mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-26 15:53:40 +00:00
Merge pull request #1442 from CoveMiner/surface-2s-update-vjokai
Surface 2s update vjokai
This commit is contained in:
Thomas Raya
GitHub
@ -11,6 +11,8 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
---
|
||||
|
||||
# Battery Limit setting
|
||||
|
||||
@ -11,6 +11,8 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
---
|
||||
|
||||
# Deploy Surface devices
|
||||
@ -39,19 +41,7 @@ Learn about about deploying ARM- and Intel-based Surface devices.
|
||||
| [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)| See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. |
|
||||
[Battery Limit setting](battery-limit.md) | Learn how to use Battery Limit, a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
[Surface for IT pros blog](http://blogs.technet.com/b/surface/)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
[Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro)
|
||||
|
||||
|
||||
@ -11,6 +11,8 @@ ms.author: v-tea
|
||||
ms.topic: article
|
||||
ms.date: 10/2/2019
|
||||
ms.reviewer: scottmca
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
manager: jarrettr
|
||||
appliesto:
|
||||
- Surface Laptop (1st Gen)
|
||||
|
||||
BIN
devices/surface/images/manage-surface-uefi-fig5a.png
Normal file
BIN
devices/surface/images/manage-surface-uefi-fig5a.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 56 KiB |
BIN
devices/surface/images/manage-surface-uefi-fig7a.png
Normal file
BIN
devices/surface/images/manage-surface-uefi-fig7a.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 59 KiB |
@ -10,6 +10,8 @@ ms.author: dansimp
|
||||
ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
---
|
||||
|
||||
# Long-Term Servicing Channel (LTSC) for Surface devices
|
||||
@ -28,23 +30,7 @@ General-purpose Surface devices are intended to run on the Semi-Annual Channel t
|
||||
|
||||
Surface devices in specialized scenarios–such as PCs that control medical equipment, point-of-sale systems, and ATMs–might consider the use of LTSC. These special-purpose systems typically perform a single task and do not require feature updates as frequently as other devices in the organization.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Surface TechCenter](https://technet.microsoft.com/windows/surface)
|
||||
|
||||
- [Surface for IT pros blog](http://blogs.technet.com/b/surface/)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
- [Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro)
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Best practice power settings for Surface devices
|
||||
description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience.
|
||||
description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
@ -9,7 +9,9 @@ ms.author: dansimp
|
||||
ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.date: 08/21/2019
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
ms.date: 10/28/2019
|
||||
---
|
||||
|
||||
# Best practice power settings for Surface devices
|
||||
@ -49,7 +51,7 @@ module (SAM). The SAM chip functions as the Surface device power-policy
|
||||
owner, using algorithms to calculate optimal power requirements. It
|
||||
works in conjunction with Windows power manager to allocate or throttle
|
||||
only the exact amount of power required for hardware components to
|
||||
function.
|
||||
function. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
|
||||
|
||||
## Utilizing the custom power profile in Surface
|
||||
|
||||
|
||||
@ -17,22 +17,25 @@ manager: dansimp
|
||||
|
||||
# Manage Surface UEFI settings
|
||||
|
||||
Current and future generations of Surface devices, including Surface Pro 7, Surface Book 2, and Surface Studio 2,use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings.
|
||||
|
||||
>[!NOTE]
|
||||
>Surface Pro 3, Surface 3, Surface Pro 2, Surface 2, Surface Pro, and Surface do not use the Surface UEFI and instead use firmware provided by third-party manufacturers, such as AMI.
|
||||
|
||||
You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot.
|
||||
All current and future generations of Surface devices use a unique Unified Extensible Firmware Interface (UEFI) engineered by Microsoft specifically for these devices. Surface UEFI settings provide the ability to enable or disable built-in devices and components, protect UEFI settings from being changed, and adjust the Surface device boot settings.
