I've spent over a month testing the new Dell Partner Integration with Intune, with the goal of using the Dell/Intune portal to automatically generate and manage BIOS passwords. Unfortunately, we've hit a roadblock.
When a laptop is returned by a leaver and reimaged, Intune does not regenerate a new BIOS password. According to Dell and community sources, Intune applies the BIOS password only once per device. If the device is reimaged or the password is cleared locally, Intune will not reapply or rotate the password unless the BIOS configuration policy is manually modified.
In practice, managing a large fleet (e.g. 700 laptops) under one BIOS policy, you would expect a large number of devices remaining in a PENDING state. Dell also advises not to modify the BIOS policy while devices are pending — which creates a catch-22 situation: you can't update the policy to trigger password rotation without risking deployment issues, and you can't reset the password via Intune after reimaging.
At this stage, unless Microsoft and Dell improve the integration and policy behavior, the most reliable method appears to be using the Dell BIOS PowerShell Provider to set and manage BIOS passwords — especially if you're aiming to maintain BIOS security in real-world device lifecycle workflows.
it would be realy helpfull to manage the bios settings