At my company the Administration ECL was never set correctly so the database signer ID was not trusted by default. I’m now changing this by adding the signer ID to the ECL and the entry as well.
In the Security policy this is then set to update by “refresh” when the ECL changes. These changes were made using the signer ID itself.
Outcome is that the user is prompted to trust the signer ID to update the ECL before these changes are made - that makes sense.
My questions is, if I set it to overwrite the ECL instead of Refresh, will the user still get prompted? My feeling is yes but if anyone has manged to update the ECL in some other way to avoid this issue, I’d love to here it.