diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md index be19868c70..491ca43c11 100644 --- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md +++ b/devices/surface/deploy-surface-app-with-windows-store-for-business.md @@ -77,7 +77,7 @@ After you add an app to the Microsoft Store for Business account in Offline mode 3. Under **Actions**, click the ellipsis (**…**), and then click **Download for offline use** for the Surface app. 4. Select the desired **Platform** and **Architecture** options from the available selections for the selected app, as shown in Figure 4. - ![Example of the AppxBundle package](images/deploysurfapp-fig4-downloadappxbundle.png "Example of the AppxBundle package") + ![Example of the AppxBundle package](images\deploysurfapp-fig4-downloadappxbundle.png "Example of the AppxBundle package") *Figure 4. Download the AppxBundle package for an app* 5. Click **Download**. The AppxBundle package will be downloaded. Make sure you note the path of the downloaded file because you’ll need that later in this article. @@ -89,7 +89,7 @@ After you add an app to the Microsoft Store for Business account in Offline mode Figure 5 shows the required frameworks for the Surface app. -![Required frameworks for the Surface app](images/deploysurfapp-fig5-requiredframework.png "Required frameworks for the Surface app") +![Required frameworks for the Surface app](images\deploysurfapp-fig5-requiredframework.png "Required frameworks for the Surface app") *Figure 5. Required frameworks for the Surface app* diff --git a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md index 5d4c92dfaa..1f84f574f3 100644 --- a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md +++ b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md @@ -119,13 +119,13 @@ To boot from the network with either your reference virtual machines or your Sur Windows Deployment Services (WDS) is a Windows Server role. To add the WDS role to a Windows Server 2012 R2 environment, use the Add Roles and Features Wizard, as shown in Figure 1. Start the Add Roles and Features Wizard from the **Manage** button of **Server Manager**. Install both the Deployment Server and Transport Server role services. -![Install the Windows Deployment Services role](images/surface-deploymdt-fig1.png "Install the Windows Deployment Services role") +![Install the Windows Deployment Services role](images\surface-deploymdt-fig1.png "Install the Windows Deployment Services role") *Figure 1. Install the Windows Deployment Services server role* After the WDS role is installed, you need to configure WDS. You can begin the configuration process from the WDS node of Server Manager by right-clicking your server’s name and then clicking **Windows Deployment Services Management Console**. In the **Windows Deployment Services** window, expand the **Servers** node to find your server, right-click your server, and then click **Configure** in the menu to start the Windows Deployment Services Configuration Wizard, as shown in Figure 2. -![Configure PXE response for Windows Deployment Services](images/surface-deploymdt-fig2.png "Configure PXE response for Windows Deployment Services") +![Configure PXE response for Windows Deployment Services](images\surface-deploymdt-fig2.png "Configure PXE response for Windows Deployment Services") *Figure 2. Configure PXE response for Windows Deployment Services* @@ -146,7 +146,7 @@ To install Windows ADK, run the Adksetup.exe file that you downloaded from [Down When you get to the **Select the features you want to install** page, you only need to select the **Deployment Tools** and **Windows Preinstallation Environment (Windows PE)** check boxes to deploy Windows 10 using MDT, as shown in Figure 3. -![Required options for deployment with MDT](images/surface-deploymdt-fig3.png "Required options for deployment with MDT") +![Required options for deployment with MDT](images\surface-deploymdt-fig3.png "Required options for deployment with MDT") *Figure 3. Only Deployment Tools and Windows PE options are required for deployment with MDT* @@ -176,13 +176,13 @@ To create the deployment share, follow these steps: 1. Open the Deployment Workbench from your Start menu or Start screen, as shown in Figure 5. - ![The MDT Deployment Workbench](images/surface-deploymdt-fig5.png "The MDT Deployment Workbench") + ![The MDT Deployment Workbench](images\surface-deploymdt-fig5.png "The MDT Deployment Workbench") *Figure 5. The MDT Deployment Workbench* 2. Right-click the **Deployment Shares** folder, and then click **New