diff --git a/src/NuGetGallery.Core/Auditing/AuditedUserAction.cs b/src/NuGetGallery.Core/Auditing/AuditedUserAction.cs
index d12a2edbde..3ae5429c66 100644
--- a/src/NuGetGallery.Core/Auditing/AuditedUserAction.cs
+++ b/src/NuGetGallery.Core/Auditing/AuditedUserAction.cs
@@ -21,6 +21,8 @@ public enum AuditedUserAction
         TransformOrganization,
         AddOrganizationMember,
         RemoveOrganizationMember,
-        UpdateOrganizationMember
+        UpdateOrganizationMember,
+        EnabledMultiFactorAuthentication,
+        DisabledMultiFactorAuthentication
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Services/CoreMessageService.cs b/src/NuGetGallery.Core/Services/CoreMessageService.cs
index cd0245ed6d..9d90ba4a15 100644
--- a/src/NuGetGallery.Core/Services/CoreMessageService.cs
+++ b/src/NuGetGallery.Core/Services/CoreMessageService.cs
@@ -141,7 +141,7 @@ public void SendValidationTakingTooLongNotice(Package package, string packageUrl
                 mailMessage.Body = body;
                 mailMessage.From = CoreConfiguration.GalleryNoReplyAddress;
 
-                AddAllOwnersToMailMessage(package.PackageRegistration, mailMessage);
+                AddOwnersSubscribedToPackagePushedNotification(package.PackageRegistration, mailMessage);
 
                 if (mailMessage.To.Any())
                 {
diff --git a/src/NuGetGallery/App_Data/Files/Content/Certificates-Configuration.json b/src/NuGetGallery/App_Data/Files/Content/Certificates-Configuration.json
new file mode 100644
index 0000000000..9d9067d5ca
--- /dev/null
+++ b/src/NuGetGallery/App_Data/Files/Content/Certificates-Configuration.json
@@ -0,0 +1,7 @@
+{
+  "isUIEnabledByDefault": false,
+  "alwaysEnabledForDomains": [
+  ],
+  "alwaysEnabledForEmailAddresses": [
+  ]
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Constants.cs b/src/NuGetGallery/Constants.cs
index fef12e3dfe..595605bc91 100644
--- a/src/NuGetGallery/Constants.cs
+++ b/src/NuGetGallery/Constants.cs
@@ -98,6 +98,7 @@ public static class ContentNames
             public static readonly string PrivacyPolicy = "Privacy-Policy";
             public static readonly string Team = "Team";
             public static readonly string LoginDiscontinuationConfiguration = "Login-Discontinuation-Configuration";
+            public static readonly string CertificatesConfiguration = "Certificates-Configuration";
         }
 
         public static class StatisticsDimensions
diff --git a/src/NuGetGallery/Controllers/AccountsController.cs b/src/NuGetGallery/Controllers/AccountsController.cs
index 5a97e3fc53..956c73b06c 100644
--- a/src/NuGetGallery/Controllers/AccountsController.cs
+++ b/src/NuGetGallery/Controllers/AccountsController.cs
@@ -43,6 +43,8 @@ public class ViewMessages
 
         public ICertificateService CertificateService { get; }
 
+        public IContentObjectService ContentObjectService { get; }
+
         public AccountsController(
             AuthenticationService authenticationService,
             ICuratedFeedService curatedFeedService,
@@ -51,7 +53,8 @@ public AccountsController(
             IUserService userService,
             ITelemetryService telemetryService,
             ISecurityPolicyService securityPolicyService,
-            ICertificateService certificateService)
+            ICertificateService certificateService,
+            IContentObjectService contentObjectService)
         {
             AuthenticationService = authenticationService ?? throw new ArgumentNullException(nameof(authenticationService));
             CuratedFeedService = curatedFeedService ?? throw new ArgumentNullException(nameof(curatedFeedService));
@@ -61,6 +64,7 @@ public AccountsController(
             TelemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
             SecurityPolicyService = securityPolicyService ?? throw new ArgumentNullException(nameof(securityPolicyService));
             CertificateService = certificateService ?? throw new ArgumentNullException(nameof(certificateService));
+            ContentObjectService = contentObjectService ?? throw new ArgumentNullException(nameof(contentObjectService));
         }
 
         public abstract string AccountAction { get; }
@@ -332,9 +336,12 @@ protected virtual void UpdateAccountViewModel(TUser account, TAccountViewModel m
             model.Account = account;
             model.AccountName = account.Username;
 
+            var currentUser = GetCurrentUser();
+
             model.CanManage = ActionsRequiringPermissions.ManageAccount.CheckPermissions(
-                GetCurrentUser(), account) == PermissionsCheckResult.Allowed;
+                currentUser, account) == PermissionsCheckResult.Allowed;
 
+            model.IsCertificatesUIEnabled = ContentObjectService.CertificatesConfiguration?.IsUIEnabledForUser(currentUser) ?? false;
             model.WasMultiFactorAuthenticated = User.WasMultiFactorAuthenticated();
 
             model.CuratedFeeds = CuratedFeedService
diff --git a/src/NuGetGallery/Controllers/OrganizationsController.cs b/src/NuGetGallery/Controllers/OrganizationsController.cs
index b73e464859..d007a4ea2b 100644
--- a/src/NuGetGallery/Controllers/OrganizationsController.cs
+++ b/src/NuGetGallery/Controllers/OrganizationsController.cs
@@ -28,7 +28,8 @@ public OrganizationsController(
             ISecurityPolicyService securityPolicyService,
             ICertificateService certificateService,
             IPackageService packageService,
-            IDeleteAccountService deleteAccountService)
+            IDeleteAccountService deleteAccountService,
+            IContentObjectService contentObjectService)
             : base(
                   authService,
                   curatedFeedService,
@@ -37,7 +38,8 @@ public OrganizationsController(
                   userService,
                   telemetryService,
                   securityPolicyService,
-                  certificateService)
+                  certificateService,
+                  contentObjectService)
         {
             DeleteAccountService = deleteAccountService;
         }
diff --git a/src/NuGetGallery/Controllers/PackagesController.cs b/src/NuGetGallery/Controllers/PackagesController.cs
index f78ae0b22c..68f982e3a1 100644
--- a/src/NuGetGallery/Controllers/PackagesController.cs
+++ b/src/NuGetGallery/Controllers/PackagesController.cs
@@ -84,6 +84,7 @@ public partial class PackagesController
         private readonly IReadMeService _readMeService;
         private readonly IValidationService _validationService;
         private readonly IPackageOwnershipManagementService _packageOwnershipManagementService;
+        private readonly IContentObjectService _contentObjectService;
 
         public PackagesController(
             IPackageService packageService,
@@ -106,7 +107,8 @@ public PackagesController(
             IPackageUploadService packageUploadService,
             IReadMeService readMeService,
             IValidationService validationService,
-            IPackageOwnershipManagementService packageOwnershipManagementService)
+            IPackageOwnershipManagementService packageOwnershipManagementService,
+            IContentObjectService contentObjectService)
         {
             _packageService = packageService;
             _uploadFileService = uploadFileService;
@@ -129,6 +131,7 @@ public PackagesController(
             _readMeService = readMeService;
             _validationService = validationService;
             _packageOwnershipManagementService = packageOwnershipManagementService;
+            _contentObjectService = contentObjectService;
         }
 
