Get complete control over your HP Bios with my 3rd blog post on HP Connect for Intune! In this part, I will cover the BIOS settings and how to centrally manage them for better security. Keep reading to learn how to get the most out of your BIOS management.
This is part 3 in my series of blog posts covering HP Connect for Intune. The first post coveredĀ how to get the BIOS patched to the latest release, followed by a post on secure authentication to the BIOS. Today I cover the BIOS settings and how this can be controlled centrally.
Please note: This is not a sponsored post!
Table of Contents
Introduction
BIOS (Basic Input/Output System) settings are crucial to any computer’s hardware configuration. BIOS settings control how hardware components communicate with the operating system, and incorrect settings can lead to security breaches, system instability, slow performance, or even hardware damage. Therefore, it’s essential to manage BIOS settings correctly.
In this article, I will dive into how to use HP Connect to configure BIOS settings and the benefits it offers.
Understanding HP Connect
HP Connect is a cloud application designed to simplify the management of UEFI BIOS on supported HP systems. With HP Connect, IT administrators can create BIOS management policies published to Microsoft Intune device groups. The policies are created in HP Connect, and Intune runs them as compliance proactive remediations. The best part is that no additional software needs to be downloaded or installed on each device.
The benefits of using HP Connect for BIOS management are numerous. It provides a streamlined solution for managing BIOS settings across multiple devices, simplifying the process for IT administrators. It also ensures that all devices run the same BIOS settings, reducing the likelihood of compatibility issues or other problems. Furthermore, using HP Connect for BIOS management helps ensure compliance with organizational policies and regulatory requirements.
BIOS Settings Policies
Here are the steps to create a Global BIOS Settings Policy within HP Connect:
Create A New BIOS Settings Policy
Log in to HP Connect and navigate to the Policies side tab. Click “New Policy” to begin creating a new policy. Fill in the policy name, select BIOS Settings as type, give a description, and set tags.
Click “Next” in the lower right corner.
Global VS Platform Policy Type
Choose between a “Global Policy” and a “Platform Policy“. Platform-specific policies can be used when configuring BIOS settings for a particular device or group of devices. Unlike Global BIOS Settings Policies, platform-specific policies are applied only to devices of a specific platform, such as HP EliteBook or HP ProBook.
Platform-specific policies can be managed and published in the same way as Global BIOS Settings Policies. However, it’s important to note that if a device is a member of multiple device groups with conflicting policies, the policy with the highest priority will be applied. By default, platform-specific policies are prioritized over Global BIOS Settings Policies.
Policy Settings
In the Policy Settings dialog box, you can find and set the required settings for your policy. You can configure each BIOS setting by using the search field to find the setting and modify it as needed. You can also preview modified settings by enabling “Show Selected Only.” Once you have set all the required settings, click “Save.”
Select “Apply” to send the policy to Microsoft Intune.
Policy Publishing
In the next dialog box, select the device groups to apply the policy to and click “Next”.
If a device group has an existing policy, publishing a new policy will replace the old policy with the new one. However, conflicts can arise when policies have conflicting settings. In this case, HP Connect will use conflict resolution rules to determine which policy settings should take precedence.
Review the settings and select “Publish” to apply the new policy.
The Intune Proactive Remediation Policy
You will now find this as a Proactive Remediation script in Microsoft Intune. Note that all policies targeted to the same group will be coordinated through the same script package.
Creating a BIOS Settings Policy with HP Connect is a straightforward process that can help you easily manage and configure BIOS settings across multiple devices.
Update An Existing Policy
It is worth mentioning that a policy in use can’t be edited. To open the policy for editing, I must remove the group assignment.
Once all groups are removed from the policy, it will have the state “Not In Use”, and the “Edit” button will be enabled.
We can change all settings except the policy type and platform when editing the policy. Once the policy is saved with the new settings, it can be assigned to a group again.
Review The Implementation
By looking at the proactive remediation script added by HP Connect, we can get some insights in how the settings applies to devices.
The settings can of course also be verified at the device.
The picture above shows how the ownership tag is visible on the device during boot.
Concluding HP Connect BIOS Settings
In conclusion, using HP Connect to manage BIOS settings offers many benefits for IT administrators. It provides a centralized platform to create and manage policies, saving time and effort. Creating global and platform-specific policies allows you to tailor settings to meet your organization’s needs. Additionally, conflict resolution tools help ensure policies are applied correctly without interfering with existing settings.
I encourage you to try HP Connect and discover how it can simplify your BIOS management processes.
External References
- HP Connect
- HP Connect User Guide
- Proactive Remediation Community Repository for those looking for more scripts
[…] HP Connect for Intune, Part3: BIOS Settings […]