After receiving tremendous feedback from customers during the public preview, Microsoft Endpoint Manager is excited to announce that management of BIOS settings via Device Firmware Configuration Interface (DFCI) is now generally available.
DFCI is an open-source Unified Extensible Firmware Interface (UEFI) framework that allows you to securely manage the UEFI (BIOS) settings of your Windows Autopilot devices remotely via Microsoft Endpoint Manager—all while limiting the end user’s control over firmware configurations.
Unlike traditional UEFI management, DFCI removes the need for managing third-party solutions and provides zero-touch firmware management by leveraging Microsoft Endpoint Manager for cloud management. DFCI also accesses the existing Windows Autopilot device information for authorization.
How to configure DFCI settings in Microsoft Endpoint Manager admin center
Before you use DFCI, make sure your device meets the following requirements:
First, create and assign the following profiles:
Then, reboot the device to update the UEFI configuration.
Figure 1: Device Firmware Configuration Interface screenshot
After assignment, you can track the status of your policy in the report.
After the policy has been delivered to the device and the device has been rebooted, end users will not be able to modify the settings managed by DFCI, even if the UEFI (BIOS) menu is protected by password. The BIOS settings of the device are now securely managed by the organization through Microsoft Endpoint Manager.
Learn more:
(This blog post is co-authored with Maggie Dakeva, Program Manager, Microsoft Endpoint Manager)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.