windows – Microsoft BIOS on Azure secure boot programatic registration

I am new to Azure and Windows 11 (being a Mac & AWS dev). I am building a VM in Azure to install binaries into as part of our automated CI. Currently the manual process is as follows:

1. create the VM
2. RDP in and install my latest binary
3. disable MS BIOS
4. reboot
5. re-enable BIOS

Without disabling BIOS, the VM fails to come back up from the reboot.

I would like some general advice with how to proceed with a programatic solution to this that is suitable for CI. Is there a way that I can install without disabling BIOS by signing the binary?
Is it “OK” to quickly disable BIOS on Azure VMs? Is there any tooling to make this a bit easier to proceed with?

Finally, I tried the install on an AWS Windows 11 VM and it didn’t require this step at all. Does anyone know why this is the case?