deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #1401 from CoveMiner/surface-2s-update-vjokai

Browse Source 
Update surface-pro-arm-app-management.md
This commit is contained in:
Rebecca Agiewich 2019-10-23 14:39:30 -07:00 committed by GitHub
commit 050d626692
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
devices/surface/surface-manage-dfci-guide.md
View File

@ -21,7 +21,7 @@ The ability to manage devices from the cloud has dramatically simplified IT depl
### Background
Like any computer running Windows 10, Surface devices rely on code stored in the SoC that enables the CPU to interface with hard drives, display devices, USB ports, and other devices. The programs stored in this read-only memory (ROM) are collectively known as firmware (while programs stored in dynamic media are known as software).
Like any computer running Windows 10, Surface devices rely on code stored in the SoC that enables the CPU to interface with hard drives, display devices, USB ports, and other devices. The programs stored in this read-only memory (ROM) are known as firmware (while programs stored in dynamic media are known as software).
In contrast to other Windows 10 devices available in the market today, Surface provides IT admins with the ability to configure and manage firmware through a rich set of UEFI configuration settings. This provides a layer of hardware control on top of software-based policy management as implemented via mobile device management (MDM) policies, Configuration Manager or Group Policy. For example, organizations deploying devices in highly secure areas with sensitive information can prevent camera use by removing functionality at the hardware level. From a device standpoint, turning the camera off via a firmware setting is equivalent to physically removing the camera. Compare the added security of managing at the firmware level to relying only on operating system software settings. For example, if you disable the Windows audio service via a policy setting in a domain environment, a local admin could still re-enable the service.
@ -43,13 +43,13 @@ At this time, DFCI is supported in the following devices:
## Prerequisites
- Devices must be registered with Windows Autopilot by your reseller or distributor. For more information, refer to the [Microsoft Device Partner Center](https://devicepartner.microsoft.com/support).
- Devices must be registered with Windows Autopilot by your reseller or distributor. For more information, refer to the [Microsoft Partner Network](https://partner.microsoft.com/en-US/membership/cloud-solution-provider).
- Before configuring DFCI for Surface, you should already be familiar with [Microsoft Intune](https://docs.microsoft.com/intune/) and [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/) (Azure AD).
- Before configuring DFCI for Surface, you should be familiar with Autopilot configuration requirements in [Microsoft Intune](https://docs.microsoft.com/intune/) and [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/) (Azure AD).
## Before you begin
Add your target Surface devices to an Azure AD security group. For more information about creating and managing security groups, refer to [Azure AD documentation](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal).
Add your target Surface devices to an Azure AD security group. For more information about creating and managing security groups, refer to [Intune documentation](https://docs.microsoft.com/en-us/intune/configuration/device-firmware-configuration-interface-windows#create-your-azure-ad-security-groups).
## Configure DFCI management for Surface devices

9
devices/surface/surface-pro-arm-app-management.md
View File

@ -36,7 +36,7 @@ Organizations already using modern management, security, and productivity soluti
## Image-based deployment considerations
Surface Pro X will be released without a standard Windows .ISO deployment image, which means its not supported on the Microsoft Deployment Toolkit (MDT) or operating system deployment methods using System Center Configuration Manager (SCCM) aka ConfiMgr. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager (SCCM) operating system deployment currently do not support Surface Pro X. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
## Managing Surface Pro X devices
@ -147,13 +147,12 @@ The following tables show the availability of selected key features on Surface P
| Conditional Access | Yes | Yes | |
| Secure Boot | Yes | Yes | |
| Windows Information Protection | Yes | Yes | |
| Surface Data Eraser (SDE) | Yes | Yes | |
| Surface Data Eraser (SDE) | Yes | Yes |
## FAQ
### Will an OS image be available at launch?
### Can I deploy Surface Pro X with MDT or SCCM?
No. Surface Pro X will be released without a standard Windows .ISO deployment image, which means its not supported on the Microsoft Deployment Toolkit (MDT) or operating system deployment methods using System Center Configuration Manager (SCCM) aka ConfiMgr. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
The Microsoft Deployment Toolkit and System Center Configuration Manager operating system deployment currently do not support Surface Pro X. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
### How can I deploy Surface Pro X?