28 lines
1.4 KiB
Markdown
28 lines
1.4 KiB
Markdown
# Requirements
|
|
- **Dell Command | Monitor** or **Dell Command | Update** installed on the endpoint.
|
|
|
|
# Instructions
|
|
Create an Azure storage account, and a new container inside it. Generate SAS url for it. Inside the container, you will upload 2 base64 encoded .txt files - one containing the current BIOS password, and the other with all known previous passwords. As passwords change over the years, the new and old ones will be updated to both of the .txt files in the storage account.
|
|
|
|
Intune will handle the logic with a remediation script pair.
|
|
|
|
## Azure configuration
|
|
First, create a storage account and generate the SAS for it. Upload both of the files and figure out the URL for both of them.
|
|
|
|
### SAS url
|
|
`https://stitbiosmgmt.blob.core.windows.net/mgmt?sp=r&st=2026-02-26T08:55:03Z&se=2036-02-26T17:10:03Z&spr=https&sv=2024-11-04&sr=c&sig=lBtObK2UmF3nzLvN4%2Biu1X9H6nC0Tc%2BRgvW0hM4eq9U%3D`
|
|
|
|
## Intune configuration
|
|
### Remediation script
|
|
|Setting|Value|
|
|
|:--|:--|
|
|
|Name|Dell BIOS Admin Password|
|
|
|Detection script|Detect-BiosPassword.ps1|
|
|
|Remediation script|Remediate-BiosPassword.ps1|
|
|
|Run this script using the logged-on credentials|No (run as System)|
|
|
|Enforce script signature check|No (unless you sign your scripts)|
|
|
|Run script in 64-bit PowerShell|Yes|
|
|
|Schedule|Daily or every 1 hour depending on urgency|
|
|
|
|
### Entra ID Group for deployment
|
|
Intune - Azure Dell BIOS Password Solution |