Deployment Share** to start the New Deployment Share Wizard, as shown in Figure 6. - ![Summary page of the New Deployment Share Wizard](images/surface-deploymdt-fig6.png "Summary page of the New Deployment Share Wizard") + ![Summary page of the New Deployment Share Wizard](images\surface-deploymdt-fig6.png "Summary page of the New Deployment Share Wizard") *Figure 6. The Summary page of the New Deployment Share Wizard* @@ -228,7 +228,7 @@ To import Windows 10 installation files, follow these steps: 1. Right-click the **Operating Systems** folder under your deployment share in the Deployment Workbench, and then click **New Folder** to open the **New Folder** page, as shown in Figure 7. - ![Create a new folder on the New Folder page](images/surface-deploymdt-fig7.png "Create a new folder on the New Folder page") + ![Create a new folder on the New Folder page](images\surface-deploymdt-fig7.png "Create a new folder on the New Folder page") *Figure 7. Create a new folder on the New Folder page* @@ -240,7 +240,7 @@ To import Windows 10 installation files, follow these steps: 3. Expand the Operating Systems folder to see the newly created folder. 4. Right-click the newly created folder, and then click **Import Operating System** to launch the Import Operating System Wizard, as shown in Figure 8. - ![Import source files with the Import Operating System Wizard](images/surface-deploymdt-fig8.png "Import source files with the Import Operating System Wizard") + ![Import source files with the Import Operating System Wizard](images\surface-deploymdt-fig8.png "Import source files with the Import Operating System Wizard") *Figure 8. Import source files with the Import Operating System Wizard* @@ -266,7 +266,7 @@ To create the reference image task sequence, follow these steps: 1. Right-click the **Task Sequences** folder under your deployment share in the Deployment Workbench, and then click **New Task Sequence** to start the New Task Sequence Wizard, as shown in Figure 9. - ![Create new task sequence to deploy and update a Windows 10 reference environment](images/surface-deploymdt-fig9.png "Create new task sequence to deploy and update a Windows 10 reference environment") + ![Create new task sequence to deploy and update a Windows 10 reference environment](images\surface-deploymdt-fig9.png "Create new task sequence to deploy and update a Windows 10 reference environment") *Figure 9. Create a new task sequence to deploy and update a Windows 10 reference environment* @@ -287,7 +287,7 @@ To create the reference image task sequence, follow these steps: 2. Select the **Task Sequences** folder, right-click the new task sequence you created, and then click **Properties**. 3. Select the **Task Sequence** tab to view the steps that are included in the Standard Client Task Sequence template, as shown in Figure 10. - ![Enable Windows Update in the reference image task sequence](images/surface-deploymdt-fig10.png "Enable Windows Update in the reference image task sequence") + ![Enable Windows Update in the reference image task sequence](images\surface-deploymdt-fig10.png "Enable Windows Update in the reference image task sequence") *Figure 10. Enable Windows Update in the reference image task sequence* @@ -304,7 +304,7 @@ To update the MDT boot media, follow these steps: 1. Right-click the deployment share in the Deployment Workbench, and then click **Update Deployment Share** to start the Update Deployment Share Wizard, as shown in Figure 11. - ![Generate boot images with the Update Deployment Share Wizard](images/surface-deploymdt-fig11.png "Generate boot images with the Update Deployment Share Wizard") + ![Generate boot images with the Update Deployment Share Wizard](images\surface-deploymdt-fig11.png "Generate boot images with the Update Deployment Share Wizard") *Figure 11. Generate boot images with the Update Deployment Share Wizard* @@ -322,7 +322,7 @@ To update the MDT boot media, follow these steps: * **LiteTouchPE_x64.wim** - ![Boot images in the Boot folder after Update Deployment Share Wizard completes](images/surface-deploymdt-fig12.png "Boot images in the Boot folder after Update Deployment Share Wizard completes") + ![Boot images in the Boot folder after Update Deployment Share Wizard completes](images\surface-deploymdt-fig12.png "Boot images in the Boot folder after Update Deployment Share Wizard completes") *Figure 12. Boot images displayed in the Boot folder after completion of the Update Deployment Share Wizard* @@ -332,13 +332,13 @@ To import the MDT boot media into WDS for PXE boot, follow these steps: 2. Expand **Servers** and your deployment server. 