The 1E BIOS to UEFI feature is implemented through five custom task sequence steps:

  1. 1E BIOS to UEFI – This Task Sequence action allows the firmware changes to be made, and the device rebooted into Windows PE while preserving the task sequence environment. It is included in the task sequence twice. The first instance sets up the process before the firmware changes are made; the second runs after the changes have been made and restores the task sequence environment and allows it to continue.

    This step is no longer required in Configuration Manager Current Branch (as of CM CB 1610).


  2. 1E BIOS to UEFI OEM – This Task Sequence action uses OEM-specific tools or WMI methods to make the necessary firmware configuration updates. The task has the following properties:

    PropertyDescription
    UEFI configurationEnable this in order to use one of the three available UEFI states.
    UEFI native with Secure Boot

    The preferred option to enable native UEFI support and Secure Boot. Required if Device Guard or Credential Guard are to be used once the device is migrated to Windows 10.

    Supported on Dell and HP laptop and desktop systems and on Lenovo laptop systems.
    UEFI Native without Secure Boot

    Can be used if there are issues with drivers etc. that prevent the device from booting with Secure Boot. This should only be used as a temporary measure while driver/boot issues are investigated, as enabling UEFI without Secure Boot exposes the device to UEFI boot-kit malware.

    Not supported on Lenovo laptops.
    UEFI Hybrid with CSM

    Can be used in a task sequence that deploys a Windows 7 x64 image. Windows 7 x64 supports UEFI in hybrid mode with the Compatibility Support Modules (CSM) and a GUID Partition Table (GPT) disk. It enables the device to be upgraded to Windows 10 using an in-place upgrade.

    This option is supported on Dell and HP laptop and desktop systems. Not supported on Lenovo systems.
    Enable UEFI PXE

    Enables the UEFI network boot stack in the firmware and is required to enable the device to boot from the network (PXE) after the firmware UEFI mode has been enabled.

    On HP systems, where the firmware supports multiple PXE options (e.g. PXE Internal NIC Boot, PXE Internal IPV4 NIC boot and PXE Internal IPV6 boot), selecting this option will enable the generic PXE Internal NIC Boot option in the firmware.
    Enable Wake-on-LAN

    Enables the Wake-on-LAN feature in the firmware.

    Full Wake-on-LAN features may require additional configuration of the Network Adapter properties in Windows, which are not managed by this setting.

    On HP systems, where the firmware supports multiple Wake-on-LAN options (e.g. Boot to Network or Follow Boot Order), selecting this option will enable the Follow Boot Order option in the firmware.

    OEM Toolkit PackageSelect the OEM Toolkit package created by the Create 1E OEM Toolkit Package wizard.

  3. 1E BIOS to UEFI Boot Order – used to reorder the boot options.
  4. 1E BIOS to UEFI Advanced Settings – used to enable TPM and virtualization.
    1. This step would only be required when you want to enable/activate the TPM. 
  5. 1E BIOS to UEFI Password Setupenables you to whitelist admin passwords when changing settings in BIOS. This step must be used if the BIOS already has a password set, but can also be used to set a new password.

For details on how to use these steps in a Task Sequence, refer to Adding 1E BIOS to UEFI functions to a task sequence.