There are two kinds of signing possible for software on Windows:
1. Installation signing (for Windows Logo program) and
2. Runtime (Code Integrity) signing.
Runtime signing – ensures that the binaries have not changed since they were built and
allows them to be loaded and run. It also ensures that you know who built and supplied the binaries. We do Runtime signing.
Installation signing - requires sending software to Microsoft to have the installer
signed for the Windows Logo program. We don't do Installation signing.
Without installation signing, there are few GPO settings which can cause this warning.
It doesn't seem to be very common to set such a strict Organization-wide GPO policy as we have not had any such calls regarding this issue.
The work around would be to remove or disable the GPOs that trigger this warning at the time of Agent installation.