I read this a while ago, but it's a really good update from Microsoft. So on faceit it's possible to cheat if you "BYOVD", which just stands for "bring your own vulnerable driver". It's very hard for the faceit anti-cheat client to detect. Cheats exploit the vulnerabilities of a legitimate driver, and nobody knows which drivers are being exploited. It's essentially a zero day vulnerability.
Microsoft will no longer trust old drivers with soon to be expired certificates, and if they get renewed then they have to be compliant and go through a program. That means that unsigned drivers will no longer load during boot, which is secure boot and it's mandatory on faceit.
And Windows will also block installing a driver with an expired or invalid certificate, you can disable this behavior by turning off DSE (driver signature enforcement). But the faceit client will reject you when DSE is disabled. I double-checked this and in one of their support pages, they mentioned the exact command to turn on DSE.
Let me know if I got something wrong.