In Part 2 of this series, the focus shifts from reporting BIOS compliance (covered in Part 1) to collecting and reporting Secure Boot–related data across your endpoint fleet using Symantec IT Management Suite (ITMS) and Custom Inventory.
The post walks through how to extend your existing reporting framework by capturing detailed Secure Boot information - including registry values, servicing status, and update readiness - with a PowerShell script that runs on managed devices and sends results back into ITMS via a custom data class.
Key points:
Collecting Secure Boot state and update information through a scripted registry inspection and scheduled task trigger.
Evaluating readiness for the Windows UEFI CA 2023 certificate transition, identifying devices that are compliant, partially updated, or require remediation.
Reporting and visualization by feeding the collected data back into ITMS, enabling clear dashboards and filters for targeting remediation workflows.
With this approach, IT teams gain enterprise-wide visibility into Secure Boot status and can integrate that information with BIOS compliance reporting for a more complete compliance picture.
All technical details, scripts, and implementation steps can be found in the original blog post.