FirmGuard® SecureConfig | Remote BIOS Firmware Configuration

abstract tech portal

Introduction

Changing or configuring the BIOS settings of an endpoint is something most IT administrators can do if they are in front of the endpoint. It usually requires pressing some function key before Windows boots up and then navigating a menu such as in the graphic shown below. But what if you don’t have direct, physical access to the endpoint and you need to make a change? Well, in that case, you might have to get on the phone and talk your client (who is often not very technical) through the process and that can be downright painful.

There must be a better way!

With FirmGuard SecureConfig, an administrator can remotely configure any BIOS parameter on any Windows endpoint just as if they were sitting in front of the computer. Because FirmGuard operates at the firmware level, it exposes every available BIOS parameter to the administrator.

If the OEM (e.g., Dell, HP, Lenovo) allows configuration of a given parameter, then FirmGuard will as well. Furthermore, SecureConfig can be used to apply a standard BIOS configuration to a given set of similar endpoints. Simply put, SecureConfig greatly streamlines and consolidates administration of BIOS settings across an entire organization.

How does it work?

With SecureConfig an administrator can easily configure any BIOS parameter that is available on the endpoint from the FirmGuard portal. The configuration screen will vary depending upon the make and model of the endpoint, but as an example, to the right, is a graphic showing some of the available parameters in a Lenovo laptop.

Here are some representative examples of configuration settings, changes or adjustments that might be needed from time to time:

  • Enable/disable I/O firmware settings such as USB, Bluetooth or camera
  • Set/update boot order sequence
  • Enable Wake-on-LAN, change power plan (to save battery) etc.

FirmGuard SecureConfig BIOS configuration screen for Lenovo endpoint

HTS Case Study Summary

Healthy Technology Solutions (HTS), a FirmGuard customer since 2022, had a local client that had recently established an overseas office that was nearly 7,600 miles and 13 time zones away from their offices in Las Vegas. The local client had purchased two new laptops and an HTS technician followed the New Computer Setup form to configure the laptops. During setup, he was unable to enable BitLocker because the TPM (Trusted Platform Module) hardware was showing as “unavailable.” The fix was obvious, enable TPM in UEFI BIOS firmware settings, however that would require coordination with the local client and with the 13 time zone difference that was going to be complicated.

Fortunately, HTS had access to SecureConfig which made the process almost trivial. An HTS technician logged into the FirmGuard portal from Las Vegas, pushed the FirmGuard agent to both laptops and then browsed the available BIOS settings via SecureConfig. He quickly drilled down and under “Security” found a setting to “Enable” the TPM security chip. After pressing the save button, the endpoint rebooted, and upon restart the drive started encrypting with BitLocker, as expected. What they thought was going to be a time-consuming headache turned out to only take 15 minutes to resolve,
thanks to SecureConfig!

In a matter of 15 minutes what we thought was going to be a headache turned out to be something simple, thanks to FirmGuard SecureConfig!!

Want to see FirmGuard in action?

Book your free demo today or contact your Phoenix representative.

FirmGuard dashboard light