Thanks, although we have the script for others to use/edit we don’t currently have a test environment for Exchange or RDP Gateway (nor the administrative certification etc) so those services do need help from the community to mature.
For deployment/restart I did think that we need to be able to specify very exact deployment windows (such as deploy latest certificate every Wednesday at 6pm) - so say your actual certificate renewal happened automatically earlier in the week , the actual deployment+restart would either be manual or otherwise controlled to avoid unexpected interruptions for users.