Have you ever wondered if a Mac had an EFI firmware password set or if Secure Boot has been turned off? Well, instead of wondering, you can now instantly look up the state of these options and other boot settings in our newly released device property in Inventory called Mac Startup Configuration.
The settings reported in the device property can help administrators better understand the security posture of a Mac. For example, a Mac with Secure Boot off may be at greater risk of being infected by malware that changes the master boot record (MBR). Additionally, the presence of a firmware password could prevent an administrator from re-provisioning a device to a new employee if they forget to turn it off before shipping the Mac back to HQ.
To help you interpret these startup options, we have created a new widget that summarizes them with icons and easy-to-read statuses.
If you don’t want to collect this data from your Mac fleet, you can also take advantage of our new data collection opt-out feature.
Macs running Apple Silicon instead of an Intel processor do not support several of these startup options. These options include Firmware options and the ability to boot Windows. For these devices and older Intel Macs without a T2 series chip, you’ll see the value “Not Applicable” for any relevant settings.
As always, please let us know if you have any questions, suggestions, or improvements we can make. We hope you get value out of the additional visibility.