We successfully deployed the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\MicrosoftUpdateManagedOptIn (DWORD value 0x5944) via Proactive Remediation and tested applying it through Intune Settings Catalog with the following settings:

• Enable Secure Boot Certificate Updates: Enabled
• Configure High Confidence Opt Out: Disabled
• Configure Microsoft Update Managed Opt In: Enabled

However, the Settings Catalog configuration fails. We want to replace the script by using a device configuration profile. Is setting this registry key alone sufficient to enable Secure Boot updates, or should the additional settings above also be applied?