         [HttpGet]
@@ -463,6 +466,7 @@ public virtual async Task<ActionResult> DisplayPackage(string id, string version
 
             model.ValidatingTooLong = _validationService.IsValidatingTooLong(package);
             model.ValidationIssues = _validationService.GetLatestValidationIssues(package);
+            model.IsCertificatesUIEnabled = _contentObjectService.CertificatesConfiguration?.IsUIEnabledForUser(currentUser) ?? false;
 
             model.ReadMeHtml = await _readMeService.GetReadMeHtmlAsync(package);
 
diff --git a/src/NuGetGallery/Controllers/UsersController.cs b/src/NuGetGallery/Controllers/UsersController.cs
index 3d3d055184..747e40e2c9 100644
--- a/src/NuGetGallery/Controllers/UsersController.cs
+++ b/src/NuGetGallery/Controllers/UsersController.cs
@@ -41,7 +41,8 @@ public UsersController(
             ISupportRequestService supportRequestService,
             ITelemetryService telemetryService,
             ISecurityPolicyService securityPolicyService,
-            ICertificateService certificateService)
+            ICertificateService certificateService,
+            IContentObjectService contentObjectService)
             : base(
                   authService,
                   feedsQuery,
@@ -50,7 +51,8 @@ public UsersController(
                   userService,
                   telemetryService,
                   securityPolicyService,
-                  certificateService)
+                  certificateService,
+                  contentObjectService)
         {
             _packageOwnerRequestService = packageOwnerRequestService ?? throw new ArgumentNullException(nameof(packageOwnerRequestService));
             _config = config ?? throw new ArgumentNullException(nameof(config));
@@ -479,7 +481,8 @@ public virtual ActionResult Packages()
                 UnlistedPackages = unlistedPackages,
                 OwnerRequests = ownerRequests,
                 ReservedNamespaces = reservedPrefixes,
-                WasMultiFactorAuthenticated = User.WasMultiFactorAuthenticated()
+                WasMultiFactorAuthenticated = User.WasMultiFactorAuthenticated(),
+                IsCertificatesUIEnabled = ContentObjectService.CertificatesConfiguration?.IsUIEnabledForUser(currentUser) ?? false
             };
             return View(model);
         }
diff --git a/src/NuGetGallery/NuGetGallery.csproj b/src/NuGetGallery/NuGetGallery.csproj
index 76030fa30e..88f182d985 100644
--- a/src/NuGetGallery/NuGetGallery.csproj
+++ b/src/NuGetGallery/NuGetGallery.csproj
@@ -862,12 +862,14 @@
     <Compile Include="Services\ActionRequiringReservedNamespacePermissions.cs" />
     <Compile Include="Services\ActionsRequiringPermissions.cs" />
     <Compile Include="Services\AsynchronousPackageValidationInitiator.cs" />
+    <Compile Include="Services\CertificatesConfiguration.cs" />
     <Compile Include="Services\CertificateService.cs" />
     <Compile Include="Services\CertificateValidator.cs" />
     <Compile Include="Services\CloudBlobFileStorageService.cs" />
     <Compile Include="Services\DeleteAccountService.cs" />
     <Compile Include="Services\IActionRequiringEntityPermissions.cs" />
     <Compile Include="Services\ICertificateService.cs" />
+    <Compile Include="Services\ICertificatesConfiguration.cs" />
     <Compile Include="Services\ICertificateValidator.cs" />
     <Compile Include="Services\IDeleteAccountService.cs" />
     <Compile Include="Services\IFileStorageService.cs" />
@@ -2018,6 +2020,7 @@
     <Content Include="Areas\Admin\Views\LockPackage\Index.cshtml" />
     <Content Include="App_Data\Files\Content\Login-Discontinuation-Configuration.json" />
     <Content Include="Areas\Admin\Views\DeleteAccount\_DeleteUserAccountForm.cshtml" />
+    <Content Include="App_Data\Files\Content\Certificates-Configuration.json" />
     <None Include="Scripts\jquery-1.11.0.intellisense.js" />
     <Content Include="Scripts\jquery-1.11.0.js" />
     <Content Include="Scripts\jquery-1.11.0.min.js" />
diff --git a/src/NuGetGallery/Services/CertificatesConfiguration.cs b/src/NuGetGallery/Services/CertificatesConfiguration.cs
new file mode 100644
index 0000000000..647f108218
--- /dev/null
+++ b/src/NuGetGallery/Services/CertificatesConfiguration.cs
@@ -0,0 +1,59 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Newtonsoft.Json;
+
+namespace NuGetGallery.Services
+{
+    public sealed class CertificatesConfiguration : ICertificatesConfiguration
+    {
+        public bool IsUIEnabledByDefault { get; }
+        public HashSet<string> AlwaysEnabledForEmailAddresses { get; }
+        public HashSet<string> AlwaysEnabledForDomains { get; }
+
+        public CertificatesConfiguration()
+            : this(isUIEnabledByDefault: false,
+                alwaysEnabledForDomains: Enumerable.Empty<string>(),
+                alwaysEnabledForEmailAddresses: Enumerable.Empty<string>())
+        {
+        }
+
+        [JsonConstructor]
+        public CertificatesConfiguration(
+            bool isUIEnabledByDefault,
+            IEnumerable<string> alwaysEnabledForDomains,
+            IEnumerable<string> alwaysEnabledForEmailAddresses)
+        {
+            if (alwaysEnabledForDomains == null)
+            {
+                throw new ArgumentNullException(nameof(alwaysEnabledForDomains));
+            }
+
+            if (alwaysEnabledForEmailAddresses == null)
+            {
+                throw new ArgumentNullException(nameof(alwaysEnabledForEmailAddresses));
+            }
+
+            IsUIEnabledByDefault = isUIEnabledByDefault;
+            AlwaysEnabledForDomains = new HashSet<string>(alwaysEnabledForDomains, StringComparer.OrdinalIgnoreCase);
+            AlwaysEnabledForEmailAddresses = new HashSet<string>(alwaysEnabledForEmailAddresses, StringComparer.OrdinalIgnoreCase);
+        }
+
+        public bool IsUIEnabledForUser(User user)
+        {
+            if (user == null)
+            {
+                return false;
+            }
+
+            var email = user.ToMailAddress();
+
+            return IsUIEnabledByDefault ||
+                AlwaysEnabledForDomains.Contains(email.Host) ||
+                AlwaysEnabledForEmailAddresses.Contains(email.Address);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/ContentObjectService.cs b/src/NuGetGallery/Services/ContentObjectService.cs
index 5e60bf29d6..8c8e581d10 100644
--- a/src/NuGetGallery/Services/ContentObjectService.cs
+++ b/src/NuGetGallery/Services/ContentObjectService.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Linq;
 using System.Threading.Tasks;
 using Newtonsoft.Json;
+using NuGetGallery.Services;
 
 namespace NuGetGallery
 {
@@ -19,15 +19,21 @@ public ContentObjectService(IContentService contentService)
             _contentService = contentService;
 
