Deep Dive - Certificate-based Authentication in an Autopilot Pre-provisioning Deployment
A deep dive on converting to certificate-based authentication in an Autopilot pre-provisioned deployment using Think BIOS Config and Certificates V2 tools
2025#
Introducing Think BIOS Config Tool V2 and Lenovo BIOS Certificate Tool V2
We're excited to announce the release of two powerful new PowerShell-based tools for managing BIOS settings on Lenovo commercial PCs: Think BIOS Config Tool V2 and Lenovo BIOS Certificate Tool V2. These tools represent a complete rewrite of their predecessors, bringing modern PowerShell capabilities, enhanced user interfaces, and seamless integration with Microsoft Intune.
Certificate-based BIOS Authentication
updated October 31, 2025
Beginning with 2022 ThinkPad models, it is now possible to configure systems to use a digital signing certificate instead of a supervisor password. Although this feature does not eliminate the challenge of initially securing the device, it does eliminate the need to exchange passwords in plain text when scripting BIOS settings changes.
Automate Partition Sizes When Using Windows 11 ISO
As more corporate customers are moving to Intune and other cloud based tools for device management, there has been and probably will continue to be a decrease in the use of imaging technologies to deploy operating systems to devices. Most of the time, customers are using the OEM provided preload on the device as the initial operating system installation. Customers then leverage tools to continue with device configuration until the desired state is met.
Deploying Certificate-based BIOS Authentication with Microsoft Configuration Manager
This guide will demonstrate how to convert the BIOS security of a Lenovo Think product, protected by a Supervisor Password, to a digital certificate-based authentication mechanism using a Configuration Manager task sequence.
What Is The System Firmware Update Utility?
You may start seeing a new update offered titled System Firmware Update Utility. What exactly is this and what does it fix?
SU Helper Use Cases in a Modern World
The SU Helper utility was introduced to programmatically trigger the System Update AddIn of Commercial Vantage. Let's see how we can leverage SU Helper in different scenarios across Microsoft's Endpoint Management solutions.
Remediate Fibocom FwSwitchService on Devices Without WWAN Card
After a successful Operating System Deployment (OSD), customers have noted the Fibocom FWSwitchService running on devices without a Fibocom WWAN Card. In this blog post, we provide the cause and remediation for this issue.