Before updating clients bios information dating back
Now, there is a slight disclaimer that I need to put out there for the time being.
Because of certain limitations with some vendor systems, plus the fact that Configuration Manager can only have one boot image assigned to a task sequence and that you need to use the correct boot image architecture to boot a UEFI system, then you will need to have a separate task sequence to handle the bare metal/break fix scenarios (or better yet, pressure the vendor into supporting 64-bit Win PE).
In Upgrading the BIOS Part 1, I gave some very important reasons why you should be proactive about upgrading the BIOS on supported systems in your environment.
It is easy to suspend Bit Locker but keep in mind the native Configuration Manager step only suspends Bit Locker for one restart.Other solutions that I found relied on Configuration Manager Applications and Package/Programs.While these may work for specific scenarios, they cannot cover all scenarios.These are the only three vendors that I will be covering, but I will gladly take donated test systems of other vendors you would like me to test. Usually you password protect something in the first place in order to make it secure.However, the flash BIOS utilities will take the password as a command line parameter or in some cases (HP) a bin file.