A while ago, Mark Morowczynski of Microsoft wrote a blog post, “How to Manage Surface Pro 3 UEFI Through PowerShell”. In the post, he describes advanced UEFI security configuration options for the Microsoft Surface, such as enable/disable cameras, WiFi, Blootooth, Network Boot. There’s also information about using PowerShell to configure UEFI settings, scaling to control “tends of thousands” of Surface devices.
IMO, this is a nice use of UEFI to configure security settings, I hope other OEMs and OS vendors enable this kind of granularity to configure their systems. I also hope malware authors don’t exploit this ability to scale to all Surface devices in an enterprise with a single PowerShell command. 🙂