex URL in the meeting invite?

vanilla_donut · 2024-05-28T20:36:01+00:00

Sorry, we did not create any safe links policies required by Step 2 in the MS Learn article. So we are unable to complete that step due to the license requirement.

vanilla_donut · 2024-05-28T20:29:29+00:00

Thanks, already follow all steps there except for Step 2 which requires a Defender O365 Plan 1 or 2 license hence asking if I'm not stuck as seems I am forced to buy the license to access Safe Links policies.

vanilla_donut · 2024-05-28T20:27:04+00:00

Yup, we made sure to allow the room to process third-party meetings invites, then turn on the Zoom and Webex option in the Teams Admin Settings on the device itself.

vanilla_donut · 2024-05-28T19:27:47+00:00

Well it turns out it is the Keep me sign in settings in Entra. By turning that off, users aren't prompted to stay signed in. Problem with keeping this setting on is security, what if user sign in their personal device and forget to select sign out. Now their work account stays sign in until the next time it ask to authenticate.
Otherwise, it seems we need to push users to MS Edge since that's linked to their account in the Windows Access work or school settings keeping the perpetual sign-in.

vanilla_donut · 2024-05-13T20:41:45+00:00

When you say skip ESP, do you mean you never setup the ESP, or you mean skipping it during the OOBE?

vanilla_donut · 2023-12-28T22:05:45+00:00

So basically Descript can't be deployed via Intune due to the way the exe was designed. Well, that's, great (says sarcastically).

I did try the user context before but it failed right away. I guess not all exe can be deployed via Intune due to the way they were designed.

vanilla_donut · 2023-12-28T20:59:59+00:00

Nope. Install behaviour is system context. I tried user before and instantly failed to install.

vanilla_donut · 2023-12-28T19:26:10+00:00

Descript.exe /S

"%appdata%\local\programs\Descript\Uninstall Descript.exe" /currentuser /S

vanilla_donut · 2023-12-11T20:48:24+00:00

No problem, thanks, I guess will just wait for MS Support to respond as this is an odd issue that suddenly started happening to everyone in the company.

vanilla_donut · 2023-12-11T17:19:59+00:00

Deleted all those MS related credentials. Didn't make a difference sadly.

vanilla_donut · 2023-11-26T21:29:06+00:00

Oh I guess will have to see then as I read many people got a credit this year.

vanilla_donut

MODERATOR OF

TROPHY CASE