Use HP Connect and MEM to manage BIOS

By Nicklas AhlbergUncategorized

Keeping our devices up-to-date is important. We know all about Windows and applications, but often times miss out on keeping the other layers such as firmware and BIOS up-to-date as those are typically just updated during OSD or during troubleshooting.

There are a few community-made solutions out there which are working really well and in this post we are going to have a look at a solution from HP called “HP Connect for MEM”.

In short, “HP Connect for MEM” is utilizing Proactive Remediation to deploy a detection and remediation script. The detection script is used to identify each device’s current BIOS-version and then use HP API to determine if there is any new version to apply. If there is a newer version the remediation script is used to download and apply the update. The end-user will receive a “Restart Prompt” to finalize the update.

Pre-Requisites

As stated above, “HP Connect for MEM” is utilizing Proactive Remediation which requires Windows Enterprise, Windows 10/11 Pro is not supported at this point.

Windows 10/11 ProNot supported
Windows 10/11 EnterpriseSupported
Windows Pro edition is not supported by proactive remediation

Get started with HP Connect for MEM

The official user guide is found here. Use the guide to connect HP Connect with MEM.
Microsoft Word – HP Connect UG.docx

Let’s rock enroll! 🔥

Deploy a BIOS Update policy (dynamic Azure AD group)

Let’s create a BIOS update policy. The first thing we need to do is decide whether we should deploy the policy to all HP models or to a specific one. In this demo I will update a HP EliteBook 850 G5 to latest BIOS version. As for now HP Connect for MEM does not support Filters natively, but we will look at how to use a Filter and change the assignment later on.

  1. I created a dynamic Azure AD group with this query to make a group containing just my HP EliteBook 850 G5. (device.deviceModel -eq "HP EliteBook 850 G5")
  2. Follow the getting started guide above to connect HP Connect to MEM
  3. In HP Connect for MEM: Click Policies
  4. Click: New Policy
  5. Name: HP EliteBook 850 G5 BIOS update
  6. Type: BIOS Update
  7. Click: Next
  8. In this demo I will use “Keep BIOS of all devices always updated” but in production “Deploy only critical BIOS updates” would be a good use case (this is up to each company to decide).
  9. At Select Device Group: Select the dynamic Azure AD group we created in step 1
  10. Click: Next
  11. Review and click: Publish
  12. Now what will happen is that HP Connect for MEM will create a Proactive Remediation for us with all settings needed (detection and remediation scripts)
  13. Navigate to MEM -> Reports -> Endpoint analytics -> Proactive remediations
  14. You should see a new script package with %HPConnectForMEM% as the name suffix
  15. By reviewing the assignment we see that HP Connect defaults to “Repeats every day” schedule. We can change that if we want to, but I do not recommend having the PR run more frequently than so.
  16. Now all we need to do is wait for the PR to run on our device(s).
  17. The end-user will get notified when a reboot is needed to finalize the BIOS update.

Deploy a BIOS Update policy (virtual group and filter)

Let’s have a look at how to use a filter for a better assignment experience. Microsoft has recently released “Filters” as general available. Filters are very useful when it comes to pinpointing specific devices (such as a specific model) from an Azure AD-group.

  1. Follow above steps to create your BIOS update policy in HP Connect for MEM
  2. Create a Filter containing the model(s) you need. In this demo I use this query to create a Filter for HP EliteBook 850 G5.
  3. At Select Device Groups: Select an empty device group (group with no members)
  4. Click next and publish
  5. Navigate to MEM -> Reports -> Endpoint analytics -> Proactive remediations
  6. Edit the newly created PR
  7. Change the assignment to All devices and include a Filter
  8. This is the only option for Filtering we currently have. Filters will hopefully be fully supported by HP Connect for MEM in close future

Troubleshooting and logs

The log HP Connect for MEM log files are located here: %ProgramData%\HP\Endpoint\Logs
The official UsergGuide covers the troubleshooting parts really well. Check it out! 😃Microsoft Word – HP Connect UG.docx

3 thoughts on “Use HP Connect and MEM to manage BIOS

  1. HP Connect logs
    HP Connect maintains a log of operation at ~\AppData\Local\HPConnect. Since Intune scripts on
    a device execute in the System context, the logs will be created at
    C:\WINDOWS\system32\config\systemprofile\AppData\Local\HPConnect(Note
    that at introduction, the log was written to %ProgramData%\HP\Endpoint\Logs). Policies
    created and published from late March 2022 will move existing logs (if exist) to the new location and
    update as needed.

    Reply

  2. Hi Nicklas.
    Thank you for very helpful article.
    I’ve just tested this solution and it works for Windows 10 Pro as well.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.