Hi,

We have already completed the BIOS update roll-out across all PC models in our environment.

In parallel, we are deploying the Secure Boot CA 2023 certificate upgrade using a Microsoft Intune configuration profile. Due to the very slow adoption rate observed during monitoring—both through Intune policy status and Secure Boot compliance reports—we have also introduced a remediation script to support the deployment.

Despite these efforts, the increase in deployed devices remains limited. This behavior may be related to policy application constraints or required system restarts. According to several references, the Secure Boot update process may require up to two device restarts before the changes are fully applied and reported.

Questions:

1- what is the Best way to complete the task, is to go with Registry settings and schedule the task, or with Config profile over Microsoft Intune?
2- Will the May Patch Tuesday update scheduled for May 12 guarantee a resolution of this issue and help increase the deployment and compliance numbers?