updates

2025-05-12 13:27:23 +00:00 · 2022-08-26 14:42:43 -04:00 · 2022-08-26 14:42:43 -04:00 · a7424fc2a4
commit a7424fc2a4
parent 903f585c75
6 changed files with 53 additions and 83 deletions
--- a/education/windows/index.yml
+++ b/education/windows/index.yml
@ -35,6 +35,8 @@ landingContent:
          url: tutorial-school-deployment/configure-devices-overview.md
        - text: Manage devices with Microsoft Intune
          url: tutorial-school-deployment/manage-overview.md
        - text: Management functionalities for Surface devices
          url: tutorial-school-deployment/manage-surface-devices.md     
  - title: Deploy devices with Set up School PCs
    linkLists:
--- a/education/windows/tutorial-school-deployment/images/dfci-profile.png
+++ b/education/windows/tutorial-school-deployment/images/dfci-profile.png
--- a/education/windows/tutorial-school-deployment/images/surface-management-portal.png
+++ b/education/windows/tutorial-school-deployment/images/surface-management-portal.png
--- a/education/windows/tutorial-school-deployment/manage-overview.md
+++ b/education/windows/tutorial-school-deployment/manage-overview.md
@ -30,85 +30,3 @@ With Intune for Education, you can manage groups, applications, resources, and i
 ## Remote assistance
 With devices managed by Intune for Education, you can remotely assist students and teachers with device issues. For more information, see [Remote assistance for managed devices - Intune for Education](/intune-education/remote-assist-mobile-devices).
 ## Manage device firmware for Surface devices
 Managing devices from the cloud has dramatically simplified IT deployment and provisioning. Surface devices are designed to use a unique Unified Extensible Firmware Interface (UEFI) setting that provides the ability to enable or disable built-in devices and components, protect UEFI settings from being changed, and adjust device boot settings. With [Device Firmware Configuration Interface profiles built into Intune](/intune/configuration/device-firmware-configuration-interface-windows), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI enables Windows to pass management commands from Intune to UEFI for Autopilot-deployed devices. DFCI also supports zero-touch provisioning, eliminates BIOS passwords, and provides control of security settings for boot options, cameras and microphones, built-in peripherals, and more. For more information, see [Manage DFCI with Windows Autopilot](/mem/autopilot/dfci-management) and [Manage DFCI on Surface devices](/surface/surface-manage-dfci-guide). Then, return to this document to continue with the steps below. 
 ### Prerequisites
 The following prerequisites are required to manage DFCI with Intune:
 - The device must be managed with Intune, as DFCI management is not supported with Set Up School PCs (provisioning package) enrollments. For more information, see [DFCI Management](/mem/autopilot/dfci-management). 
 - The device should be registered through Windows Autopilot in Intune. The device must be registered for Windows Autopilot by a [Microsoft CSP partner](https://partner.microsoft.com/membership/cloud-solution-provider) or registered directly by the OEM. **NOTE:** Devices manually registered for Autopilot (such as by importing a CSV file) are not allowed to use DFCI. By design, DFCI management requires external attestation of the device's commercial acquisition through an OEM or a Microsoft CSP partner registration to Windows Autopilot.
 - The device manufacturer must have DFCI added to their UEFI firmware in the manufacturing process or as a firmware update that you install. Work with your device vendors to determine the [manufacturers that support DFCI](/mem/autopilot/dfci-management). 
 ### Manage DFCI profiles with Autopilot
 There are four basic parts to managing a DFCI profile with Windows Autopilot:
 - Create a DFCI profile.
 - Create an Autopilot profile. 
 - Create an enrollment status profile.
 - Configure DFCI settings on Surface devices.
 The DFCI environment requires creating a DFCI profile that contains settings and an Autopilot profile to apply those settings to registered devices. An enrollment status profile is also recommended to ensure settings are pushed down during OOBE setup when users start the device.
 #### Create a DFCI profile
 Create a [DFCI profile](/surface/surface-manage-dfci-guide), and then assign it to the Azure AD security group that contains your targeted Surface devices: 
 1. In Microsoft Endpoint Manager, select **Devices** → **Configuration profiles** → **Create profile**. 
 1. In the **Create a profile** pane:
 1. For the platform, select **Windows 10 and later**. 
 1. For the profile type, select **Templates**, and then select **Device Firmware Configuration Interface**. 
 1. Enter a name and description for the profile. 
 ## ADD PIC HERE Profile creation page for devices in Microsoft Endpoint Manager admin center
 6. In **Configuration settings**, review the available settings in the UEFI configuration.
 1. Select **Assignments**.
 1. Under **Select groups to include**, select the Azure AD security group that contains your target devices.
 1. Select **Next** to continue through **applicability rules**.
 1. Review the group settings, and then select **Create**.
 #### Create an Autopilot profile
 To create an Autopilot profile:
 1. In Microsoft Endpoint Manager, choose **Select devices** → **Windows enrollment**. 
 1. Scroll to **Deployment profiles**, and then follow the on-screen prompts.
 For more information, see [How to create Autopilot Profile](/surface/surface-manage-dfci-guide). Then, return to this document to continue with the steps below. 
 #### Create an enrollment status profile
 To ensure devices apply the DFCI configuration during OOBE before users sign in, you must configure enrollment status. For more information, see [Set up an enrollment status page](/intune/enrollment/windows-enrollment-status).