             LoginDiscontinuationConfiguration = new LoginDiscontinuationConfiguration();
+            CertificatesConfiguration = new CertificatesConfiguration();
         }
 
         public ILoginDiscontinuationConfiguration LoginDiscontinuationConfiguration { get; set; }
+        public ICertificatesConfiguration CertificatesConfiguration { get; set; }
 
         public async Task Refresh()
         {
             LoginDiscontinuationConfiguration = 
                 await Refresh<LoginDiscontinuationConfiguration>(Constants.ContentNames.LoginDiscontinuationConfiguration) ??
                 new LoginDiscontinuationConfiguration();
+
+            CertificatesConfiguration =
+                await Refresh<CertificatesConfiguration>(Constants.ContentNames.CertificatesConfiguration) ??
+                new CertificatesConfiguration();
         }
 
         private async Task<T> Refresh<T>(string contentName) 
diff --git a/src/NuGetGallery/Services/ICertificatesConfiguration.cs b/src/NuGetGallery/Services/ICertificatesConfiguration.cs
new file mode 100644
index 0000000000..d9667fce21
--- /dev/null
+++ b/src/NuGetGallery/Services/ICertificatesConfiguration.cs
@@ -0,0 +1,10 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery.Services
+{
+    public interface ICertificatesConfiguration
+    {
+        bool IsUIEnabledForUser(User user);
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/IContentObjectService.cs b/src/NuGetGallery/Services/IContentObjectService.cs
index 9f907eee96..1a0eb8e2fe 100644
--- a/src/NuGetGallery/Services/IContentObjectService.cs
+++ b/src/NuGetGallery/Services/IContentObjectService.cs
@@ -2,13 +2,15 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
+using NuGetGallery.Services;
 
 namespace NuGetGallery
 {
     public interface IContentObjectService
     {
         ILoginDiscontinuationConfiguration LoginDiscontinuationConfiguration { get; }
+        ICertificatesConfiguration CertificatesConfiguration { get; }
 
         Task Refresh();
     }
-}
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/IMessageService.cs b/src/NuGetGallery/Services/IMessageService.cs
index 159dbc0114..b971bb9c4f 100644
--- a/src/NuGetGallery/Services/IMessageService.cs
+++ b/src/NuGetGallery/Services/IMessageService.cs
@@ -26,7 +26,6 @@ public interface IMessageService
         void SendCredentialAddedNotice(User user, CredentialViewModel addedCredentialViewModel);
         void SendContactSupportEmail(ContactSupportRequest request);
         void SendPackageAddedNotice(Package package, string packageUrl, string packageSupportUrl, string emailSettingsUrl);
-        void SendPackageUploadedNotice(Package package, string packageUrl, string packageSupportUrl, string emailSettingsUrl);
         void SendAccountDeleteNotice(User user);
         void SendPackageDeletedNotice(Package package, string packageUrl, string packageSupportUrl);
         void SendSigninAssistanceEmail(MailAddress emailAddress, IEnumerable<Credential> credentials);
diff --git a/src/NuGetGallery/Services/LoginDiscontinuationConfiguration.cs b/src/NuGetGallery/Services/LoginDiscontinuationConfiguration.cs
index 9c465441b0..231183e8ed 100644
--- a/src/NuGetGallery/Services/LoginDiscontinuationConfiguration.cs
+++ b/src/NuGetGallery/Services/LoginDiscontinuationConfiguration.cs
@@ -12,11 +12,11 @@ namespace NuGetGallery
 {
     public class LoginDiscontinuationConfiguration : ILoginDiscontinuationConfiguration
     {
-        internal HashSet<string> DiscontinuedForEmailAddresses { get; }
-        internal HashSet<string> DiscontinuedForDomains { get; }
-        internal HashSet<string> ExceptionsForEmailAddresses { get; }
-        internal HashSet<string> ForceTransformationToOrganizationForEmailAddresses { get; }
-        internal HashSet<OrganizationTenantPair> EnabledOrganizationAadTenants { get; }
+        public HashSet<string> DiscontinuedForEmailAddresses { get; }
+        public HashSet<string> DiscontinuedForDomains { get; }
+        public HashSet<string> ExceptionsForEmailAddresses { get; }
+        public HashSet<string> ForceTransformationToOrganizationForEmailAddresses { get; }
+        public HashSet<OrganizationTenantPair> EnabledOrganizationAadTenants { get; }
 
         public LoginDiscontinuationConfiguration()
             : this(Enumerable.Empty<string>(), 
diff --git a/src/NuGetGallery/Services/MessageService.cs b/src/NuGetGallery/Services/MessageService.cs
index 75619bafdd..f3d773f5f8 100644
--- a/src/NuGetGallery/Services/MessageService.cs
+++ b/src/NuGetGallery/Services/MessageService.cs
@@ -636,34 +636,6 @@ private void SendSupportMessage(User user, string body, string subject)
             }
         }
 
-        public void SendPackageUploadedNotice(Package package, string packageUrl, string packageSupportUrl, string emailSettingsUrl)
-        {
-            string subject = $"[{Config.GalleryOwner.DisplayName}] Package uploaded - {package.PackageRegistration.Id} {package.Version}";
-            string body = $@"The package [{package.PackageRegistration.Id} {package.Version}]({packageUrl}) was recently uploaded to {Config.GalleryOwner.DisplayName} by {package.User.Username}. If this was not intended, please [contact support]({packageSupportUrl}).
-
-Note: This package has not been published yet. It will appear in search results and will be available for install/restore after both validation and indexing are complete. Package validation and indexing may take up to an hour.
-
------------------------------------------------
-<em style=""font-size: 0.8em;"">
-    To stop receiving emails as an owner of this package, sign in to the {Config.GalleryOwner.DisplayName} and
-    [change your email notification settings]({emailSettingsUrl}).
-</em>";
-
-            using (var mailMessage = new MailMessage())
-            {
-                mailMessage.Subject = subject;
-                mailMessage.Body = body;
-                mailMessage.From = Config.GalleryNoReplyAddress;
-
-                AddOwnersSubscribedToPackagePushedNotification(package.PackageRegistration, mailMessage);
-
-                if (mailMessage.To.Any())
-                {
-                    SendMessage(mailMessage);
-                }
-            }
-        }
-
         public void SendAccountDeleteNotice(User user)
         {
             string body = @"We received a request to delete your account {0}. If you did not initiate this request, please contact the {1} team immediately.
diff --git a/src/NuGetGallery/Services/UserService.cs b/src/NuGetGallery/Services/UserService.cs
index 9c159ae184..5e8f9d02d7 100644
--- a/src/NuGetGallery/Services/UserService.cs
+++ b/src/NuGetGallery/Services/UserService.cs
@@ -400,6 +400,8 @@ public async Task CancelChangeEmailAddress(User user)
 