|
||||
|
||||
## Support for cloud-based management
|
||||
|
||||
With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. DFCI is currently available for Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
|
||||
|
||||
## Open Surface UEFI menu
|
||||
|
||||
## PC information
|
||||
To adjust UEFI settings during system startup:
|
||||
|
||||
On the **PC information** page, detailed information about your Surface device is provided:
|
||||
1. Shut down your Surface and wait about 10 seconds to make sure it's off.
|
||||
2. Press and hold the **Volume-up** button and - at the same time - press and release the **Power button.**
|
||||
3. As the Microsoft or Surface logo appears on your screen, continue to hold the **Volume-up** button until the UEFI screen appears.
|
||||
|
||||
- **Model** – Your Surface device’s model will be displayed here, such as Surface Book or Surface Pro 4. The exact configuration of your device is not shown, (such as processor, disk size, or memory size).
|
||||
## UEFI PC information page
|
||||
|
||||
The PC information page includes detailed information about your Surface device:
|
||||
|
||||
- **Model** – Your Surface device’s model will be displayed here, such as Surface Book 2 or Surface Pro 7. The exact configuration of your device is not shown, (such as processor, disk size, or memory size).
|
||||
- **UUID** – This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management.
|
||||
|
||||
- **Serial Number** – This number is used to identify this specific Surface device for asset tagging and support scenarios.
|
||||
@ -56,9 +59,9 @@ You will also find detailed information about the firmware of your Surface devic
|
||||
|
||||
You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) for your device.
|
||||
|
||||
## Security
|
||||
## UEFI Security page
|
||||
|
||||
On the **Security** page of Surface UEFI settings, you can set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2):
|
||||
The Security page allows you to set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2):
|
||||
|
||||
- Uppercase letters: A-Z
|
||||
|
||||
@ -74,21 +77,21 @@ The password must be at least 6 characters and is case sensitive.
|
||||
|
||||
*Figure 2. Add a password to protect Surface UEFI settings*
|
||||
|
||||
On the **Security** page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
|
||||
On the Security page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
|
||||
|
||||
|
||||
|
||||
*Figure 3. Configure Secure Boot*
|
||||
|
||||
You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library.
|
||||
You can also enable or disable the Trusted Platform Module (TPM) device on the Security page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library.
|
||||
|
||||
|
||||
|
||||
*Figure 4. Configure Surface UEFI security settings*
|
||||
|
||||
## Devices
|
||||
## UEFI menu: Devices
|
||||
|
||||
On the **Devices** page you can enable or disable specific devices and components of your Surface device. Devices that you can enable or disable on this page include:
|
||||
The Devices page allows you to enable or disable specific devices and components including:
|
||||
|
||||
- Docking and USB Ports
|
||||
|
||||
@ -106,13 +109,13 @@ On the **Devices** page you can enable or disable specific devices and component
|
||||
|
||||
Each device is listed with a slider button that you can move to **On** (enabled) or **Off** (disabled) position, as shown in Figure 5.
|
||||
|
||||
|
||||
|
||||
|
||||
*Figure 5. Enable and disable specific devices*
|
||||
|
||||
## Boot configuration
|
||||
## UEFI menu: Boot configuration
|
||||
|
||||
On the **Boot Configuration** page, you can change the order of your boot devices and/or enable or disable boot of the following devices:
|
||||
The Boot Configuration page allows you to change the order of your boot devices as well as enable or disable boot of the following devices:
|
||||
|
||||
- Windows Boot Manager
|
||||
|
||||
@ -132,68 +135,83 @@ For the specified boot order to take effect, you must set the **Enable Alternate
|
||||
|
||||
You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE Network Boot** option, for example when performing a Windows deployment using PXE where the PXE server is configured for IPv4 only.
|
||||
|
||||
## UEFI menu: Management
|
||||
The Management page allows you to manage use of Zero Touch UEFI Management and other features on eligible devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
|
||||
|
||||
## Exit
|
||||
|
||||
*Figure 7. Manage access to Zero Touch UEFI Management and other features*
|
||||
|
||||
Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 7.
