Thursday 9 February 2023

Streamline Endpoint Security and Manageability with BLOBs

Dell EMC Study, Dell EMC Prep, Dell EMC Tutorial and Materials, Dell EMC Guides, Dell EMC Prep, Dell EMC Preparation

As an IT manager with hundreds or thousands of end users who rely on their laptops to get their job done, have you ever struggled to ensure everyone’s devices are secure and up to date? Configuring and managing BIOS can be an especially difficult task, but one that’s increasingly important. In fact, setting and maintaining a unique BIOS password on each device is one of the best ways to ensure that it can’t be tampered with accidentally, or even hacked. Dell has worked with Microsoft to develop a capability that allows you to manage and configure BIOS quickly, easily and natively within Intune using BLOBs.

BLOB stands for Binary Large Object and is a storage option for any type of data you want to retain in a binary format. It has the flexibility to store data for any type of application. In this case, BLOBs make it easy for IT to perform two important tasks: Configuring and updating BIOS settings for Dell devices with zero touch and setting and maintaining secure passwords that are unique to each device.

Let me explain.

Configuring and Updating Dell BIOS Settings Using Intune and BLOBs


Imagine you just hired a number of new employees to fill several different positions, and since you now offer hybrid or fully remote work, these new employees live all over the country. You would probably use connected provisioning, leveraging a generic image installed on each PC at the factory. The factory-provisioned devices are then directly shipped to each new employee.

Once the new employee receives the device, he or she enters a few keystrokes, and the device connects to the company’s Microsoft Intune, where software starts flowing down and installing on the device. This part is pretty standard. However, what’s new is that Intune is now able to configure BIOS settings with the same automated zero touch method used for device provisioning.

How does all of this happen?  It starts with Dell Command | Endpoint Configure for Microsoft Intune.

How this works is simple and should feel familiar to anyone who has managed system configurations.

1. The IT admin creates a configuration profile in Dell Command | Endpoint Configure and selects the system and BIOS settings tailored to fit the user and the organization’s needs.

2. The configuration profile is exported as a package – the BLOB – that contains that specific configuration of system and BIOS settings.

3. The BLOB is uploaded to Microsoft Intune and is set to automatically deploy to the groups of Dell endpoints the IT admin designates.

4. At the endpoint device, the Dell Client Connector for Intune decodes the BLOB and then invokes Dell Command Configure to configure the BIOS. Once this is complete, the device reports back a status of Pending, Failed or Succeeded.

Dell EMC Study, Dell EMC Prep, Dell EMC Tutorial and Materials, Dell EMC Guides, Dell EMC Prep, Dell EMC Preparation

The operation, assignment and reporting are native in Intune and handled just like any other configuration profile. The BLOB adds the capability to configure over 150 BIOS and hardware settings using current zero-touch deployment methods. Plus, the BIOS Configuration profile is right there with all of the other configuration profiles in Intune. This makes it easier than ever to manage your company’s fleet of devices, while helping you and your peers work more securely, especially since one of the key BIOS settings it can manage is the BIOS password. 

Setting and Maintaining Secure BIOS Passwords


Setting a BIOS password is an important step in securing your devices and establishing device trust, a pillar of Zero Trust Architecture. Without it, a hacker or even someone innocently making a change in a setting could interfere with the BIOS and disrupt your business. Organizations realize this but are often stuck with a single BIOS password for all devices because of the difficulty of managing a unique password for each device. And if that single password is compromised, every device becomes more vulnerable. With Dell Password Manager, you can have a strong and unique per-device BIOS password that is automatically rotated every time it’s used. Each password is stored in an Azure secure field. You simply toggle a button to set up this protection for your devices. This works with all new and previous generation Dell commercial devices. Additionally, all of these BIOS configuration settings can be managed through the cloud because of the unstructured nature of BLOB Storage.

BLOB Availability


While Dell Command | Endpoint Configure for Microsoft Intune is available for all customers today, the BIOS and Password Manager features are currently in private preview, with a public preview expected in the second quarter of 2023. If you can’t wait to try it out, request access to the private preview by contacting our Endpoint Security team. Don’t worry, gaining access to private preview will not disrupt your live environment; it will let you try out the features to see how it works in your environment.

Source: dell.com

Related Posts

0 comments:

Post a Comment