         public virtual async Task ChangeMultiFactorAuthentication(User user, bool enableMultiFactor)
         {
+            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, enableMultiFactor ? AuditedUserAction.EnabledMultiFactorAuthentication : AuditedUserAction.DisabledMultiFactorAuthentication));
+
             user.EnableMultiFactorAuthentication = enableMultiFactor;
             await UserRepository.CommitChangesAsync();
 
diff --git a/src/NuGetGallery/ViewModels/AccountViewModel.cs b/src/NuGetGallery/ViewModels/AccountViewModel.cs
index ab46258116..525cb98758 100644
--- a/src/NuGetGallery/ViewModels/AccountViewModel.cs
+++ b/src/NuGetGallery/ViewModels/AccountViewModel.cs
@@ -9,6 +9,8 @@ public abstract class AccountViewModel<T> : AccountViewModel where T : User
     {
         public T Account { get; set; }
 
+        public bool IsCertificatesUIEnabled { get; set; }
+
         public override User User => Account;
     }
 
diff --git a/src/NuGetGallery/ViewModels/DisplayPackageViewModel.cs b/src/NuGetGallery/ViewModels/DisplayPackageViewModel.cs
index bdecf48869..3206b707ff 100644
--- a/src/NuGetGallery/ViewModels/DisplayPackageViewModel.cs
+++ b/src/NuGetGallery/ViewModels/DisplayPackageViewModel.cs
@@ -40,10 +40,10 @@ public DisplayPackageViewModel(Package package, User currentUser, string pushedB
             : base(package, currentUser)
         {
             Copyright = package.Copyright;
-            
+
             DownloadCount = package.DownloadCount;
             LastEdited = package.LastEdited;
-            
+
             TotalDaysSinceCreated = 0;
             DownloadsPerDay = 0;
 
@@ -81,6 +81,8 @@ public bool HasNewerPrerelease
 
         public string PushedBy { get; private set; }
 
+        public bool IsCertificatesUIEnabled { get; set; }
+
         private IDictionary<User, string> _pushedByCache = new Dictionary<User, string>();
 
         private string GetPushedBy(Package package, User currentUser)
diff --git a/src/NuGetGallery/ViewModels/ListPackageItemRequiredSignerViewModel.cs b/src/NuGetGallery/ViewModels/ListPackageItemRequiredSignerViewModel.cs
index 80a8bac8ec..427d4de609 100644
--- a/src/NuGetGallery/ViewModels/ListPackageItemRequiredSignerViewModel.cs
+++ b/src/NuGetGallery/ViewModels/ListPackageItemRequiredSignerViewModel.cs
@@ -12,7 +12,8 @@ namespace NuGetGallery
     public sealed class ListPackageItemRequiredSignerViewModel : ListPackageItemViewModel
     {
         // username must be an empty string because <select /> option values are based on username
-        // and this "user" must be distinguishable from an account named "Any" and any other user;  null won't work.
+        // and this "user" must be distinguishable from an account named "Any" and any other user;
+        // null would be ideal, but null won't work as a <select /> option value.
         private static readonly SignerViewModel AnySigner = 
             new SignerViewModel(username: "", displayText: "Any");
 
@@ -133,7 +134,14 @@ public ListPackageItemRequiredSignerViewModel(
                     var ownersWithRequiredSignerControl = owners.Where(
                         owner => securityPolicyService.IsSubscribed(owner, ControlRequiredSignerPolicy.PolicyName));
 
-                    RequiredSignerMessage = GetRequiredSignerMessage(ownersWithRequiredSignerControl);
+                    if (owners.Count() == 1)
+                    {
+                        ShowTextBox = true;
+                    }
+                    else
+                    {
+                        RequiredSignerMessage = GetRequiredSignerMessage(ownersWithRequiredSignerControl);
+                    }
                 }
 
                 CanEditRequiredSigner &= wasMultiFactorAuthenticated;
diff --git a/src/NuGetGallery/ViewModels/ManagePackagesViewModel.cs b/src/NuGetGallery/ViewModels/ManagePackagesViewModel.cs
index f4995ea4e2..3fe588a01f 100644
--- a/src/NuGetGallery/ViewModels/ManagePackagesViewModel.cs
+++ b/src/NuGetGallery/ViewModels/ManagePackagesViewModel.cs
@@ -20,5 +20,7 @@ public class ManagePackagesViewModel
         public ReservedNamespaceListViewModel ReservedNamespaces { get; set; }
 
         public bool WasMultiFactorAuthenticated { get; set; }
+
+        public bool IsCertificatesUIEnabled { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Organizations/ManageOrganization.cshtml b/src/NuGetGallery/Views/Organizations/ManageOrganization.cshtml
index 2da1705216..a089c91b38 100644
--- a/src/NuGetGallery/Views/Organizations/ManageOrganization.cshtml
+++ b/src/NuGetGallery/Views/Organizations/ManageOrganization.cshtml
@@ -73,7 +73,10 @@
 
             @Html.Partial("_AccountCuratedFeeds", Model)
 
-            @Html.Partial("_AccountCertificates", Model)
+            @if (Model.IsCertificatesUIEnabled)
+            {
+                @Html.Partial("_AccountCertificates", Model)
+            }
 
             @if (Model.CanManage)
             {
@@ -120,12 +123,14 @@
         }));
     </script>
     @ViewHelpers.SectionsScript(this);
-    @Scripts.Render("~/Scripts/gallery/certificates.js")
     @Scripts.Render("~/Scripts/gallery/page-manage-organization.min.js")
-
-    <script type="text/javascript">
-        CertificatesManagement.init('@Url.AddOrganizationCertificate(account.Username)', '@Url.GetOrganizationCertificates(account.Username)');
-    </script>
+    @if (Model.IsCertificatesUIEnabled)
+    {
+        @Scripts.Render("~/Scripts/gallery/certificates.js")
+        <script type="text/javascript">
+            CertificatesManagement.init('@Url.AddOrganizationCertificate(account.Username)', '@Url.GetOrganizationCertificates(account.Username)');
+        </script>
+    }
 