|
||||
|
||||
Zero Touch UEFI Management lets you remotely manage UEFI settings by using a device profile within Intune called Device Firmware Configuration Interface (DFCI). If you do not configure this setting, the ability to manage eligible devices with DFCI is set to **Ready**. To prevent DFCI, select **Opt-Out**.
|
||||
|
||||
> [!NOTE]
|
||||
> The UEFI Management settings page and use of DFCI is only available on Surface Pro 7, Surface Pro X, and Surface Laptop 3.
|
||||
|
||||
For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
|
||||
|
||||
## UEFI menu: Exit
|
||||
|
||||
Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 8.
|
||||
|
||||
|
||||
|
||||
*Figure 7. Click Restart Now to exit Surface UEFI and restart the device*
|
||||
*Figure 8. Click Restart Now to exit Surface UEFI and restart the device*
|
||||
|
||||
## Surface UEFI boot screens
|
||||
|
||||
When you update Surface device firmware, by using either Windows Update or manual installation, the updates are not applied immediately to the device, but instead during the next reboot cycle. You can find out more about the Surface firmware update process in [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). The progress of the firmware update is displayed on a screen with progress bars of differing colors to indicate the firmware for each component. Each component’s progress bar is shown in Figures 8 through 17.
|
||||
When you update Surface device firmware, by using either Windows Update or manual installation, the updates are not applied immediately to the device, but instead during the next reboot cycle. You can find out more about the Surface firmware update process in [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). The progress of the firmware update is displayed on a screen with progress bars of differing colors to indicate the firmware for each component. Each component’s progress bar is shown in Figures 9 through 18.
|
||||
|
||||
|
||||
|
||||
*Figure 8. The Surface UEFI firmware update displays a blue progress bar*
|
||||
*Figure 9. The Surface UEFI firmware update displays a blue progress bar*
|
||||
|
||||
|
||||
|
||||
*Figure 9. The System Embedded Controller firmware update displays a green progress bar*
|
||||
*Figure 10. The System Embedded Controller firmware update displays a green progress bar*
|
||||
|
||||
|
||||
|
||||
*Figure 10. The SAM Controller firmware update displays an orange progress bar*
|
||||
*Figure 11. The SAM Controller firmware update displays an orange progress bar*
|
||||
|
||||
|
||||
|
||||
*Figure 11. The Intel Management Engine firmware update displays a red progress bar*
|
||||
*Figure 12. The Intel Management Engine firmware update displays a red progress bar*
|
||||
|
||||
|
||||
|
||||
*Figure 12. The Surface touch firmware update displays a gray progress bar*
|
||||
*Figure 13. The Surface touch firmware update displays a gray progress bar*
|
||||
|
||||
|
||||
|
||||
*Figure 13. The Surface KIP firmware update displays a light green progress bar*
|
||||
*Figure 14. The Surface KIP firmware update displays a light green progress bar*
|
||||
|
||||
|
||||
|
||||
*Figure 14. The Surface ISH firmware update displays a light pink progress bar*
|
||||
*Figure 15. The Surface ISH firmware update displays a light pink progress bar*
|
||||
|
||||
|
||||
|
||||
*Figure 15. The Surface Trackpad firmware update displays a pink progress bar*
|
||||
*Figure 16. The Surface Trackpad firmware update displays a pink progress bar*
|
||||
|
||||
|
||||
|
||||
*Figure 16. The Surface TCON firmware update displays a light gray progress bar*
|
||||
*Figure 17. The Surface TCON firmware update displays a light gray progress bar*
|
||||
|
||||
|
||||
|
||||
|
||||
*Figure 17. The Surface TPM firmware update displays a purple progress bar*
|
||||
*Figure 18. The Surface TPM firmware update displays a purple progress bar*
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
>An additional warning message that indicates Secure Boot is disabled is displayed, as shown in Figure 18.
