diff --git a/internal/policies/certificate/certificate.go b/internal/policies/certificate/certificate.go
index 0ab985f62..27241509e 100644
--- a/internal/policies/certificate/certificate.go
+++ b/internal/policies/certificate/certificate.go
@@ -194,7 +194,11 @@ func (m *Manager) ApplyPolicy(ctx context.Context, objectName string, isComputer
 		keyparts := strings.Split(entry.Key, "/")
 		keyname := strings.Join(keyparts[:len(keyparts)-1], `\`)
 		valuename := keyparts[len(keyparts)-1]
-		polSrvRegistryEntries = append(polSrvRegistryEntries, gpoEntry{keyname, valuename, gpoData(entry.Value, valuename), gpoType(valuename)})
+		gpoData, err := gpoData(entry.Value, valuename)
+		if err != nil {
+			return fmt.Errorf(i18n.G("failed to parse policy entry value: %w"), err)
+		}
+		polSrvRegistryEntries = append(polSrvRegistryEntries, gpoEntry{keyname, valuename, gpoData, gpoType(valuename)})
 
 		log.Debugf(ctx, "Certificate policy entry: %#v", entry)
 	}
@@ -249,13 +253,12 @@ func (m *Manager) runScript(ctx context.Context, action, objectName string, extr
 }
 
 // gpoData returns the data for a GPO entry.
-func gpoData(data, value string) any {
+func gpoData(data, value string) (any, error) {
 	if slices.Contains(integerGPOValues, value) {
-		intData, _ := strconv.Atoi(data)
-		return intData
+		return strconv.Atoi(data)
 	}
 
-	return data
+	return data, nil
 }
 
 // gpoType returns the type for a GPO entry.
diff --git a/internal/policies/certificate/certificate_test.go b/internal/policies/certificate/certificate_test.go
index d22c80752..872a3efd2 100644
--- a/internal/policies/certificate/certificate_test.go
+++ b/internal/policies/certificate/certificate_test.go
@@ -65,6 +65,11 @@ func TestPolicyApply(t *testing.T) {
 		// Error cases
 		"Error on autoenroll script failure": {autoenrollScriptError: true, entries: []entry.Entry{enrollEntry}, wantErr: true},
 		"Error on invalid autoenroll value":  {entries: []entry.Entry{{Key: "autoenroll", Value: "notanumber"}}, wantErr: true},
+		"Error on invalid advanced configuration value": {
+			entries: []entry.Entry{
+				enrollEntry,
+				{Key: "Software/Policies/Microsoft/Cryptography/PolicyServers/37c9dc30f207f27f61a2f7c3aed598a6e2920b54/Flags", Value: "NotANumber"},
+			}, wantErr: true},
 	}
 
 	for name, tc := range tests {