This blog is an introduction to HP Connect. For those unfamiliar with HP Connect, this is a free cloud service that allows you to update, configure and secure the Bios of your corporate HP devices. HP Connect works with Intune and Entra ID (AAD) to push the configuration and settings to the endpoints. It uses Entra ID groups and remediation scripts in Intune to push the configuration to the Endpoints. For this reason, it is required that your endpoints are managed by Intune and you meet the requirements of remediations.
What can you do with HP Connect
With HP Connect you can manage the following settings:
- BIOS updates
- Always the latest version
- Only Critical versions
- Specific version for a specific platform
- BIOS settings
- Supported on a per-platform basis
- Global Settings policy applies across platforms
- BIOS Authentication
- HP Sure Admin (I will explain more about HP Sure Admin in a separate post.)
- Password
Onboarding HP Connect
The onboarding in HP Connect consists of a few simple steps in which two enterprise applications are created in Entra ID. In addition, a number of permissions are required to ensure that HP Connect can do its job. To complete the onboarding, you need Global Admin rights to assign the permissions. HP Connect needs the permissions listed below.
- Sign you in and read your profile
- Maintain access to data you have given it access to
- Read Microsoft Intune Device Configuration and Policies
- Read and write Microsoft Intune Device Configuration and Policies
- Read Microsoft Intune RBAC settings
- Read all groups
- Access the directory as you
- Read group membership
Let’s see what the onboarding looks like.
1. The first step is to go to the HP Connect page. The url for the page is: https://connect.admin.hp.com/. To start onboarding, you need to press “Get Started.”
2. If you are not already logged in, log in with a Global Administrator account. Then you need to approve the permissions for your organization and press “Accept”.
3. Now you have to be careful: If you have a popup blocker on, then the permission screen is blocked and you only see the terms and conditions. Allow the popups once to show and approve the screen below. If you don’t do this, then, among other things, Azure Ad groups won’t load and you won’t be able to assign policies. Approve the permissions and continue.
4. Please read and accept the terms and conditions to proceed and finish onboarding.
5. Now that the onboarding is complete, you can use HP connect and you will see that two enterprise applications have been added to your tenant.
- HP Connect for MEM
- HP MEM Connector Services
Assign Management HP Connect
As far as I can find in the documentation, it is not possible to assign user permissions within HP Connect. Only the Entra ID roles; Global administrator and Intune administrator are allowed to log into HP Connect. If you try to log in with another user you get the following message: Authorization needed.
In the next blog, we will go into more detail on how to control bios access through HP Sure Admin and why this is a very cool feature.