Yes, Bernhard is right, they are somewhat two different things.
Redirecting DNS is good practise so that you will always receive and therefore be able to filter to any DNS queries. Any clients that are using DoT or DoH directly will circumvent this as those protocols are designed for that.
So what I would do on my network is to enable the DoH category but only for GREEN (and BLUE if you are using that). That way, you can still use DoT to connect to your upstream providers, but your clients can’t connect to anything on the list.
That would be a clean design and it would be robust enough in most setups.