08/11/2025
Cases from the Field / HP / Microsoft Intune / Mobile Device Management

Modern BIOS Management: HP Connect Meets Microsoft Intune

Nicky De Westelinckby Nicky De Westelinck

Last week, I was asked by a customer how we could roll out BIOS settings via Microsoft Intune for certain HP models. HP has a portal for this called HP Connect that can be linked to Microsoft Intune for managing BIOS settings on your managed devices. In this blog post, I will take you through the steps needed to connect HP Connect to Microsoft Intune and how to configure and deploy the necessary BIOS settings with Microsoft Intune.

What is HP Connect?

HP Connect for Managing BIOS Settings is a cloud-based solution developed by HP that integrates with Microsoft Intune to centrally manage BIOS configurations on supported HP devices.

Here’s a quick overview of what it does:

  • Policy-Based Management: IT admins can create BIOS policies (for updates, settings, and authentication) directly in HP Connect and assign them to device groups in Microsoft Intune.
  • No Local Software Required: Devices don’t need additional software installed—Intune executes the policies via Proactive Remediation scripts.
  • Security & Compliance: Ensures consistent BIOS configurations across devices, helping organizations meet security and compliance requirements.
  • Supported Devices: Works with HP Pro, Elite, Z, and POS systems managed via Intune.
  • Integration: Uses Microsoft Graph API to communicate with Intune and Azure AD for device targeting.

What does it do at the back-end?

When we connect HP Connect to our tenant for the first time, two App Registrations will be created, namely HP Connect for MEM and HP MEM Connector Services.

Configuration

Connect HP Connect to Microsoft Intune

Go to https://connect.admin.hp.com/ and select Sign In.

Make sure your Administrator account has the right permission (at least Cloud Application Administrator) for approval, or ask your admin for approval instead. Check Consent on behalf of your organization, and choose Accept.

You’ll be redirected to the HP Connect portal.

If you notice this message below, choose Reactivate Account.

Check I read and accept Terms and Conditions and choose Accept.

You’re account is now active. And we are ready to go!

INFORMATION: If you see a message on top of your screen that says Grant consent to new permissions, this is just a reminder that if you are facing issues assigning policies to groups, you need to check the permissions of the App Registrations. You can simply choose Click here to grant admin consent.

Microsoft Entra Dynamic Device group

Since we are dealing with specific HP models, we will first create a dynamic device group based on the HP model information in Microsoft Intune. For now, we will use an HP ZBook Power G9.

I created a dynamic device group with the dynamic membership rule below, and you’ll see that our device is added as a member. We will use this group to assign our BIOS policy in HP Connect.

(device.deviceModel -startsWith "HP ZBook Power 15.6 inch G9 ")

HP Connect – BIOS Settings Policy

Next up, we will create our BIOS policy for our HP devices, particularly the HP ZBook Power G9 devices. Go to https://connect.admin.hp.com and sign in with your account, choose Policies in the left menu, and then choose New Policy.

Give your policy the following information and then choose Next.

  • Name: BIOS – Settings – HP ZBook Power 15.6 inch G9
  • Type: BIOS Settings
  • Description: This policy will configure the required BIOS settings for HP ZBook Power 15.6 inch G9 devices

In the next screen, choose Platform Policy. By using this type of policy, you can configure device-specific settings. If you want a general configuration for all your devices, you can choose Global Policy. If you are familiar with Settings Catalog in Microsoft Intune, the BIOS settings look very similar. Choose some settings as preferred. I chose the following, then chose Save.

Once you choose Save, you need to publish the policy to Microsoft Intune. What does it do? I’ll show you later on. For now, choose Apply.

Next step is to assign our dynamic device group we’ve created and choose Next. Review everything and choose Publish.

I you are really sure to publish, choose Apply in the following screen. And you’ll see that the policy is created in HP Connect.

Our BIOS policies in HP Connect have been published, but what modifications has this now made to Microsoft Intune? From the moment BIOS policies are published, a Remediation Script is created on the Microsoft Intune side. This is where we take a closer look.

Microsoft Intune – Remediation Scripts

As mentioned, a Remediation Script is created in Microsoft Intune after publishing the BIOS policy in HP Connect.

If we take a closer look in detail, we effectively see that a Detection and Remediation script has been added.

Conclusion

HP Connect offers a powerful and streamlined way to manage BIOS settings across HP devices using Microsoft Intune. By leveraging cloud-based policies and integrating directly with Intune, IT admins can enforce consistent BIOS configurations without needing additional on-premises tools. This approach enhances security, simplifies compliance, and supports modern device management practices.

It’s important to note that HP Connect uses Proactive Remediation scripts to apply BIOS policies. Therefore, you’ll likely need the appropriate Microsoft Intune licensing (such as Microsoft 365 E3/E5 or equivalent) that includes support for Endpoint Analytics and remediation capabilities.

Nicky De Westelinck

Nicky De Westelinck is a Modern Workplace Consultant at Wortell with several years of experience in Microsoft 365. His main focus is Microsoft Intune and Microsoft 365 Administration. He is also a Microsoft Certified Trainer since 2021.

View all posts by Nicky De Westelinck →

You might also like

Set your Copilot Key application with Microsoft Intune

Enable Windows LAPS management with Microsoft Intune

Silence the Noise: Configure Quiet Time with Intune for notifications on Android and iOS/iPadOS