3. Click the **Boot Images** folder, as shown in Figure 13. - ![Start the Add Image Wizard from the Boot Images folder](images/surface-deploymdt-fig13.png "Start the Add Image Wizard from the Boot Images folder") + ![Start the Add Image Wizard from the Boot Images folder](images\surface-deploymdt-fig13.png "Start the Add Image Wizard from the Boot Images folder") *Figure 13. Start the Add Image Wizard from the Boot Images folder* 4. Right-click the **Boot Images** folder, and then click **Add Boot Image** to open the Add Image Wizard, as shown in Figure 14. - ![Import the LiteTouchPE_x86.wim MDT boot image](images/surface-deploymdt-fig14.png "Import the LiteTouchPE_x86.wim MDT boot image") + ![Import the LiteTouchPE_x86.wim MDT boot image](images\surface-deploymdt-fig14.png "Import the LiteTouchPE_x86.wim MDT boot image") *Figure 14. Import the LiteTouchPE_x86.wim MDT boot image* @@ -377,7 +377,7 @@ Perform the reference image deployment and capture using the following steps: 1. Start your virtual machine and press the F12 key when prompted to boot to the WDS server via PXE, as shown in Figure 15. - ![Start network boot by pressing the F12 key](images/surface-deploymdt-fig15.png "Start network boot by pressing the F12 key") + ![Start network boot by pressing the F12 key](images\surface-deploymdt-fig15.png "Start network boot by pressing the F12 key") *Figure 15. Start network boot by pressing the F12 key* @@ -392,7 +392,7 @@ Perform the reference image deployment and capture using the following steps: * **Locale and Time** – Leave the default options for language and time settings selected. The locale and time settings will be specified during deployment of the image to other devices. Click **Next**. * **Capture Image** – Click the **Capture an Image of this Reference Computer** option, as shown in Figure 16. In the **Location** field, keep the default location of the Captures folder. You can keep or change the name of the image file in the **File Name** field. When you are finished, click **Next**. - ![Capture an image of the reference machine](images/surface-deploymdt-fig16.png "Capture an image of the reference machine") + ![Capture an image of the reference machine](images\surface-deploymdt-fig16.png "Capture an image of the reference machine") *Figure 16. Use the Capture Image page to capture an image of the reference machine after deployment* @@ -456,13 +456,13 @@ To import the Surface drivers (in this example, Surface Pro 4) into MDT, follow * Microsoft Corporation * Surface Pro 4 - ![Recommended folder structure for drivers](images/surface-deploymdt-fig17.png "Recommended folder structure for drivers") + ![Recommended folder structure for drivers](images\surface-deploymdt-fig17.png "Recommended folder structure for drivers") *Figure 17. The recommended folder structure for drivers* 4. Right-click the **Surface Pro 4** folder, and then click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 18. - ![Progress page during drivers import](images/surface-deploymdt-fig18.png "Progress page during drivers import") + ![Progress page during drivers import](images\surface-deploymdt-fig18.png "Progress page during drivers import") *Figure 18. The Progress page during drivers import* @@ -473,7 +473,7 @@ To import the Surface drivers (in this example, Surface Pro 4) into MDT, follow * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard. 6. Click the **Surface Pro 4** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 19. - ![Drivers for Surface Pro 4 imported and organized in the MDT deployment share](images/surface-deploymdt-fig19.png "Drivers for Surface Pro 4 imported and organized in the MDT deployment share") + ![Drivers for Surface Pro 4 imported and organized in the MDT deployment share](images\surface-deploymdt-fig19.png "Drivers for Surface Pro 4 imported and organized in the MDT deployment share") *Figure 19. Drivers for Surface Pro 4 imported and organized in the MDT deployment share* @@ -512,7 +512,7 @@ Now that the installation and configuration files are prepared, the application 1. Open the Deployment Workbench. 