SEMM also requires both physical possession of the
device and unique certificate signatures to make any changes, helping to prevent modifications in the event of
device loss or theft and providing
additional security authentication beyond simply trusting
local administrator or BIOS passwords.