Microsoft Intune now allows you to create a device configuration profile to manage and lock down firmware settings.
This profile applies to UEFI Windows 10 devices, letting you enabling/disabling virtualization, built-in hardware (camera, micro and speakers, boot options…)
To start using, logon to your Azure portal (https://portal.azure.com/) and reach out the Intune\Device Configuration\Profiles or Device Management portal (https://devicemanagement.microsoft.com/) and reach out the Device\Configuration profiles blade
Then create a new device configuration profile by selecting Windows 10 and later as platform and Device Firmware Configuration Interface as profile type