|
||||
>An additional warning message that indicates Secure Boot is disabled is displayed, as shown in Figure 19.
|
||||
|
||||
|
||||
|
||||
*Figure 18. Surface boot screen that indicates Secure Boot has been disabled in Surface UEFI settings*
|
||||
*Figure 19. Surface boot screen that indicates Secure Boot has been disabled in Surface UEFI settings*
|
||||
|
||||
## Related topics
|
||||
|
||||
[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
|
||||
- [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)
|
||||
|
||||
- [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
|
||||
@ -11,6 +11,8 @@ ms.topic: article
|
||||
ms.date: 1/15/2019
|
||||
ms.reviewer: hachidan
|
||||
manager: dansimp
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
---
|
||||
|
||||
# Surface Brightness Control
|
||||
|
||||
@ -14,6 +14,7 @@ ms.author: dansimp
|
||||
ms.topic: article
|
||||
ms.date: 09/26/2019
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
---
|
||||
|
||||
# Top support solutions for Surface devices
|
||||
|
||||
@ -3,7 +3,7 @@ title: Deploy Surface Diagnostic Toolkit for Business
|
||||
description: This topic explains how to use the Surface Diagnostic Toolkit for Business.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
ms.localizationpriority: normal
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
@ -172,9 +172,10 @@ You can select to run a wide range of logs across applications, drivers, hardwar
|
||||
## Changes and updates
|
||||
### Version 2.43.139.0
|
||||
*Release date: October 21, 2019*<br>
|
||||
This version of Surface Diagnostic Toolkit for Business adds support for the following:
|
||||
-Surface Pro 7
|
||||
-Surface Laptop 3
|
||||
This version of Surface Diagnostic Toolkit for Business adds support for the following:
|
||||
|
||||
- Surface Pro 7
|
||||
- Surface Laptop 3
|
||||
|
||||
### Version 2.42.139.0
|
||||
*Release date: September 24, 2019*<br>
|
||||
|
||||
@ -16,7 +16,7 @@ ms.audience: itpro
|
||||
|
||||
# Run Surface Diagnostic Toolkit for Business using commands
|
||||
|
||||
Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features.
|
||||
Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md).
|
||||
|
||||
>[!NOTE]
|
||||
>To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device.
|
||||
|
||||
@ -10,13 +10,14 @@ ms.topic: article
|
||||
ms.date: 11/15/2018
|
||||
ms.reviewer: hachidan
|
||||
manager: dansimp
|
||||
ms.localizationpriority: normal
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
---
|
||||
|
||||
# Use Surface Diagnostic Toolkit for Business in desktop mode
|
||||
|
||||
This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error.
|
||||
This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md).
|
||||
|
||||
|
||||
1. Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, you’re ready to guide the user through a series of tests.
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.topic: article
|
||||
ms.date: 06/11/2019
|
||||
ms.reviewer: cottmca
|
||||
manager: dansimp
|
||||
ms.localizationpriority: normal
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
---
|
||||
|
||||
|
||||
@ -12,6 +12,8 @@ ms.topic: article
|
||||
ms.date: 01/06/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
---
|
||||
|
||||
# Microsoft Surface Enterprise Management Mode
|
||||
@ -19,12 +21,14 @@ manager: dansimp
|
||||
Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal.
|
||||
|
||||
>[!NOTE]
|
||||
>SEMM is only available on devices with Surface UEFI firmware such as Surface Pro 4 and later, Surface Go, Surface Laptop, Surface Book, and Surface Studio. For more information about Surface UEFI, see [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
|
||||
>SEMM is only available on devices with Surface UEFI firmware.
|
||||
|
||||
|
||||
When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM.
|
||||
|
||||
There are two administrative options you can use to manage SEMM and enrolled Surface devices – a standalone tool or integration with System Center Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with System Center Configuration Manager, see [Use System Center Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm).
|
||||
|
||||
|
||||
## Microsoft Surface UEFI Configurator
|
||||
|
||||
The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
|
||||
@ -33,8 +37,6 @@ The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown i
|
||||
|
||||
*Figure 1. Microsoft Surface UEFI Configurator*
|
||||
|
||||
>[!NOTE]
|
||||
>Windows 10 is required to run Microsoft Surface UEFI Configurator
|
||||
|
||||
You can use the Microsoft Surface UEFI Configurator tool in three modes:
|
||||
|
||||
@ -62,17 +64,11 @@ See the [Surface Enterprise Management Mode certificate requirements](#surface-e
|
||||
|
||||
After a device is enrolled in SEMM, the configuration file is read and the settings specified in the file are applied to UEFI. When you run a configuration package on a device that is already enrolled in SEMM, the signature of the configuration file is checked against the certificate that is stored in the device firmware. If the signature does not match, no changes are applied to the device.
|
||||
|
||||
You can use Surface UEFI settings to enable or disable the operation of individual components, such as cameras, wireless communication, or docking USB port (as shown in Figure 3), and configure advanced settings (as shown in Figure 4).
|
||||
### Enable or disable devices in Surface UEFI with SEMM
|
||||
|
||||
|
||||
The built in devices that appear in the UEFI Devices page may vary depending on your device or corporate environment; for example, LTE only appears on devices equipped with LTE support.
|
||||
|
||||
*Figure 3. Enable or disable devices in Surface UEFI with SEMM*
|
||||
|
||||
|
||||
|
||||
*Figure 4. Configure advanced settings with SEMM*
|
||||
|
||||
You can enable or disable the following devices with SEMM:
|
||||
The following list shows all the available devices you can manage in SEMM:
|
||||
|
||||
* Docking USB Port
|
||||
* On-board Audio
|
||||
@ -86,31 +82,38 @@ You can enable or disable the following devices with SEMM:
|
||||
* Wi-Fi and Bluetooth
|
||||
* LTE
|
||||
|
||||
You can configure the following advanced settings with SEMM:
|
||||
### Configure advanced settings with SEMM
|
||||
**Table 1. Advanced settings**
|
||||
|
||||
| Setting | Description |
|
||||
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| IPv6 for PXE Boot | Allows you to manage Ipv6 support for PXE boot. If you do not configure this setting, IPv6 support for PXE boot is disabled. |
|
||||
| Alternate Boot | Allows you to manage use of an Alternate boot order to boot directly to a USB or Ethernet device by pressing both the Volume Down button and Power button during boot. If you do not configure this setting, Alternate boot is enabled. |
|
||||
| Boot Order Lock | Allows you to lock the boot order to prevent changes. If you do not configure this setting, Boot Order Lock is disabled. |
|
||||
| USB Boot | Allows you to manage booting to USB devices. If you do not configure this setting, USB Boot is enabled. |
|
||||
| Network Stack | Allows you to manage Network Stack boot settings. If you do not configure this setting, the ability to manage Network Stack boot settings is enabled. |
|
||||
| Auto Power On | Allows you to manage Auto Power On boot settings. If you do not configure this setting, Auto Power on is enabled. |
|
||||
| Simultaneous Multi-Threading (SMT) | Allows you to manage Simultaneous Multi-Threading (SMT) to enable or disable hyperthreading. If you do not configure this setting, SMT is enabled. |
|
||||
|Enable Battery limit| Allows you to manage Battery limit functionality. If you do not configure this setting, Battery limit is enabled |
|
||||
| Security | Displays the Surface UEFI **Security** page. If you do not configure this setting, the Security page is displayed. |
|
||||
| Devices | Displays the Surface UEFI **Devices** page. If you do not configure this setting, the Devices page is displayed. |
|
||||
| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the DateTime page is displayed. |
|
||||
| DateTime | Displays the Surface UEFI **DateTime** page. If you do not configure this setting, the DateTime page is displayed. |
|
||||
|
||||
|
||||
* IPv6 support for PXE boot
|
||||
* Alternate boot order, where the Volume Down button and Power button can be pressed together during boot, to boot directly to a USB or Ethernet device
|
||||
* Lock the boot order to prevent changes
|
||||
* Support for booting to USB devices
|
||||
* Enable Network Stack boot settings
|
||||
* Enable Auto Power On boot settings
|
||||
* Display of the Surface UEFI **Security** page
|
||||
* Display of the Surface UEFI **Devices** page
|
||||
* Display of the Surface UEFI **Boot** page
|
||||
* Display of the Surface UEFI **DateTime** page
|
||||
|
||||
>[!NOTE]
|
||||
>When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5.
