Requirements
- Dell Command | Monitor or Dell Command | Update deployed to the endpoints.
Instructions
Create an Azure storage account, and a new container inside it. Generate SAS url for it. Inside the container, you will upload two Base64 encoded .txt files - one containing the current BIOS password, and the other with all known previous passwords, and one blank line to handle devices without BIOS password. As passwords change over the years, the new and old ones will be updated to both of the .txt files in the storage account.
Intune will handle the logic with a remediation script pair.
Azure configuration
First, create a storage account and generate the SAS for it. Upload both of the files and figure out the URL for both of them.
SAS url
https://stitbiosmgmt.blob.core.windows.net/mgmt?sp=r&st=2026-02-26T08:55:03Z&se=2036-02-26T17:10:03Z&spr=https&sv=2024-11-04&sr=c&sig=lBtObK2UmF3nzLvN4%2Biu1X9H6nC0Tc%2BRgvW0hM4eq9U%3D
Intune configuration
Remediation script
| Setting | Value |
|---|---|
| Name | Dell BIOS Admin Password |
| Detection script | Detect-BiosPassword.ps1 |
| Remediation script | Remediate-BiosPassword.ps1 |
| Run this script using the logged-on credentials | No (run as System) |
| Enforce script signature check | No (unless you sign your scripts) |
| Run script in 64-bit PowerShell | Yes |
| Schedule | Daily or every 1 hour depending on urgency |
Entra ID Group for deployment
Intune - Azure Dell BIOS Password Solution