A while ago, Mark Morowczynski of Microsoft wrote a blog post, “How to Manage Surface Pro 3 UEFI Through PowerShell”. In the post, he describes advanced UEFI security configuration options for the Microsoft Surface, such as enable/disable cameras, WiFi, Blootooth, Network Boot. There’s also information about using PowerShell to configure UEFI settings, scaling to control “tends of thousands” of Surface devices.
IMO, this is a nice use of UEFI to configure security settings, I hope other OEMs and OS vendors enable this kind of granularity to configure their systems. I also hope malware authors don’t exploit this ability to scale to all Surface devices in an enterprise with a single PowerShell command. 🙂
More information:
http://blogs.technet.com/b/askpfeplat/archive/2015/04/20/how-to-manage-surface-pro-3-uefi-through-powershell.aspx
https://technet.microsoft.com/en-us/windows/dn965440