|
||||
>When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 3.
|
||||
|
||||
|
||||
|
||||
*Figure 5. Display of the last two characters of the certificate thumbprint on the Successful page*
|
||||
*Figure 3. Display of the last two characters of the certificate thumbprint on the Successful page*
|
||||
|
||||
These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 6.
|
||||
These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 4.
|
||||
|
||||
|
||||
|
||||
*Figure 6. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
|
||||
*Figure 4. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
|
||||
|
||||
>[!NOTE]
|
||||
>Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process:
|
||||
@ -132,11 +135,11 @@ A Surface UEFI reset package is used to perform only one task — to unenroll a
|
||||
|
||||
### Recovery request
|
||||
|
||||
In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 7) with a Recovery Request operation.
|
||||
In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 5) with a Recovery Request operation.
|
||||
|
||||
|
||||
|
||||
*Figure 7. Initiate a SEMM recovery request on the Enterprise Management page*
|
||||
*Figure 5. Initiate a SEMM recovery request on the Enterprise Management page*
|
||||
|
||||
When you use the process on the **Enterprise Management** page to reset SEMM on a Surface device, you are provided with a Reset Request. This Reset Request can be saved as a file to a USB drive, copied as text, or read as a QR Code with a mobile device to be easily emailed or messaged. Use the Microsoft Surface UEFI Configurator Reset Request option to load a Reset Request file or enter the Reset Request text or QR Code. Microsoft Surface UEFI Configurator will generate a verification code that can be entered on the Surface device. If you enter the code on the Surface device and click **Restart**, the device will be unenrolled from SEMM.
|
||||
|
||||
|
||||
@ -12,6 +12,8 @@ ms.topic: article
|
||||
ms.date: 03/20/2019
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
---
|
||||
|
||||
# System SKU reference
|
||||
|
||||
@ -6,7 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: dansimp
|
||||
ms.audience: itpro
|
||||
ms.localizationpriority: normal
|
||||
ms.localizationpriority: medium
|
||||
ms.author: dansimp
|
||||
ms.topic: article
|
||||
ms.date: 08/15/2019
|
||||
|
||||
@ -12,6 +12,8 @@ ms.topic: article
|
||||
ms.date: 01/06/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
---
|
||||
|
||||
# Unenroll Surface devices from SEMM
|
||||
|
||||
@ -12,6 +12,8 @@ ms.topic: article
|
||||
ms.date: 02/01/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.localizationpriority: medium
|
||||
ms.audience: itpro
|
||||
---
|
||||
|
||||
# Use System Center Configuration Manager to manage devices with SEMM
|
||||
@ -382,7 +384,7 @@ To configure Surface UEFI settings or permissions for Surface UEFI settings, you
|
||||
|
||||
The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device.
|
||||
|
||||
The following tables show the available settings for Surface Pro 4 and Surface Book:
|
||||
The following tables show the available settings for Surface Pro 4 and later including Surface Pro 7 and Surface Pro X; Surface Book, Surface Laptop 3, and Surface Go.
|
||||
|
||||
*Table 1. Surface UEFI settings for Surface Pro 4*
|
||||
|
||||
|
||||
Reference in New Issue
Block a user