 #### Configure DFCI settings on Surface devices
 You can configure DFCI policy settings by editing the DFCI profile from Microsoft Endpoint Manager:
 1. In the Microsoft Endpoint Manager admin center, select **Devices** → **Windows** → **Configuration profiles**.
 1. Select the **DFCI profile name** → **Properties** → **Settings**.
 ## [PICTURE HERE] Device Firmware Configuration Interface page in Microsoft Endpoint Manager admin center
 For more information, see [Configuring the DFCI environment and managing UEFI configuration settings for targeted Surface devices](/surface/surface-manage-dfci-guide). 
 ## Microsoft Surface Management Portal
 Located in the Microsoft Endpoint Manager admin center, the Microsoft Surface Management Portal enables you to self-serve, manage, and monitor your school's Intune-managed Surface devices at scale. Get insights into device compliance, support activity, warranty coverage, and more. When Surface Laptop SE devices are enrolled in cloud management and users sign in for the first time, information automatically flows into the Surface Management Portal, giving you a single pane of glass for Surface-specific administration activities.
 To access and use the Surface Management Portal: 
 1. In the Microsoft Endpoint Manager admin center, select **All services** → **Surface Management Portal**.
 ## ADD PIC HERE Surface Management Portal monitoring page in Microsoft Endpoint Manager admin center
 2. To display insights for all your Surface devices, select **Monitor**. This shows devices that are out of compliance or not registered, have critically low storage, require updates, or are currently inactive. 
 1. To see details on each insights category, select **View report**. This displays diagnostic information that you can customize and export. 
 To see the device's warranty information, select **Device warranty and coverage**.
 5. To see support requests and their status, select **Support requests**.
--- a/education/windows/tutorial-school-deployment/manage-surface-devices.md
+++ b/education/windows/tutorial-school-deployment/manage-surface-devices.md
@ -0,0 +1,48 @@
 ---
 title: Management functionalities for Surface devices
 description: Management capabilities offered to Surface devices, including firmware management and the Surface Management Portal
 ms.date: 08/31/2022
 ms.prod: windows
 ms.technology: windows
 ms.topic: tutorial
 ms.localizationpriority: medium
 author: paolomatarazzo
 ms.author: paoloma
 #ms.reviewer: 
 manager: aaroncz
 ms.collection: education
 appliesto:
 - ✅ <b>Surface devices</b>
 ---
 # Management functionalities for Surface devices
 Microsoft Surface devices offer many advanced management functionalities, including the possibility to manage firmware settings and a web portal designed for Surface devices.
 ## Manage device firmware for Surface devices
 Surface devices use a Unified Extensible Firmware Interface (UEFI) setting that allows you to enable or disable built-in hardware components, protect UEFI settings from being changed, and adjust device boot configuration. With [Device Firmware Configuration Interface profiles built into Intune](/intune/configuration/device-firmware-configuration-interface-windows), Surface UEFI management extends the modern management capabilities to the hardware level. Windows can pass management commands from Intune to UEFI for Autopilot-deployed devices.
 DFCI supports zero-touch provisioning, eliminates BIOS passwords, and provides control of security settings for boot options, cameras and microphones, built-in peripherals, and more. For more information, see [Manage DFCI on Surface devices](/surface/surface-manage-dfci-guide) and [Manage DFCI with Windows Autopilot](/mem/autopilot/dfci-management), which includes a list of requirements to use DFCI.
 :::image type="content" source="./images/dfci-profile.png" alt-text="Creation of a DFCI profile from Microsoft Endpoint Manager" border="true":::
 ## Microsoft Surface Management Portal
 Located in the Microsoft Endpoint Manager admin center, the Microsoft Surface Management Portal enables you to self-serve, manage, and monitor your school's Intune-managed Surface devices at scale. Get insights into device compliance, support activity, warranty coverage, and more.
 When Surface devices are enrolled in cloud management and users sign in for the first time, information automatically flows into the Surface Management Portal, giving you a single pane of glass for Surface-specific administration activities.
 To access and use the Surface Management Portal:
 1. Sign in to <a href="https://endpoint.microsoft.com/" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
 1. Select **All services** > **Surface Management Portal**
 :::image type="content" source="./images/surface-management-portal.png" alt-text="Surface Management Portal within Microsoft Endpoint Manager" border="true":::
 1. To obtain insights for all your Surface devices, select **Monitor**
    - Devices that are out of compliance or not registered, have critically low storage, require updates, or are currently inactive, are listed here
 1. To obtain details on each insights category, select **View report**
    - This dashboard displays diagnostic information that you can customize and export
 1. To obtain the device's warranty information, select **Device warranty and coverage**
 1. To review a list of support requests and their status, select **Support requests**
--- a/education/windows/tutorial-school-deployment/toc.yml
+++ b/education/windows/tutorial-school-deployment/toc.yml
@ -33,6 +33,8 @@ items:
        href: manage-remote-actions.md
      - name: Device inventory and reporting
        href: manage-inventory-reporting.md
      - name: Management functionalities for Surface devices
        href: manage-surface-devices.md       
      - name: Reset and wipe devices
        href: reset-wipe.md
  - name: 5. Troubleshoot and get help