2. Expand the deployment share, right-click the **Applications** folder, and then click **New Application** to start the New Application Wizard, as shown in Figure 20. - ![Enter the command and directory for Office 2016 Click-to-Run](images/surface-deploymdt-fig20.png "Enter the command and directory for Office 2016 Click-to-Run") + ![Enter the command and directory for Office 2016 Click-to-Run](images\surface-deploymdt-fig20.png "Enter the command and directory for Office 2016 Click-to-Run") *Figure 20. Enter the command and directory for Office 2016 Click-to-Run* @@ -571,7 +571,7 @@ After the task sequence is created it can be modified for increased automation, 6. Between the two **Windows Update** steps is the **Install Applications** step. Click the **Install Applications** step, and then click **Add**. 7. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 21. - ![A new Install Application step in the deployment task sequence](images/surface-deploymdt-fig21.png "A new Install Application step in the deployment task sequence") + ![A new Install Application step in the deployment task sequence](images\surface-deploymdt-fig21.png "A new Install Application step in the deployment task sequence") *Figure 21. A new Install Application step in the deployment task sequence* @@ -586,7 +586,7 @@ After the task sequence is created it can be modified for increased automation, * **Task Sequence Variable** – DriverGroup001 * **Value** – Windows 10 x64\%Make%\%Model% - ![Configure a new Set Task Sequence Variable step in the deployment task sequence](images/surface-deploymdt-fig22.png "Configure a new Set Task Sequence Variable step in the deployment task sequence") + ![Configure a new Set Task Sequence Variable step in the deployment task sequence](images\surface-deploymdt-fig22.png "Configure a new Set Task Sequence Variable step in the deployment task sequence") *Figure 22. Configure a new Set Task Sequence Variable step in the deployment task sequence* @@ -595,7 +595,7 @@ After the task sequence is created it can be modified for increased automation, * In the **Choose a selection profile** drop-down menu, select **Nothing**. * Click the **Install all drivers from the selection profile** button. - ![Configure deployment task sequence not to choose the drivers to inject into Windows](images/surface-deploymdt-fig23.png "Configure deployment task sequence not to choose the drivers to inject into Windows") + ![Configure deployment task sequence not to choose the drivers to inject into Windows](images\surface-deploymdt-fig23.png "Configure deployment task sequence not to choose the drivers to inject into Windows") *Figure 23. Configure the deployment task sequence not to choose the drivers to inject into Windows* @@ -648,7 +648,7 @@ Rules used in the text shown in Step 3 include: The bulk of the rules used to automate the MDT deployment process are stored in the deployment share rules, or the Customsettings.ini file. In this file you can answer and hide all of the prompts from the Windows Deployment Wizard, which yields a deployment experience that mostly consists of a progress bar that displays the automated actions occurring on the device. The deployment share rules are shown directly in the **Rules** tab of the deployment share properties, as shown in Figure 24. -![Deployment share rules configured for automation of the Windows Deployment Wizard](images/surface-deploymdt-fig24.png "Deployment share rules configured for automation of the Windows Deployment Wizard") +![Deployment share rules configured for automation of the Windows Deployment Wizard](images\surface-deploymdt-fig24.png "Deployment share rules configured for automation of the Windows Deployment Wizard") *Figure 24. Deployment share rules configured for automation of the Windows Deployment Wizard* @@ -772,7 +772,7 @@ With all of the automation provided by the deployment share rules and task seque >[!NOTE] >For the deployment to require only a single touch, the Surface devices must be connected to a keyboard, connected to the network with a Microsoft Surface USB Ethernet Adapter or Surface Dock, and configured with PXE boot as the first boot option, as shown in Figure 25. -![Set boot priority for PXE boot](images/surface-deploymdt-fig25.png "Set boot priority for PXE boot") +![Set boot priority for PXE boot](images\surface-deploymdt-fig25.png "Set boot priority for PXE boot") *Figure 25. Setting boot priority for PXE boot* diff --git a/devices/surface/enroll-and-configure-surface-devices-with-semm.md b/devices/surface/enroll-and-configure-surface-devices-with-semm.md index 8751490e04..0c64b39169 100644 --- a/devices/surface/enroll-and-configure-surface-devices-with-semm.md +++ b/devices/surface/enroll-and-configure-surface-devices-with-semm.md @@ -35,13 +35,13 @@ To create a Surface UEFI configuration package, follow these steps: 2. Click **Start**. 