Purpose
BIOS Management allows administrators to remotely manage BIOS settings on supported Windows devices directly from SureMDM. Using BIOS Management, administrators can configure BIOS security settings, deploy BIOS passwords, manage hardware controls, and enforce BIOS-level protections across enrolled devices.
BIOS settings are critical and can significantly impact system functionality, security, stability, and manageability. Before deploying BIOS configurations to production devices, thoroughly review, test, and validate the settings for each target model to ensure compatibility and to prevent unintended system issues. Review the following considerations:
Important Considerations Before Deploying BIOS Configurations
Before deploying BIOS configurations to production devices, review the following considerations:
- Deploying the same BIOS configuration to identical device models does not guarantee identical results or behavior. BIOS options and behavior can vary between different device models, hardware generations, and firmware versions. Therefore, do not assume that a configuration validated on one model will function identically on another.
- BIOS configuration changes can affect device startup behavior, security settings, and overall device operability.
- Certain BIOS settings may require a device reboot before the changes take effect.
- Changes related to Lock boot order, preferred boot order, or password management should be validated in a test environment before production deployment.
- BIOS passwords configured through SureMDM should be securely communicated to authorized end users when required. Failure to do so may prevent users from accessing or starting their devices.
- Removing a BIOS configuration may not automatically revert all BIOS settings to their previous values. The resulting behavior depends on the configured Action on Config Removal setting.
- Selecting Reset to Factory Settings during configuration removal may restore BIOS settings to factory defaults. On BitLocker-protected devices, this may trigger BitLocker recovery and require the recovery key.
- Device support for BIOS settings may vary based on OEM, model, BIOS version, and firmware capabilities. Unsupported settings may be skipped or reported as failed during deployment.
- Administrators should validate BIOS configurations on a limited set of devices before assigning them to larger device groups.
- Unsupported devices and unsupported agent versions will not receive BIOS configurations.
Prerequisites
Validated Devices
| OEM | Support Status | Validated Device Model (OEM Specific) |
| Lenovo | Supported | Thinkpad E580 Thinkpad E15 Thinkpad L14 Thinkpad E490 Thinkpad E14 Thinkpad Gen6 Thinkpad E14 Thinkbook 14G8 IRL |
| HP | Coming Soon | |
| Dell | Coming Soon |
Steps
For detailed configuration steps and supported settings, refer to the BIOS Management documentation. ( Click here)
Need more help? Here’s how to get help from our experts.