     <script type="text/html" id="validation-errors">
         <div data-bind="foreach:$data" class="validation-error-message-list">
diff --git a/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml b/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml
index 472c7255f1..2ff9c6e791 100644
--- a/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml
+++ b/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml
@@ -440,7 +440,7 @@
                                 @VersionListDivider(rowCount, versionsExpanded)
                                 <tr>
                                     <td class="signature-info-cell">
-                                        @if (packageVersion.CanDisplayPrivateMetadata && !string.IsNullOrEmpty(packageVersion.SignatureInformation))
+                                        @if (Model.IsCertificatesUIEnabled && !string.IsNullOrEmpty(packageVersion.SignatureInformation))
                                         {
                                             <i class="ms-Icon ms-Icon--Ribbon signature-info" title="@packageVersion.SignatureInformation"></i>
                                         }
diff --git a/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml b/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml
index 4433708f9e..bf0b67f2e2 100644
--- a/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml
+++ b/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml
@@ -6,6 +6,12 @@
     ViewBag.NotifyPackagePushedEnabled = "Receiving package push notifications";
     ViewBag.NotifyPackagePushedNotEnabled = "Not receiving package push notifications";
 
+    ViewBag.NotifyPackagePushedLabel = "Notify when a package is published to " + Config.Current.Brand;
+    ViewBag.NotifyPackagePushedDescription = "This setting enables notifications whenever a package is published "
+        + "to your account. We recommend enabling this setting so that you can inspect whether a package was "
+        + "published intentionally and so that you can be notified if there are unexpected delays in publishing "
+        + "your package.";
+
     if (Model.IsOrganization)
     {
         ViewBag.EmailAllowedEnabled = "Users can contact";
@@ -16,12 +22,6 @@
             + "organization about packages that it owns using the <em>Contact Owners</em> form, or to request "
             + "that your organization become an owner of their package. Disabling this setting means users cannot "
             + "contact your organization for these reasons.";
-        ViewBag.NotifyPackagePushedLabel = "Notify the organization when a package is pushed to "
-            + @Config.Current.Brand
-            + " using its account";
-        ViewBag.NotifyPackagePushedDescription = "This setting enables notifications whenever a package is pushed using "
-            + "the organization account. We recommend to enable this setting so that you can inspect whether a package was pushed "
-            + "intentionally or not. Disabling this setting means no notification will be sent on push.";
         ViewBag.PrivacyNotice = "We will always send important account management and security notices. Also, we never "
             + "reveal the organization email address to other users.";
     }
@@ -34,12 +34,6 @@
         ViewBag.EmailAllowedDescription = "This setting allows other registered users of the site to contact you about "
             + "packages that you own using the <em>Contact Owners</em> form, or to request that you become "
             + "an owner of their package. Disabling this setting means users cannot contact you for these reasons.";
-        ViewBag.NotifyPackagePushedLabel = "Notify me when a package is pushed to "
-            + @Config.Current.Brand
-            + " using my account";
-        ViewBag.NotifyPackagePushedDescription = "This setting enables notifications whenever a package is pushed using "
-            + "your account. We recommend to enable this setting so that you can inspect whether a package was pushed "
-            + "intentionally or not. Disabling this setting means no notification will be sent on push.";
         ViewBag.PrivacyNotice = "We will always send important account management and security notices. Also, we never "
             + "reveal your email address to other users.";
     }
diff --git a/src/NuGetGallery/Views/Users/Account.cshtml b/src/NuGetGallery/Views/Users/Account.cshtml
index 007be287b5..81fa3ab026 100644
--- a/src/NuGetGallery/Views/Users/Account.cshtml
+++ b/src/NuGetGallery/Views/Users/Account.cshtml
@@ -36,18 +36,23 @@
 
             @Html.Partial("_AccountCuratedFeeds", Model)
 
-            @Html.Partial("_AccountCertificates", Model)
+            @if (Model.IsCertificatesUIEnabled)
+            {
+                @Html.Partial("_AccountCertificates", Model)
+            }
         </div>
     </div>
 </section>
 
 @section bottomScripts {
     @ViewHelpers.SectionsScript(this)
-    @Scripts.Render("~/Scripts/gallery/certificates.js")
-    @Scripts.Render("~/Scripts/gallery/page-account.min.js")
-    <script type="text/javascript">
-        CertificatesManagement.init('@Url.AddUserCertificate()', '@Url.GetUserCertificates()');
-    </script>
+    @if (Model.IsCertificatesUIEnabled)
+    {
+        @Scripts.Render("~/Scripts/gallery/certificates.js")
+        <script type="text/javascript">
+            CertificatesManagement.init('@Url.AddUserCertificate()', '@Url.GetUserCertificates()');
+        </script>
+    }
 
     <script type="text/html" id="validation-errors">
         <div data-bind="foreach:$data" class="validation-error-message-list">
diff --git a/src/NuGetGallery/Views/Users/Packages.cshtml b/src/NuGetGallery/Views/Users/Packages.cshtml
index 08087978a1..88be4ff72a 100644
--- a/src/NuGetGallery/Views/Users/Packages.cshtml
+++ b/src/NuGetGallery/Views/Users/Packages.cshtml
@@ -90,7 +90,7 @@
 </section>
 
 <script type="text/html" id="manage-packages">
-    @if (!Model.WasMultiFactorAuthenticated)
+    @if (Model.IsCertificatesUIEnabled && !Model.WasMultiFactorAuthenticated)
     {
     <div data-bind="visible: Packages.length > 0">
         @if (Model.User.EnableMultiFactorAuthentication)
@@ -112,7 +112,10 @@
                         <th class="hidden-xs"><span class="hidden">Package Icon</span></th>
                         <th>Package ID</th>
                         <th>Owners</th>
+                    @if (Model.IsCertificatesUIEnabled)
+                    {
                         <th>Signing Owner</th>
+                    }
                         <th>Downloads</th>
                         <th>Latest Version</th>
                         <th><span class="hidden">Icon</span></th>
@@ -140,6 +143,8 @@
                                 <!-- /ko -->
                             </span>
                         </td>
+                    @if (Model.IsCertificatesUIEnabled)
+                    {
                         <td class="align-middle">
                             <!-- ko if: $data.ShowTextBox -->
                             <span data-bind="text: RequiredSigner" />
@@ -157,6 +162,7 @@
                                     attr: { title: RequiredSignerMessage }"></select>
                             <!-- /ko -->
                         </td>
+                    }
                         <td class="align-middle text-nowrap">
                             <span data-bind="text: FormattedDownloadCount"></span>
                         </td>
diff --git a/tests/NuGetGallery.Core.Facts/Auditing/AuditedUserActionTests.cs b/tests/NuGetGallery.Core.Facts/Auditing/AuditedUserActionTests.cs
index 859c084e64..649a998576 100644
--- a/tests/NuGetGallery.Core.Facts/Auditing/AuditedUserActionTests.cs
+++ b/tests/NuGetGallery.Core.Facts/Auditing/AuditedUserActionTests.cs
@@ -28,7 +28,9 @@ public void Definition_HasNotChanged()
                 "TransformOrganization",
                 "AddOrganizationMember",
                 "RemoveOrganizationMember",
-                "UpdateOrganizationMember"
+                "UpdateOrganizationMember",
+                "EnabledMultiFactorAuthentication",
+                "DisabledMultiFactorAuthentication"
             };
 
