Maybe a better way of handling this would have been to have two updates instead of one:
Update 1: Change SBAT policy to "warn". Then ask the user to press a key to continue if the security generation isn't matching the policy. This allows users to continue using their software and report this to the vendor and update etc.
Update 2: Change SBAT policy to "enforce".
And instead of having SBAT define a single minimal security generation it could have two levels, one for warning and one for enforcing.
no subject
Update 1: Change SBAT policy to "warn". Then ask the user to press a key to continue if the security generation isn't matching the policy. This allows users to continue using their software and report this to the vendor and update etc.
Update 2: Change SBAT policy to "enforce".
And instead of having SBAT define a single minimal security generation it could have two levels, one for warning and one for enforcing.