HP Connect for MEM | How to manage your Bios

Traditionally, keeping your Bios up-to-date can be quite a hassle. Especially, once you have multiple device models – and you need to get the right update version for each model. Sometimes, there are even multiple versions, when not every model in your environment has the same Bios version, for instance.

So, it’s not hard to imagine why some organizations choose to only update the Bios when there are issues or on redeployment of the device. However, that’s a security risk, you really shouldn’t be taking.

To address this, HP has launched HP Connect for MEM. This tool allows us with a fairly simple UI to create rules for automatic deployment of Bios Updates or settings. Let’s have a look at how to set this up.

First, we go to https://admin.hp.com and click on Get Started.

A pop-up will show up to login into Azure AD (Figure 2) and provide admin consent.

Once that is completed, you arrive at the homepage of HP Connect for MEM. From here, you can create a Policy or a Bios Secret (Password or Certificate).

To create a Policy, now select New Policy. Then, fill in a name for the policy. Next, you need to choose a type. Here, we will pick Bios Update.

Select Type:

• BIOS Authentication: allows you to configure Bios Authentication, you can choose from HP Sure Admin and a Bios Password
• Bios Settings: allows you to configure any Bios Settings for a specific HP Model
• Bios Update: allows you to send the most recent or a specific Bios version upgrade to devices

Click Next.

Now, we can set how we want to manage the Bios upgrade, we will select “Establish a rule for a specific device model”. A new choice then appears: either always update to the latest Bios Version or Enforce a specific Bios update version.

Keep BIOS of all devices always updated:
When applied to a group of supported platforms, Endpoint Manager will use the policy as a compliance item to monitor for and update every device in the selected group every time a BIOS is released that matches a device in the group.

Deploy only critical BIOS updates:
This policy will apply for a new BIOS release if it is marked as ‘Critical’ by HP to every matched device in the selected group

NOTE: HP may mark an update as critical based on specific criteria such as CVE Security vulnerability rating, the potential for damage or corruption or BSOD, battery safety or other concerns, or other fixes HP deems critical to the system. Not all BIOS releases that include CVE vulnerability fixes are marked as Critical.

Establish a rule for a specific device model:
This policy will apply a BIOS update to a matching device in a device group based on a defined criteria/rule. The policy is applied to the specified platform only.

Select Save and confirm with Apply.

Select the device Group for which you want to apply the policy. In this example, we chose a dynamic device which targets that specific HP model.

Click Next, publish and apply to confirm. If all went well, you now have a policy that is in use.

That’s all there is to it in the HP Connect for MEM.

To verify we go to MEM https://endpoint.microsoft.com. Go to Reports > Endpoint analytics > Proactive remediations
There you will see a new Script package name starting with HPConnectForMeM.

So far, so good. Now we only need to wait for the update on the hp device.

The device gets a notification for a reboot. It will reboot in BIOS update, without requiring the BIOS password

And afterwards, we can verify that the update was successful.

That’s all there is to setting up an automated workflow with HP Connect for MEM, so that for your enterprise devices the BIOS Firmware is always up-to-date.

Interested in learning how Xylos can help you to automate your BIOS Firmware?
Get started today and schedule a call to go over the solution.