Hi Dan Alvarado​, Great question. First please make sure that you have reviewed and are familiar with our guidance including Secure Boot Certificate updates: Guidance for IT professionals and organizations - Microsoft Support. 

Next, there is some small amount of risk with this so we strongly encourage that orgs do not enable this across the board without proper testing and validation in their environment first. This testing and validation should follow your standard practices, similar to rolling out any update including Windows Updates (in ring/waves). You should also take into account different device types in your environment as there is a dependency on the firmware properly accepting the certificate update that may necessitate updating the firmware on specific device models first. For information on firmware compatibility, please check with your OEMs as they are the keeper and controller of this info.

Bottom line is that we strongly recommend a slow, controlled roll out just in case you are impacted or encounter something unique.