We time the deployments with our monthly Windows updates, which initiate a 10 hour countdown to reboot after installation.This ensures that a majority of desktops and a portion of laptops get the BIOS updates about 10 hours after deployment.
As Jay pointed out in the comments, with the current script that adds the reg key to HKLM it only re-enables bitlocker when a user logs in, and it runs with the user's permissions.
I rather not have bitlocked machines be unprotected between the firmware update and a user logging in.
The rest of the computers get the BIOS updates as the application catches the computer without a logged in user.
This is hit and miss, but eventually works it way to most of the other computers.
I should mention that the parameters in the install command WILL NOT install the Firmware update if a laptop is not plugged into power.