Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

← Ideas

Add TPM and SecureBoot task sequence variables

Please give us task sequence variables for the following because WMI can be unreliable or sometimes can't be used. These would be nice to have in order to create conditions for performing actions such as enabling/disabling TPM and SecureBoot.

TPM enabled/disabled
TPM activated/deactivated
TPM owned/not owned
SecureBoot enabled/disabled

4 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Chris shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
started  ·  AdminBob Mac Neill (Software Engineer, Microsoft Endpoint Configuration Manager) responded  · 

Hi,

Updating status to started – see

Our 2002 release added _TSSecureBoot
See https://docs.microsoft.com/en-us/mem/configmgr/core/understand/find-help#send-a-suggestion

Use this variable to determine the state of secure boot on a UEFI-enabled device. The variable can have one of the following values:

NA: The associated registry value doesn’t exist, which means the device doesn’t support secure boot.
Enabled: The device has secure boot enabled.
Disabled: The device has secure boot disabled.

For TPM that’s achievable with task sequence conditions – I’ll look to add something to the Community Hub to demonstrate.

1 comment

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

Ideas: Operating System Deployment

Categories

Feedback and Knowledge Base

(thinking…)