# Instructions
Create an Azure storage account, and a new container inside it. Generate SAS url for it. Inside the container, you will upload 2 base64 encoded .txt files - one containing the current BIOS password, and the other with all known previous passwords.

# Current setup
- Resource Group: `rg-IntuneRelated-Prod00`
- Sorage Account name: `stitbiosmgm`

## Azure
### SAS url
`https://stitbiosmgmt.blob.core.windows.net/mgmt?sp=r&st=2026-02-26T08:55:03Z&se=2036-02-26T17:10:03Z&spr=https&sv=2024-11-04&sr=c&sig=lBtObK2UmF3nzLvN4%2Biu1X9H6nC0Tc%2BRgvW0hM4eq9U%3`

### current-content.txt
`https://stitbiosmgmt.blob.core.windows.net/mgmt/current-content.txt?sp=r&st=2026-02-26T08:49:58Z&se=2034-01-08T17:04:58Z&spr=https&sv=2024-11-04&sr=c&sig=zS74OfiIR93eSpFz68xnqW99UF0pJPLCoUIB7X5rnnM%3D`

### old-content.txt
`https://stitbiosmgmt.blob.core.windows.net/mgmt/old-content.txt?sp=r&st=206-02-26T08:49:58Z&se=2034-01-08T17:04:58Z&spr=https&sv=2024-11-04&sr=c&sig=zS74OfiIR93eSpFz68xnqW99UF0pJPLCoUIB7X5rnnM%3D`

## Intune
### Remediation
|Setting|Value|
|:--|:--|
|Name|Dell BIOS Admin Password|
|Detection script|Detect-BiosPassword.ps1|
|Remediation script|Remediate-BiosPassword.ps1|
|Run this script using the logged-on credentials|No (run as System)|
|Enforce script signature check|No (unless you sign your scripts)|
|Run script in 64-bit PowerShell|Yes|
|Schedule|Daily or every 1 hour depending on urgency|

### Entra ID Group for deployment
Intune - Azure Dell BIOS Password Solution