As an IT manager with hundreds or thousands of end users who rely on their laptops to get their job done, have you ever struggled to ensure everyone’s devices are secure and up to date? Configuring and managing BIOS can be an especially difficult task, but one that’s increasingly important. In fact, setting and maintaining a unique BIOS password on each device is one of the best ways to ensure that it can’t be tampered with accidentally, or even hacked. Dell has worked with Microsoft to develop a capability that allows you to manage and configure BIOS quickly, easily and natively within Intune using BLOBs.

BLOB stands for Binary Large Object and is a storage option for any type of data you want to retain in a binary format. It has the flexibility to store data for any type of application. In this case, BLOBs make it easy for IT to perform two important tasks: Configuring and updating BIOS settings for Dell devices with zero touch and setting and maintaining secure passwords that are unique to each device.

Let me explain.

Configuring and Updating Dell BIOS Settings Using Intune and BLOBs

Imagine you just hired a number of new employees to fill several different positions, and since you now offer hybrid or fully remote work, these new employees live all over the country. You would probably use connected provisioning, leveraging a generic image installed on each PC at the factory. The factory-provisioned devices are then directly shipped to each new employee.

Once the new employee receives the device, he or she enters a few keystrokes, and the device connects to the company’s Microsoft Intune, where software starts flowing down and installing on the device. This part is pretty standard. However, what’s new is that Intune is now able to configure BIOS settings with the same automated zero touch method used for device provisioning.

How does all of this happen?  It starts with Dell Command | Endpoint Configure for Microsoft Intune.

How this works is simple and should feel familiar to anyone who has managed system configurations.

1. 1. The IT admin creates a configuration profile in Dell Command | Endpoint Configure and selects the system and BIOS settings tailored to fit the user and the organization’s needs.
   2. The configuration profile is exported as a package – the BLOB – that contains that specific configuration of system and BIOS settings.
   3. The BLOB is uploaded to Microsoft Intune and is set to automatically deploy to the groups of Dell endpoints the IT admin designates.
   4. At the endpoint device, the Dell Client Connector for Intune decodes the BLOB and then invokes Dell Command Configure to configure the BIOS. Once this is complete, the device reports back a status of Pending, Failed or Succeeded.

The operation, assignment and reporting are native in Intune and handled just like any other configuration profile. The BLOB adds the capability to configure over 150 BIOS and hardware settings using current zero-touch deployment methods. Plus, the BIOS Configuration profile is right there with all of the other configuration profiles in Intune. This makes it easier than ever to manage your company’s fleet of devices, while helping you and your peers work more securely, especially since one of the key BIOS settings it can manage is the BIOS password. 

Setting and Maintaining Secure BIOS Passwords

Setting a BIOS password is an important step in securing your devices and establishing device trust, a pillar of Zero Trust Architecture. Without it, a hacker or even someone innocently making a change in a setting could interfere with the BIOS and disrupt your business. Organizations realize this but are often stuck with a single BIOS password for all devices because of the difficulty of managing a unique password for each device. And if that single password is compromised, every device becomes more vulnerable. With Dell Password Manager, you can have a strong and unique per-device BIOS password that is automatically rotated every time it’s used. Each password is stored in an Azure secure field. You simply toggle a button to set up this protection for your devices. This works with all new and previous generation Dell commercial devices. Additionally, all of these BIOS configuration settings can be managed through the cloud because of the unstructured nature of BLOB Storage.

BLOB Availability

While Dell Command | Endpoint Configure for Microsoft Intune is available for all customers today, the BIOS and Password Manager features are currently in private preview, with a public preview expected in the second quarter of 2023. If you can’t wait to try it out, request access to the private preview by contacting our Endpoint Security team. Don’t worry, gaining access to private preview will not disrupt your live environment; it will let you try out the features to see how it works in your environment.

Check out new whitepapers to learn more about the evolution of endpoint management, and to understand the problems and possibilities and the Dell approach to endpoint management. As always, please reach out to your Dell sales rep for additional information or click here.