             Verify(typeof(AuditedUserAction), expectedNames);
diff --git a/tests/NuGetGallery.Facts/Controllers/PackagesControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/PackagesControllerFacts.cs
index b2eca3de85..9fe144428b 100644
--- a/tests/NuGetGallery.Facts/Controllers/PackagesControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/PackagesControllerFacts.cs
@@ -60,7 +60,8 @@ private static PackagesController CreateController(
             Mock<IPackageUploadService> packageUploadService = null,
             Mock<IValidationService> validationService = null,
             Mock<IPackageOwnershipManagementService> packageOwnershipManagementService = null,
-            IReadMeService readMeService = null)
+            IReadMeService readMeService = null,
+            Mock<IContentObjectService> contentObjectService = null)
         {
             packageService = packageService ?? new Mock<IPackageService>();
             if (uploadFileService == null)
@@ -113,6 +114,8 @@ private static PackagesController CreateController(
 
             readMeService = readMeService ?? new ReadMeService(packageFileService.Object, entitiesContext.Object);
 
+            contentObjectService = contentObjectService ?? new Mock<IContentObjectService>();
+
             var controller = new Mock<PackagesController>(
                 packageService.Object,
                 uploadFileService.Object,
@@ -134,7 +137,8 @@ private static PackagesController CreateController(
                 packageUploadService.Object,
                 readMeService,
                 validationService.Object,
-                packageOwnershipManagementService.Object);
+                packageOwnershipManagementService.Object,
+                contentObjectService.Object);
 
             controller.CallBase = true;
             controller.Object.SetOwinContextOverride(Fakes.CreateOwinContext());
diff --git a/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj b/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj
index 9d5659685f..0e48b0c3a7 100644
--- a/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj
+++ b/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj
@@ -447,6 +447,7 @@
     <Compile Include="Security\RequireMinProtocolVersionForPushPolicyFacts.cs" />
     <Compile Include="Security\RequireOrganizationTenantPolicyFacts.cs" />
     <Compile Include="Services\ActionRequiringEntityPermissionsFacts.cs" />
+    <Compile Include="Services\CertificatesConfigurationFacts.cs" />
     <Compile Include="Services\CloudDownloadCountServiceFacts.cs" />
     <Compile Include="Services\CertificateServiceFacts.cs" />
     <Compile Include="Services\CertificateValidatorFacts.cs" />
diff --git a/tests/NuGetGallery.Facts/Services/CertificatesConfigurationFacts.cs b/tests/NuGetGallery.Facts/Services/CertificatesConfigurationFacts.cs
new file mode 100644
index 0000000000..c09de5e39a
--- /dev/null
+++ b/tests/NuGetGallery.Facts/Services/CertificatesConfigurationFacts.cs
@@ -0,0 +1,141 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using Xunit;
+
+namespace NuGetGallery.Services
+{
+    public class CertificatesConfigurationFacts
+    {
+        private readonly User _user;
+
+        public CertificatesConfigurationFacts()
+        {
+            _user = new User()
+            {
+                Key = 1,
+                Username = "a",
+                EmailAddress = "a@nuget.test"
+            };
+        }
+
+        [Fact]
+        public void Constructor_WhenAlwaysEnabledForDomainsIsNull_Throws()
+        {
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new CertificatesConfiguration(
+                    isUIEnabledByDefault: true,
+                    alwaysEnabledForDomains: null,
+                    alwaysEnabledForEmailAddresses: Enumerable.Empty<string>()));
+
+            Assert.Equal("alwaysEnabledForDomains", exception.ParamName);
+        }
+
+        [Fact]
+        public void Constructor_WhenAlwaysEnabledForEmailAddressesIsNull_Throws()
+        {
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new CertificatesConfiguration(
+                    isUIEnabledByDefault: true,
+                    alwaysEnabledForDomains: Enumerable.Empty<string>(),
+                    alwaysEnabledForEmailAddresses: null));
+
+            Assert.Equal("alwaysEnabledForEmailAddresses", exception.ParamName);
+        }
+
+        [Fact]
+        public void Constructor_Default_InitializesProperties()
+        {
+            var configuration = new CertificatesConfiguration();
+
+            Assert.False(configuration.IsUIEnabledByDefault);
+            Assert.Empty(configuration.AlwaysEnabledForDomains);
+            Assert.Empty(configuration.AlwaysEnabledForEmailAddresses);
+        }
+
+        [Fact]
+        public void Constructor_NonDefault_InitializesProperties()
+        {
+            var domains = new[] { "a" };
+            var emailAddresses = new[] { "b" };
+
+            var configuration = new CertificatesConfiguration(
+                isUIEnabledByDefault: true,
+                alwaysEnabledForDomains: domains,
+                alwaysEnabledForEmailAddresses: emailAddresses);
+
+            Assert.True(configuration.IsUIEnabledByDefault);
+            Assert.Equal(domains, configuration.AlwaysEnabledForDomains);
+            Assert.Equal(emailAddresses, configuration.AlwaysEnabledForEmailAddresses);
+        }
+
+        [Fact]
+        public void IsUIEnabledForUser_WhenUserIsNull_ReturnsFalse()
+        {
+            var configuration = new CertificatesConfiguration(
+                isUIEnabledByDefault: true,
+                alwaysEnabledForDomains: Enumerable.Empty<string>(),
+                alwaysEnabledForEmailAddresses: Enumerable.Empty<string>());
+
+            Assert.False(configuration.IsUIEnabledForUser(user: null));
+        }
+
+        [Fact]
+        public void IsUIEnabledForUser_WithDefaults_ReturnsFalse()
+        {
+            var configuration = new CertificatesConfiguration();
+
+            Assert.False(configuration.IsUIEnabledForUser(_user));
+        }
+
+        [Fact]
+        public void IsUIEnabledForUser_WhenNotEnabled_ReturnsFalse()
+        {
+            var configuration = new CertificatesConfiguration(
+                isUIEnabledByDefault: false,
+                alwaysEnabledForDomains: Enumerable.Empty<string>(),
+                alwaysEnabledForEmailAddresses: Enumerable.Empty<string>());
+
+            Assert.False(configuration.IsUIEnabledForUser(_user));
+        }
+
+        [Fact]
+        public void IsUIEnabledForUser_WhenUIIsEnabledByDefault_ReturnsTrue()
+        {
+            var configuration = new CertificatesConfiguration(
+                isUIEnabledByDefault: true,
+                alwaysEnabledForDomains: Enumerable.Empty<string>(),
+                alwaysEnabledForEmailAddresses: Enumerable.Empty<string>());
+
+            Assert.True(configuration.IsUIEnabledForUser(_user));
+        }
+
+        [Theory]
+        [InlineData("nuget.test")]
+        [InlineData("NUGET.TEST")]
+        public void IsUIEnabledForUser_WhenUIIsEnabledForDomain_ReturnsTrue(string domain)
+        {
+            var configuration = new CertificatesConfiguration(
+                isUIEnabledByDefault: false,
+                alwaysEnabledForDomains: new[] { domain },
+                alwaysEnabledForEmailAddresses: Enumerable.Empty<string>());
+
+            Assert.True(configuration.IsUIEnabledForUser(_user));
+        }
+
+        [Theory]
+        [InlineData("a@nuget.test")]
+        [InlineData("A@NUGET.TEST")]
+        public void IsUIEnabledForUser_WhenUIIsEnabledForEmailAddress_ReturnsTrue(string emailAddress)
+        {
+            var configuration = new CertificatesConfiguration(
+                isUIEnabledByDefault: false,
+                alwaysEnabledForDomains: Enumerable.Empty<string>(),
+                alwaysEnabledForEmailAddresses: new[] { emailAddress });
+
+            Assert.True(configuration.IsUIEnabledForUser(_user));
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Services/ContentObjectServiceFacts.cs b/tests/NuGetGallery.Facts/Services/ContentObjectServiceFacts.cs
index 38fd7b2379..5b662e5c96 100644
--- a/tests/NuGetGallery.Facts/Services/ContentObjectServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/ContentObjectServiceFacts.cs
@@ -24,8 +24,15 @@ public void ObjectsHaveDefaultStateIfNotRefreshed()
                 var loginDiscontinuationAndMigrationConfiguration = service.LoginDiscontinuationConfiguration as LoginDiscontinuationConfiguration;
                 Assert.Empty(loginDiscontinuationAndMigrationConfiguration.DiscontinuedForDomains);
                 Assert.Empty(loginDiscontinuationAndMigrationConfiguration.ExceptionsForEmailAddresses);
+
+                var certificatesConfiguration = service.CertificatesConfiguration as CertificatesConfiguration;
+
+                Assert.False(certificatesConfiguration.IsUIEnabledByDefault);
+                Assert.Empty(certificatesConfiguration.AlwaysEnabledForDomains);
+                Assert.Empty(certificatesConfiguration.AlwaysEnabledForEmailAddresses);
             }
 
