Instructions
Create an Azure storage account, and a new container inside it. Generate SAS url for it. Inside the container, you will upload 2 base64 encoded .txt files - one containing the current BIOS password, and the other with all known previous passwords.
Current setup
- Resource Group:
rg-IntuneRelated-Prod00 - Sorage Account name:
stitbiosmgm
Azure
SAS url
https://stitbiosmgmt.blob.core.windows.net/mgmt?sp=r&st=2026-02-26T08:55:03Z&se=2036-02-26T17:10:03Z&spr=https&sv=2024-11-04&sr=c&sig=lBtObK2UmF3nzLvN4%2Biu1X9H6nC0Tc%2BRgvW0hM4eq9U%3
current-content.txt
https://stitbiosmgmt.blob.core.windows.net/mgmt/current-content.txt?sp=r&st=2026-02-26T08:49:58Z&se=2034-01-08T17:04:58Z&spr=https&sv=2024-11-04&sr=c&sig=zS74OfiIR93eSpFz68xnqW99UF0pJPLCoUIB7X5rnnM%3D
old-content.txt
https://stitbiosmgmt.blob.core.windows.net/mgmt/old-content.txt?sp=r&st=206-02-26T08:49:58Z&se=2034-01-08T17:04:58Z&spr=https&sv=2024-11-04&sr=c&sig=zS74OfiIR93eSpFz68xnqW99UF0pJPLCoUIB7X5rnnM%3D
Intune
Remediation
| Setting | Value |
|---|---|
| Name | Dell BIOS Admin Password |
| Detection script | Detect-BiosPassword.ps1 |
| Remediation script | Remediate-BiosPassword.ps1 |
| Run this script using the logged-on credentials | No (run as System) |
| Enforce script signature check | No (unless you sign your scripts) |
| Run script in 64-bit PowerShell | Yes |
| Schedule | Daily or every 1 hour depending on urgency |
Entra ID Group for deployment
Intune - Azure Dell BIOS Password Solution