Proactive Remediation script: Compare Lenovo BIOS versions (current installed and last one available on website)

5 A+ A-

In this post I will share a proactive remediation script allowing you to compare current BIOS version installed on device with the latest available on Lenovo website for this model. 

This will also compare bios release date of both versions and gives you the number of days between your current BIOS version and the new one available.

The solution

We will use Endpoint Analytics Proactive remediation to check that BIOS is uptodate or not and then create the report.

The solution will result in one Detection script.

The detection script will give you the belo information:

- Device name

- Current model

- User name

- Last sync

- If BIOS uptodate or not

- Number of days between current BIOS version and last one

- Current BIOS version

- New BIOS version available

- Release date of the installed BIOS

- Release date of the latest available

See below an overview of the result:

The detection script works as below:

- Get current BIOS version

- Check the latest BIOS version available on the Lenovo website

If both BIOS version are differents:

- Check the current BIOS release date

- Check latest BIOS date

- Compare both dates

If dates are differents:

If dates are different, detection script exit in error meaning alert BIOS not uptodate.

You can also choose to set a specific delay to return warning for instance when the current installed BIOS is older than x days.

For that modify the variable: $BIOS_Delay_Days

For instance if you set it to 365 day it means:

- If both versions are different: compare dates

- If dates are differents: compare days between dates

- If days are > 365: alert, alert

- If days < 365: ok that's cool for now 

Get the script

Click on the below GitHub picture to get both detection and remediation scripts.


For the detection script we will use a specific assembly that will help us to extract content from Lenovo website.

In my script, the DLL is downloaded from my GitHub.

You can also upload it somewhere else, then Add path in variable: $LZ4_DLL

Create dynamic group

In this part, we will create a group to gather all our Lenovo devices.

1. Go to the Microsoft Endpoint Manager admin center

2. Go to Groups

3. Click on New group

4. Select Security as Group type

5. Type a name, like Lenovo devices

6. In Membership type, select Dynamic devices

7. Click on Add dynamic query

8. Click on Edit and type below line:

(device.deviceManufacturer -contains "Lenovo")

9. Click on Save

10. Click on Create

Create the remediation package

1. Go to the Microsoft Endpoint manager admin center

2. Go to Reports

3. Go to Endpoint analytics

4. Go to Proactive remediations

5. Click on Create script package

6. Type a name in our case Compare Lenovo BIOS

7. Click on Next

8. Click on Detection script file

9. Choose: Compare_BIOS_version_Detection.ps1

10. We won't add a remediation script

11. Click on Next

12. Select the group Lenovo devices

13. In the Schedule part, choose when the package should be run.

14. In our case we will run it every  day

15. Click on Apply

16. Click on Next

17. Click on Create

Making a report

You can find on this post, how to create a Power BI report for this.

Intune_Reporting 7808150554959396748

Enregistrer un commentaire

5 commentaires

Anonyme a dit…

Thanks for sharing this info.
I am trying to build it in my environment.

I have 1 question, this script only shows the new version info.
Do you have some info on how to get the URL of this new version, so i can let the machine run the Update, or can you tell me what your steps are when you see a machine with an older Bios version

Patrick S.

Anonyme a dit…

I found the URL.

We had to update some lines in different script.
- $main_path not set
- invoke request complained about first run IE, so added extra option

Patrick S.

Anonyme a dit…


Getting the following error:

Invoke-WebRequest : The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer's first-launch configuration is not complete. Specify the UseBasicParsing parameter and try again.

We have IE disabled on our devices - how can we get the script working?

Anonyme a dit…

use -UseBasicParsing at the end of the invoke command

Anonyme a dit…

Hi is there a way to export the result, without using PowerBI?

Accueil item



Learn KQL in one month

You want to support me ?

Mes articles en français

Books in French