+            [Fact]
             public async Task RefreshRefreshesObject()
             {
                 // Arrange
@@ -35,25 +42,47 @@ public async Task RefreshRefreshesObject()
                 var shouldTransforms = new[] { "transfomer@example.com" };
                 var orgTenantPairs = new[] { new OrganizationTenantPair("example.com", "tenantId") };
 
-                var config = new LoginDiscontinuationConfiguration(emails, domains, exceptions, shouldTransforms, orgTenantPairs);
-                var configString = JsonConvert.SerializeObject(config);
+                var loginDiscontinuationConfiguration = new LoginDiscontinuationConfiguration(emails, domains, exceptions, shouldTransforms, orgTenantPairs);
+                var loginJson = JsonConvert.SerializeObject(loginDiscontinuationConfiguration);
+
+                var isUIEnabledByDefault = true;
+                var alwaysEnabledForDomains = new[] { "a" };
+                var alwaysEnabledForEmailAddresses = new[] { "b" };
+
+                var certificatesConfiguration = new CertificatesConfiguration(
+                    isUIEnabledByDefault,
+                    alwaysEnabledForDomains,
+                    alwaysEnabledForEmailAddresses);
+                var certificatesJson = JsonConvert.SerializeObject(certificatesConfiguration);
 
-                GetMock<IContentService>()
+                var contentService = GetMock<IContentService>();
+
+                contentService
                     .Setup(x => x.GetContentItemAsync(Constants.ContentNames.LoginDiscontinuationConfiguration, It.IsAny<TimeSpan>()))
-                    .Returns(Task.FromResult<IHtmlString>(new HtmlString(configString)));
+                    .Returns(Task.FromResult<IHtmlString>(new HtmlString(loginJson)));
+
+                contentService
+                    .Setup(x => x.GetContentItemAsync(Constants.ContentNames.CertificatesConfiguration, It.IsAny<TimeSpan>()))
+                    .Returns(Task.FromResult<IHtmlString>(new HtmlString(certificatesJson)));
 
                 var service = GetService<ContentObjectService>();
 
                 // Act
                 await service.Refresh();
-                var loginDiscontinuationConfiguration = service.LoginDiscontinuationConfiguration as LoginDiscontinuationConfiguration;
+
+                loginDiscontinuationConfiguration = service.LoginDiscontinuationConfiguration as LoginDiscontinuationConfiguration;
+                certificatesConfiguration = service.CertificatesConfiguration as CertificatesConfiguration;
 
                 // Assert
                 Assert.True(loginDiscontinuationConfiguration.DiscontinuedForEmailAddresses.SequenceEqual(emails));
                 Assert.True(loginDiscontinuationConfiguration.DiscontinuedForDomains.SequenceEqual(domains));
                 Assert.True(loginDiscontinuationConfiguration.ExceptionsForEmailAddresses.SequenceEqual(exceptions));
-                Assert.True(loginDiscontinuationConfiguration.EnabledOrganizationAadTenants.SequenceEqual(orgTenantPairs));
+                Assert.True(loginDiscontinuationConfiguration.EnabledOrganizationAadTenants.SequenceEqual(orgTenantPairs, new OrganizationTenantPairComparer()));
+
+                Assert.True(certificatesConfiguration.IsUIEnabledByDefault);
+                Assert.Equal(alwaysEnabledForDomains, certificatesConfiguration.AlwaysEnabledForDomains);
+                Assert.Equal(alwaysEnabledForEmailAddresses, certificatesConfiguration.AlwaysEnabledForEmailAddresses);
             }
         }
     }
-}
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Services/MessageServiceFacts.cs b/tests/NuGetGallery.Facts/Services/MessageServiceFacts.cs
index df0ac5439f..b6a838b658 100644
--- a/tests/NuGetGallery.Facts/Services/MessageServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/MessageServiceFacts.cs
@@ -1351,7 +1351,7 @@ public static IEnumerable<object[]> EmailSettingsCombinations
 
             [Theory]
             [MemberData(nameof(EmailSettingsCombinations))]
-            public void WillSendEmailToOwnersRegardlessOfSettings(bool user1PushAllowed, bool user2PushAllowed, bool user1EmailAllowed, bool user2EmailAllowed)
+            public void WillHonorPushSettings(bool user1PushAllowed, bool user2PushAllowed, bool user1EmailAllowed, bool user2EmailAllowed)
             {
                 // Arrange
                 var packageRegistration = new PackageRegistration
@@ -1363,6 +1363,9 @@ public void WillSendEmailToOwnersRegardlessOfSettings(bool user1PushAllowed, boo
                         new User { EmailAddress = "flynt@example.com", NotifyPackagePushed = user2PushAllowed, EmailAllowed = user2EmailAllowed }
                     }
                 };
+                var user1EmailShouldBeSent = user1PushAllowed;
+                var user2EmailShouldBeSent = user2PushAllowed;
+                int expectedNumberOfEmails = (user1EmailShouldBeSent ? 1 : 0) + (user2EmailShouldBeSent ? 1 : 0);
                 var package = new Package
                 {
                     Version = "1.2.3",
@@ -1375,123 +1378,24 @@ public void WillSendEmailToOwnersRegardlessOfSettings(bool user1PushAllowed, boo
                 messageService.SendValidationTakingTooLongNotice(package, "http://dummy1");
 
