Preparing for Windows 11: Checking UEFI, SecureBoot and BIOS Versions

Do you know what firmware versions exist in your environment? Do you have a quick and easy way of finding all of them? Do you know how many of your computers have UEFI and SecureBoot turned on? Could you find them quickly if needed? With the recent unveiling of Windows 11 and its minimum hardware requirements, you are very likely looking for ways to determine which computers will be able to update when the time comes. You probably are also wondering if computers in your environment are up to date on their firmware, so I’ll show you an easy way to check UEFI, SecureBoot and BIOS versions.

Hardware and Firmware Audit Dashboard

Up-to-date firmware may determine if a device model has the capacity to run Windows 11 or not. Also, there are always vulnerabilities out there that up-to-date firmware versions can protect against. Either way, the Right Click Tools Hardware and Firmware Audit dashboard will help! This dashboard is part of the Right Click Tools Enterprise Edition and it offers a quick and easy way to discover what hardware and firmware exists in your ConfigMgr environment.

Getting Started

Once you select the Hardware and Firmware Audit dashboard from Assets and Compliance in the Recast node, all you need to do is choose the collection, and then on the right-hand side, select the items that you’d like to know more about.

Tip: Select “Nested Filtering” to quickly drill down to specific firmware versions on your devices. You can also do the same to see if UEFI and SecureBoot are enabled.

Hardware and Firmware Audit Dashboard - Select Options

Working from left to right in the dashboard, I’ll show you what you can expect to see.

Chassis Types

After clicking on the Scan button, the chassis information is populated. In case you’re curious, these are the chassis types that Windows defines:

  • Desktop
  • Low Profile Desktop
  • Pizza Box
  • Mini Tower
  • Tower
  • Portable
  • Laptop
  • Notebook
  • Hand Held
  • Docking Station
  • All in One
  • Sub Notebook
  • Space-Saving
  • Lunch Box
  • Main System Chassis
  • Expansion Chassis
  • SubChassis
  • Bus Expansion Chassis
  • Peripheral Chassis
  • Storage Chassis
  • Rack Mount Chassis
  • Sealed-Case PC
  • Tablet
  • Convertible
  • Detachable

When you pick one of the chassis types in the left-hand window, like “Portable” for example, it will populate all the manufacturers of that chassis type in your environment in the next window to the right. It turns out that we only have Dells that are identified as portables in this lab.

Hardware and Firmware Audit Dashboard - Chassis Types and Manufacturers

Once the “Manufacturer” window is populated, you can select the manufacturer you want to know more information about. In this example, I select Dell and see in the next window the Dell portable models in our environment.

Hardware and Firmware Audit Dashboard - Models

UEFI, SecureBoot and BIOS Versions

Next, choose the model you are interested in knowing more about. The dashboard instantly shows whether UEFI is enabled or disabled.

UEFI, SecureBoot and BIOS Versions - UEFI Status

You can then click on the enabled devices to see if SecureBoot is also enabled or disabled.

UEFI, SecureBoot and BIOS Versions - SecureBoot Status

Finally, you can click on each SecureBoot status to find the BIOS version for those computers.

UEFI, SecureBoot and BIOS Versions - BIOS Version

Time to Act

At this point, you are just a Right Click Tools right click away from updating your firmware. Simply add the devices needing an update to a collection. You decide what method to use. Whether it’s an application you send to the devices or a task sequence, you have the collection ready to go!

Hardware and Firmware Audit Dashboard - Taking Action

If you would like to add computers to a collection from any other level of the nested filtering, besides the BIOS example shown here, you can leave out the sections that you are not interested in. Those won’t be a part of the nested filtering flow. That way you can export a list of computers where SecureBoot is disabled, or run any other Right Click Tools action against them as needed.

Now that you know what firmware versions exist and if UEFI and SecureBoot are enabled or disabled in your ConfigMgr environment, you decide what action is needed. This walkthrough of the Hardware and Firmware Audit dashboard should give you a good idea of what can be accomplished through Right Click Tools Enterprise Edition. If you have questions, please feel free to reach out to https://recastsoftware.com/support.

Share this: