diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index 663ec20dc4..f7e3191aa7 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -6,6 +6,7 @@ ## [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md) ## [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md) ## [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) +## [Manage Surface UEFI settings](manage-surface-uefi-settings.md) ## [Surface Data Eraser](microsoft-surface-data-eraser.md) ## [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) diff --git a/devices/surface/images/manage-surface-uefi-fig2.png b/devices/surface/images/manage-surface-uefi-fig2.png new file mode 100644 index 0000000000..6d8e4b41c8 Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig2.png differ diff --git a/devices/surface/images/manage-surface-uefi-fig3.png b/devices/surface/images/manage-surface-uefi-fig3.png new file mode 100644 index 0000000000..4ae63c2a49 Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig3.png differ diff --git a/devices/surface/images/manage-surface-uefi-fig4.png b/devices/surface/images/manage-surface-uefi-fig4.png new file mode 100644 index 0000000000..67866fcbf0 Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig4.png differ diff --git a/devices/surface/images/manage-surface-uefi-fig5.png b/devices/surface/images/manage-surface-uefi-fig5.png new file mode 100644 index 0000000000..eae3212f76 Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig5.png differ diff --git a/devices/surface/images/manage-surface-uefi-fig6.png b/devices/surface/images/manage-surface-uefi-fig6.png new file mode 100644 index 0000000000..a06c845a9c Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig6.png differ diff --git a/devices/surface/images/manage-surface-uefi-fig7.png b/devices/surface/images/manage-surface-uefi-fig7.png new file mode 100644 index 0000000000..9af6d1beed Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig7.png differ diff --git a/devices/surface/images/manage-surface-uefi-fig8.png b/devices/surface/images/manage-surface-uefi-fig8.png new file mode 100644 index 0000000000..d8c078cf59 Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig8.png differ diff --git a/devices/surface/images/manage-surface-uefi-figure-1.png b/devices/surface/images/manage-surface-uefi-figure-1.png new file mode 100644 index 0000000000..b87279bdd5 Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-figure-1.png differ diff --git a/devices/surface/index.md b/devices/surface/index.md index 2cbeff64cf..2a2598a5cd 100644 --- a/devices/surface/index.md +++ b/devices/surface/index.md @@ -62,18 +62,22 @@ For more information on planning for, deploying, and managing Surface devices in

Explore the available options to manage firmware and driver updates for Surface devices.

+

[Manage Surface UEFI settings](manage-surface-uefi-settings.md)

+

Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings.

+ +

[Surface Data Eraser](microsoft-surface-data-eraser.md)

Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.

- +

[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)

See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.

- +

[Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)

Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.

- +

[Surface Dock Updater](surface-dock-updater.md)

Get a detailed walkthrough of Microsoft Surface Dock Updater.

diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md new file mode 100644 index 0000000000..44428903c1 --- /dev/null +++ b/devices/surface/manage-surface-uefi-settings.md @@ -0,0 +1,138 @@ +--- +title: Manage Surface UEFI settings (Surface) +description: Use Surface UEFI settings to enable or disable devices or components, configure security settings, and adjust Surface device boot settings. +keywords: firmware, security, features, configure, hardware +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: devices, surface +author: miladCA +--- + +#Manage Surface UEFI settings + +Current and future generations of Surface devices, including Surface Pro 4 and Surface Book, use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings. + +>**Note:**  Surface Pro 3, Surface 3, Surface Pro 2, Surface 2, Surface Pro, and Surface do not use the Surface UEFI and instead use firmware provided by third-party manufacturers, such as AMI. + +You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot. + +##PC information + +On the **PC information** page, detailed information about your Surface device is provided: + +- **Model** – Your Surface device’s model will be displayed here, such as Surface Book or Surface Pro 4. The exact configuration of your device is not shown, (such as processor, disk size, or memory size). +- **UUID** – This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management. + +- **Serial Number** – This number is used to identify this specific Surface device for asset tagging and support scenarios. +- **Asset Tag** – The asset tag is assigned to the Surface device with the [Asset Tag Tool](https://www.microsoft.com/en-us/download/details.aspx?id=44076). + +You will also find detailed information about the firmware of your Surface device. Surface devices have several internal components that each run different versions of firmware. The firmware version of each of the following devices is displayed on the **PC information** page (as shown in Figure 1): + +- System UEFI + +- SAM Controller + +- Intel Management Engine + +- System Embedded Controller + +- Touch Firmware + +*Figure 1. System information and firmware version information* + +![figure 1](images/manage-surface-uefi-figure-1.png) + +You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/en-us/support/install-update-activate/surface-update-history) for your device. + +##Security + +On the **Security** page of Surface UEFI settings, you can set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2): + +- Uppercase letters: A-Z + +- Lowercase letters: a-z + +- Numbers: 1-0 + +- Special characters: !@#$%^&*()?<>{}[]-_=+|.,;:’`” + +The password must be at least 6 characters and is case sensitive. + +*Figure 2. Add a password to protect Surface UEFI settings* + +![figure 2](images/manage-surface-uefi-fig2.png) + +On the **Security** page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library. + +*Figure 3. Configure Secure Boot* + +![figure 3](images/manage-surface-uefi-fig3.png) + +You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library. + +*Figure 4. Configure Surface UEFI security settings* + +![figure 4](images/manage-surface-uefi-fig4.png) + +##Devices + +On the **Devices** page you can enable or disable specific devices and components of your Surface device. Devices that you can enable or disable on this page include: + +- Docking and USB Ports + +- MicroSD or SD Card Slot + +- Rear Camera + +- Front Camera + +- Infrared (IR) Camera + +- Wi-Fi and Bluetooth + +- Onboard Audio (Speakers and Microphone) + +Each device is listed with a slider button that you can move to **On** (enabled) or **Off** (disabled) position, as shown in Figure 5. + +*Figure 5. Enable and disable specific devices* + +![figure 5](images/manage-surface-uefi-fig5.png) + +##Boot configuration + +On the **Boot Configuration** page, you can change the order of your boot devices and/or enable or disable boot of the following devices: + +- Windows Boot Manager + +- USB Storage + +- PXE Network + +- Internal Storage + +You can boot from a specific device immediately, or you can swipe left on that device’s entry in the list using the touchscreen. You can also boot immediately to a USB device or USB Ethernet adapter when the Surface device is powered off by pressing the **Volume Down** button and the **Power** button simultaneously. + +For the specified boot order to take effect, you must set the **Enable Alternate Boot Sequence** option to **On**, as shown in Figure 6. + +*Figure 6. Configure the boot order for your Surface device* + +![figure 6](images/manage-surface-uefi-fig6.png) + +You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE Network Boot** option, for example when performing a Windows deployment using PXE where the PXE server is configured for IPv4 only. + +##About + +The **About** page displays regulatory information, such as compliance with FCC rules, as shown in Figure 7. + +*Figure 7. Regulatory information is displayed on the About page* + +![figure 7](images/manage-surface-uefi-fig7.png) + +##Exit + +Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 8. + +*Figure 8. Click Restart Now to exit Surface UEFI and restart the device* + +![figure 8](images/manage-surface-uefi-fig8.png)