3. Click **Configuration Package**, as shown in Figure 1. - ![Create a package for SEMM enrollment](images/surface-ent-mgmt-fig1-uefi-configurator.png "Create a package for SEMM enrollment") + ![Create a package for SEMM enrollment](images\surface-ent-mgmt-fig1-uefi-configurator.png "Create a package for SEMM enrollment") *Figure 1. Select Configuration Package to create a package for SEMM enrollment and configuration* 4. Click **Certificate Protection** to add your exported certificate file with private key (.pfx), as shown in Figure 2. Browse to the location of your certificate file, select the file, and then click **OK**. - ![Add the SEM certificate and Surface UEFI password to configuration package](images/surface-ent-mgmt-fig2-securepackage.png "Add the SEM certificate and Surface UEFI password to configuration package") + ![Add the SEM certificate and Surface UEFI password to configuration package](images\surface-ent-mgmt-fig2-securepackage.png "Add the SEM certificate and Surface UEFI password to configuration package") *Figure 2. Add the SEMM certificate and Surface UEFI password to a Surface UEFI configuration package* @@ -50,21 +50,21 @@ To create a Surface UEFI configuration package, follow these steps: 7. When you are prompted, enter and confirm your chosen password for Surface UEFI, and then click **OK**. If you want to clear an existing Surface UEFI password, leave the password field blank. 8. If you do not want the Surface UEFI package to apply to a particular device, on the **Choose which Surface type you want to target** page, click the slider beneath the corresponding Surface Book or Surface Pro 4 image so that it is in the **Off** position. (As shown in Figure 3.) - ![Choose devices for package compatibility](images/surface-semm-enroll-fig3.png "Choose devices for package compatibility") + ![Choose devices for package compatibility](images\surface-semm-enroll-fig3.png "Choose devices for package compatibility") *Figure 3. Choose the devices for package compatibility* 9. Click **Next**. 10. If you want to deactivate a component on managed Surface devices, on the **Choose which components you want to activate or deactivate** page, click the slider next to any device or group of devices you want to deactivate so that the slider is in the **Off** position. (Shown in Figure 4.) The default configuration for each device is **On**. Click the **Reset** button if you want to return all sliders to the default position. - ![Disable or enable Surface components](images/surface-ent-mgmt-fig3-enabledisable.png "Disable or enable Surface components") + ![Disable or enable Surface components](images\surface-ent-mgmt-fig3-enabledisable.png "Disable or enable Surface components") *Figure 4. Disable or enable individual Surface components* 11. Click **Next**. 12. To enable or disable advanced options in Surface UEFI or the display of Surface UEFI pages, on the **Choose the advanced settings for your devices** page, click the slider beside the desired setting to configure that option to **On** or **Off** (shown in Figure 5). In the **UEFI Front Page** section, you can use the sliders for **Security**, **Devices**, and **Boot** to control what pages are available to users who boot into Surface UEFI. (For more information about Surface UEFI settings, see [Manage Surface UEFI settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).) Click **Build** when you have finished selecting options to generate and save the package. - ![Control advanced Surface UEFI settings and Surface UEFI pages](images/surface-ent-mgmt-fig4-advancedsettings.png "Control advanced Surface UEFI settings and Surface UEFI pages") + ![Control advanced Surface UEFI settings and Surface UEFI pages](images\surface-ent-mgmt-fig4-advancedsettings.png "Control advanced Surface UEFI settings and Surface UEFI pages") *Figure 5. Control advanced Surface UEFI settings and Surface UEFI pages with SEMM* @@ -74,7 +74,7 @@ To create a Surface UEFI configuration package, follow these steps: >[!NOTE] >Record the certificate thumbprint characters that are displayed on this page, as shown in Figure 6. You will need these characters to confirm enrollment of new Surface devices in SEMM. Click **End** to complete package creation and close Microsoft Surface UEFI Configurator. -![Display of certificate thumbprint characters](images/surface-ent-mgmt-fig5-success.png "Display of certificate thumbprint characters") +![Display of certificate thumbprint characters](images\surface-ent-mgmt-fig5-success.png "Display of certificate thumbprint