                 // Assert
-                var message = messageService.MockMailSender.Sent.Last();
-
-                Assert.Equal("yung@example.com", message.To[0].Address);
-                Assert.Equal("flynt@example.com", message.To[1].Address);
-                Assert.Equal(2, message.To.Count);
-            }
-        }
+                var message = messageService.MockMailSender.Sent.LastOrDefault();
 
-        public class TheSendPackageUploadedNoticeMethod
-            : TestContainer
-        {
-            [Theory]
-            [InlineData("1.2.3")]
-            [InlineData("1.2.3-alpha")]
-            [InlineData("1.2.3-alpha.1")]
-            [InlineData("1.2.3+metadata")]
-            [InlineData("1.2.3-alpha+metadata")]
-            [InlineData("1.2.3-alpha.1+metadata")]
-            public void WillSendEmailToAllOwners(string version)
-            {
-                // Arrange
-                var nugetVersion = new NuGetVersion(version);
-                var packageRegistration = new PackageRegistration
-                {
-                    Id = "smangit",
-                    Owners = new[]
-                    {
-                        new User { EmailAddress = "yung@example.com", NotifyPackagePushed = true },
-                        new User { EmailAddress = "flynt@example.com", NotifyPackagePushed = true }
-                    }
-                };
-                var package = new Package
+                if (expectedNumberOfEmails == 0)
                 {
-                    Version = version,
-                    PackageRegistration = packageRegistration,
-                    User = new User("userThatPushed")
-                };
-                packageRegistration.Packages.Add(package);
-
-                // Act
-                var messageService = TestableMessageService.Create(GetConfigurationService());
-                var packageUrl = $"https://localhost/packages/{packageRegistration.Id}/{nugetVersion.ToNormalizedString()}";
-                var supportUrl = $"https://localhost/packages/{packageRegistration.Id}/{nugetVersion.ToNormalizedString()}/ReportMyPackage";
-                var emailSettingsUrl = "https://localhost/account";
-                messageService.SendPackageUploadedNotice(package, packageUrl, supportUrl, emailSettingsUrl);
-
-                // Assert
-                var message = messageService.MockMailSender.Sent.Last();
-
-                Assert.Equal("yung@example.com", message.To[0].Address);
-                Assert.Equal("flynt@example.com", message.To[1].Address);
-                Assert.Equal(TestGalleryNoReplyAddress, message.From);
-                Assert.Contains($"[{TestGalleryOwner.DisplayName}] Package uploaded - {packageRegistration.Id} {nugetVersion.ToNormalizedString()}", message.Subject);
-                Assert.DoesNotContain("publish", message.Subject);
-                Assert.Contains(
-                    $"The package [{packageRegistration.Id} {nugetVersion.ToFullString()}]({packageUrl}) was recently uploaded to {TestGalleryOwner.DisplayName} by {package.User.Username}. If this was not intended, please [contact support]({supportUrl}).", message.Body);
-            }
-
-            [Fact]
-            public void WillNotSendEmailToOwnerThatOptsOut()
-            {
-                // Arrange
-                var packageRegistration = new PackageRegistration
+                    Assert.Null(message);
+                }
+                else
                 {
-                    Id = "smangit",
-                    Owners = new[]
+                    if (user1EmailShouldBeSent)
                     {
-                        new User { EmailAddress = "yung@example.com", NotifyPackagePushed = true },
-                        new User { EmailAddress = "flynt@example.com", NotifyPackagePushed = false }
+                        Assert.Contains("yung@example.com", message.To.Select(ma => ma.Address));
                     }
-                };
-                var package = new Package
-                {
-                    Version = "1.2.3",
-                    PackageRegistration = packageRegistration,
-                    User = new User("userThatPushed")
-                };
-                packageRegistration.Packages.Add(package);
-
-                // Act
-                var messageService = TestableMessageService.Create(GetConfigurationService());
-                messageService.SendPackageUploadedNotice(package, "http://dummy1", "http://dummy2", "http://dummy3");
-
-                // Assert
-                var message = messageService.MockMailSender.Sent.Last();
-
-                Assert.Equal("yung@example.com", message.To[0].Address);
-                Assert.Equal(1, message.To.Count);
-            }
-
-            [Fact]
-            public void WillNotAttemptToSendIfNoOwnersAllow()
-            {
-                // Arrange
-                var packageRegistration = new PackageRegistration
-                {
-                    Id = "smangit",
-                    Owners = new[]
+                    if (user2EmailShouldBeSent)
                     {
-                        new User { EmailAddress = "yung@example.com", EmailAllowed = false },
-                        new User { EmailAddress = "flynt@example.com", EmailAllowed = false }
+                        Assert.Contains("flynt@example.com", message.To.Select(ma => ma.Address));
                     }
-                };
-                var package = new Package
-                {
-                    Version = "1.2.3",
-                    PackageRegistration = packageRegistration,
-                    User = new User("userThatPushed")
-                };
-                packageRegistration.Packages.Add(package);
-
-                // Act
-                var messageService = TestableMessageService.Create(GetConfigurationService());
-                messageService.SendPackageUploadedNotice(package, "http://dummy1", "http://dummy2", "http://dummy3");
-
-                // Assert
-                Assert.Empty(messageService.MockMailSender.Sent);
+                    Assert.Equal(expectedNumberOfEmails, message.To.Count);
+                }
             }
         }
 
diff --git a/tests/NuGetGallery.Facts/ViewModels/ListPackageItemRequiredSignerViewModelFacts.cs b/tests/NuGetGallery.Facts/ViewModels/ListPackageItemRequiredSignerViewModelFacts.cs
index 822f72dad8..f5cadaff1f 100644
--- a/tests/NuGetGallery.Facts/ViewModels/ListPackageItemRequiredSignerViewModelFacts.cs
+++ b/tests/NuGetGallery.Facts/ViewModels/ListPackageItemRequiredSignerViewModelFacts.cs
@@ -302,7 +302,7 @@ public void Constructor_WhenPackageHasOneOwnerAndTheCurrentUserIsACollaborator_W
             Assert.Null(viewModel.RequiredSignerMessage);
             VerifySigners(package.PackageRegistration.Owners, viewModel.AllSigners, expectAnySigner: false);
             Assert.True(viewModel.ShowRequiredSigner);
-            Assert.False(viewModel.ShowTextBox);
+            Assert.True(viewModel.ShowTextBox);
             Assert.False(viewModel.CanEditRequiredSigner);
 
             _securityPolicyService.VerifyAll();