Creating BIOS Configuration
To create a new BIOS configuration:
- Navigate to Security > BIOS Management > Configuration.
- Click Add Configuration.
- Configure the required settings across the available configuration steps.
Step 1: Configuration Details
Provide the following information:
| Field | Description |
|---|---|
| Config Name | A unique name used to identify the BIOS configuration. |
| Select OEM | Select the device manufacturer for which the configuration will be applied. |
| Action on Config Removal | Determines the action performed when the BIOS configuration is removed from a device. Select one of the following options: Reset to Factory Settings Retain Existing BIOS Settings |
Configuration Removal Actions
Reset to Factory Settings: Removes the deployed BIOS configuration and restores BIOS settings to factory defaults. Devices protected by BitLocker may require recovery key authentication after BIOS settings are reset.
Retain Existing BIOS Settings: Removes the SureMDM configuration assignment while preserving the BIOS settings currently applied on the device.
After entering the required details, click Next.
Configuring BIOS Settings
The BIOS Settings page allows administrators to define BIOS-level controls that will be enforced on assigned devices.
Password Configuration
Use this section to manage BIOS supervisor passwords.
Available options include:
- Specify the current BIOS supervisor password (required because Lenovo devices do not support setting a BIOS password remotely for the first time).
- Change the existing BIOS supervisor password.
- Configure a new supervisor password.
- Confirm the newly configured password.
Password management helps prevent unauthorized access to BIOS settings on managed devices.
Boot Order Configuration
This section controls device boot behavior.
Available options include:
Lock Boot Order:
Prevents modification of the configured boot sequence on the device.
When enabled, end users cannot change the boot order locally through BIOS settings.
Preferred and Allowed Boot Order
Defines the approved boot devices and their sequence.
Administrators can control which devices are permitted to boot and prioritize the order in which the system attempts to boot from them.
Hardware Control
The Hardware Control section provides BIOS-level management of supported hardware components.
Depending on the device model and OEM capabilities, administrators can enable or disable supported hardware features to meet organizational security requirements.
Reboot After
Specifies the time interval after which the device should reboot to apply BIOS configuration changes.
BIOS configuration changes generally require a device restart before they become effective. Configure an appropriate reboot interval to ensure successful policy application.
After configuring the required settings, click Next.
Assigning Devices
In the final step:
- Select the target devices or device groups.
- Review the configuration.
- Click Save to create the BIOS configuration and initiate deployment.
Only devices from supported OEMs that meet the required agent version criteria are displayed.
The configuration is then distributed to the selected devices.
Viewing Configuration Details
To view a configuration:
- Navigate to Security > BIOS Management > Configuration.
- Locate the required configuration.
- Click View Details.
The details window provides information across multiple sections.
Configuration Details
Displays basic information about the BIOS configuration, including:
- Configuration Name
- OEM Name
BIOS Settings
Displays the BIOS settings configured as part of the selected configuration.
Device Details
Displays deployment status information for assigned devices.
Information includes:
- Device Name
- Device Model
- Device Architecture
- Device Group
- OS Version
- Configuration Status
- Assignment Time
Activity
The Activity section provides an audit trail of administrator actions performed on the selected BIOS configuration.
Information includes:
- Action performed
- Performed by
- Date and time of action
Managing BIOS Configurations
The Configuration page provides the following management actions:
| Action | Description |
|---|---|
| Add Configuration | Creates a new BIOS configuration. |
| View/Modify | Opens an existing configuration for review or editing. |
| Assign Devices | Assigns or reassigns configurations to devices or groups. |
| Delete | Removes the selected BIOS configuration. |
| Search | Filters configurations using keywords. |
| Refresh | Updates the configuration list. |