characters") *Figure 6. The last two characters of the certificate thumbprint are displayed on the Successful page* @@ -86,7 +86,7 @@ Now that you have created your Surface UEFI configuration package, you can enrol ## Enroll a Surface device in SEMM When the Surface UEFI configuration package is executed, the SEMM certificate and Surface UEFI configuration files are staged in the firmware storage of the Surface device. When the Surface device reboots, Surface UEFI processes these files and begins the process of applying the Surface UEFI configuration or enrolling the Surface device in SEMM, as shown in Figure 7. -![SEMM process for configuration of Surface UEFI or enrollment](images/surface-semm-enroll-fig7.png "SEMM process for configuration of Surface UEFI or enrollment") +![SEMM process for configuration of Surface UEFI or enrollment](images\surface-semm-enroll-fig7.png "SEMM process for configuration of Surface UEFI or enrollment") *Figure 7. The SEMM process for configuration of Surface UEFI or enrollment of a Surface device* @@ -101,7 +101,7 @@ To enroll a Surface device in SEMM with a Surface UEFI configuration package, fo * Surface UEFI will verify that the SEMM configuration file contains a SEMM certificate. * Surface UEFI will prompt you to enter to enter the last two characters of the certificate thumbprint to confirm enrollment of the Surface device in SEMM, as shown in Figure 8. - ![SEMM enrollment requires last two characters of certificate thumbprint](images/surface-semm-enroll-fig8.png "SEMM enrollment requires last two characters of certificate thumbprint") + ![SEMM enrollment requires last two characters of certificate thumbprint](images\surface-semm-enroll-fig8.png "SEMM enrollment requires last two characters of certificate thumbprint") *Figure 8. Enrollment in SEMM requires the last two characters of the certificate thumbprint* @@ -111,17 +111,17 @@ To enroll a Surface device in SEMM with a Surface UEFI configuration package, fo You can verify that a Surface device has been successfully enrolled in SEMM by looking for **Microsoft Surface Configuration Package** in **Programs and Features** (as shown in Figure 9), or in the events stored in the **Microsoft Surface UEFI Configurator** log, found under **Applications and Services Logs** in Event Viewer (as shown in Figure 10). -![Verify enrollment of Surface device in SEMM in Programs and Features](images/surface-semm-enroll-fig9.png "Verify enrollment of Surface device in SEMM in Programs and Features") +![Verify enrollment of Surface device in SEMM in Programs and Features](images\surface-semm-enroll-fig9.png "Verify enrollment of Surface device in SEMM in Programs and Features") *Figure 9. Verify the enrollment of a Surface device in SEMM in Programs and Features* -![Verify enrollment of Surface device in SEMM in Event Viewer](images/surface-semm-enroll-fig10.png "Verify enrollment of Surface device in SEMM in Event Viewer") +![Verify enrollment of Surface device in SEMM in Event Viewer](images\surface-semm-enroll-fig10.png "Verify enrollment of Surface device in SEMM in Event Viewer") *Figure 10. Verify the enrollment of a Surface device in SEMM in Event Viewer* You can also verify that the device is enrolled in SEMM in Surface UEFI – while the device is enrolled, Surface UEFI will contain the **Enterprise management** page (as shown in Figure 11). -![Surface UEFI Enterprise management page](images/surface-semm-enroll-fig11.png "Surface UEFI Enterprise management page") +![Surface UEFI Enterprise management page](images\surface-semm-enroll-fig11.png "Surface UEFI Enterprise management page") *Figure 11. The Surface UEFI Enterprise management page* @@ -136,6 +136,6 @@ If you have secured Surface UEFI with a password, users without the password who If you have not secured Surface UEFI with a password or a user enters the password correctly, settings that are configured with SEMM will be dimmed (unavailable) and the text Some settings are managed by your organization will be displayed at the top of the page, as shown in Figure 12. -![Settings managed by SEMM disabled in Surface UEFI](images/surface-semm-enroll-fig12.png "Settings managed by SEMM disabled in Surface UEFI") +![Settings managed by SEMM disabled in Surface UEFI](images\surface-semm-enroll-fig12.png "Settings managed by SEMM disabled in Surface UEFI") *Figure 12. Settings managed by SEMM will be disabled in Surface UEFI* diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md index 2e723e3c0b..e42a925b72 100644 --- a/devices/surface/surface-enterprise-management-mode.md +++ b/devices/surface/surface-enterprise-management-mode.md @@ -27,7 +27,7 @@ There are two administrative options you can use to manage SEMM and enrolled Sur The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied. -![Microsoft Surface UEFI Configurator](images/surface-ent-mgmt-fig1-uefi-configurator.png "Microsoft Surface UEFI Configurator") +![Microsoft Surface UEFI Configurator](images\surface-ent-mgmt-fig1-uefi-configurator.png "Microsoft Surface UEFI Configurator") *Figure 1. Microsoft Surface UEFI Configurator* @@ -49,7 +49,7 @@ You can download Microsoft Surface UEFI Configurator from the [Surface Tools for Surface UEFI configuration packages are the primary mechanism to implement and manage SEMM on Surface devices. These packages contain a configuration file of UEFI settings specified during creation of the package in Microsoft Surface UEFI Configurator and a certificate file, as shown in Figure 2. When a configuration package is run for the first time on a Surface device that is not already enrolled in SEMM, it provisions the certificate file in the device’s firmware and enrolls the device in SEMM. When enrolling a device in SEMM, you will be prompted to confirm the operation by providing the last two digits of the SEMM certificate thumbprint before the certificate file is stored and the enrollment can complete. This confirmation requires that a user be present at the device at the time of enrollment to perform the confirmation. -![Secure a SEMM configuration package with a certificate](images/surface-ent-mgmt-fig2-securepackage.png "Secure a SEMM configuration package with a certificate") +![Secure a SEMM configuration package with a certificate](images\surface-ent-mgmt-fig2-securepackage.png "Secure a SEMM configuration package with a certificate") *Figure 2. Secure a SEMM configuration package with a certificate* @@ -62,11 +62,11 @@ After a device is enrolled in SEMM, the configuration file is read and the setti You can use Surface UEFI settings to enable or disable the operation of individual components, such as cameras, wireless communication, or docking USB port (as shown in Figure 3), and configure advanced settings (as shown in Figure 4). -![Enable or disable devices in Surface UEFI with SEMM](images/surface-ent-mgmt-fig3-enabledisable.png "Enable or disable devices in Surface UEFI with SEMM") +![Enable or disable devices in Surface UEFI with SEMM](images\surface-ent-mgmt-fig3-enabledisable.png "Enable or disable devices in Surface UEFI with SEMM") *Figure 3. Enable or disable devices in Surface UEFI with SEMM* -![Configure advanced settings in SEMM](images/surface-ent-mgmt-fig4-advancedsettings.png "Configure advanced settings in SEMM") +![Configure advanced settings in SEMM](images\surface-ent-mgmt-fig4-advancedsettings.png "Configure advanced settings in SEMM") *Figure 4. Configure advanced settings with SEMM* @@ -100,13 +100,13 @@ You can configure the following advanced settings with SEMM: >[!NOTE] >When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5. -![Certificate thumbprint display](images/surface-ent-mgmt-fig5-success.png "Certificate thumbprint display") +![Certificate thumbprint display](images\surface-ent-mgmt-fig5-success.png "Certificate thumbprint display") *Figure 5. Display of the last two characters of the certificate thumbprint on the Successful page* These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 6. -![Enrollment confirmation in SEMM](images/surface-ent-mgmt-fig6-enrollconfirm.png "Enrollment confirmation in SEMM") +![Enrollment confirmation in SEMM](images\surface-ent-mgmt-fig6-enrollconfirm.png "Enrollment confirmation in SEMM") *Figure 6. Enrollment confirmation in SEMM with the SEMM certificate thumbprint* @@ -132,7 +132,7 @@ A Surface UEFI reset package is used to perform only one task — to unenroll a In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 7) with a Recovery Request operation. -![Initiate a SEMM recovery request](images/surface-ent-mgmt-fig7-semmrecovery.png "Initiate a SEMM recovery request") +![Initiate a SEMM recovery request](images\surface-ent-mgmt-fig7-semmrecovery.png "Initiate a SEMM recovery request") *Figure 7. Initiate a SEMM recovery request on the Enterprise Management page* diff --git a/devices/surface/unenroll-surface-devices-from-semm.md b/devices/surface/unenroll-surface-devices-from-semm.md index d7e9733228..323624a34f 100644 --- a/devices/surface/unenroll-surface-devices-from-semm.md +++ b/devices/surface/unenroll-surface-devices-from-semm.md @@ -27,7 +27,7 @@ The Surface UEFI reset package is the primary method you use to unenroll a Surfa Reset packages are created specifically for an individual Surface device. To begin the process of creating a reset package, you will need the serial number of the device you want to unenroll, as well as the SEMM certificate used to enroll the device. You can find the serial number of your Surface device on the **PC information** page of Surface UEFI, as shown in Figure 1. This page is displayed even if Surface UEFI is password protected and the incorrect password is entered. -![Serial number of Surface device is displayed](images/surface-semm-unenroll-fig1.png "Serial number of Surface device is displayed") +![Serial number of Surface device is displayed](images\surface-semm-unenroll-fig1.png "Serial number of Surface device is displayed") *Figure 1. The serial number of the Surface device is displayed on the Surface UEFI PC information page* @@ -40,20 +40,20 @@ To create a Surface UEFI reset package, follow these steps: 2. Click **Start**. 3. Click **Reset Package**, as shown in Figure 2. - ![Select Reset Package to create a package to unenroll Surface device from SEMM](images/surface-semm-unenroll-fig2.png "Select Reset Package to create a package to unenroll Surface device from SEMM") + ![Select Reset Package to create a package to unenroll Surface device from SEMM](images\surface-semm-unenroll-fig2.png "Select Reset Package to create a package to unenroll Surface device from SEMM") *Figure 2. Click Reset Package to create a package to unenroll a Surface device from SEMM* 4. Click **Certificate Protection** to add your SEMM certificate file with private key (.pfx), as shown in Figure 3. Browse to the location of your certificate file, select the file, and then click **OK**. - ![Add the SEMM certificate to Surface UEFI reset package](images/surface-semm-unenroll-fig3.png "Add the SEMM certificate to Surface UEFI reset package") + ![Add the SEMM certificate to Surface UEFI reset package](images\surface-semm-unenroll-fig3.png "Add the SEMM certificate to Surface UEFI reset package") *Figure 3. Add the SEMM certificate to a Surface UEFI reset package* 5. Click **Next**. 6. Type the serial number of the device you want to unenroll from SEMM (as shown in Figure 4), and then click **Build** to generate the Surface UEFI reset package. - ![Create a Surface UEFI reset package with serial number of Surface device](images/surface-semm-unenroll-fig4.png "Create a Surface UEFI reset package with serial number of Surface device") + ![Create a Surface UEFI reset package with serial number of Surface device](images\surface-semm-unenroll-fig4.png "Create a Surface UEFI reset package with serial number of Surface device") *Figure 4. Use the serial number of your Surface device to create a Surface UEFI reset package* @@ -62,7 +62,7 @@ To create a Surface UEFI reset package, follow these steps: Run the Surface UEFI reset package Windows Installer (.msi) file on the Surface device to unenroll the device from SEMM. The reset package will require a reboot to perform the unenroll operation. After the device has been unenrolled, you can verify the successful removal by ensuring that the **Microsoft Surface Configuration Package** item in **Programs and Features** (shown in Figure 5) is no longer present. -![Screen that shows device is enrolled in SEMM](images/surface-semm-unenroll-fig5.png "Screen that shows device is enrolled in SEMM") +![Screen that shows device is enrolled in SEMM](images\surface-semm-unenroll-fig5.png "Screen that shows device is enrolled in SEMM") *Figure 5. The presence of the Microsoft Surface Configuration Package item in Programs and Features indicates that the device is enrolled in SEMM* @@ -78,7 +78,7 @@ To initiate a Recovery Request, follow these steps: 2. Type the Surface UEFI password if you are prompted to do so. 3. Click the **Enterprise management** page, as shown in Figure 6. - ![Enterprise Management page](images/surface-semm-unenroll-fig6.png "Enterprise Management page") + ![Enterprise Management page](images\surface-semm-unenroll-fig6.png "Enterprise Management page") *Figure 6. The Enterprise management page is displayed in Surface UEFI on devices enrolled in SEMM* @@ -88,17 +88,17 @@ To initiate a Recovery Request, follow these steps: >A Recovery Request expires two hours after it is created. If a Recovery Request is not completed in this time, you will have to restart the Recovery Request process. 6. Select **SEMM Certificate** from the list of certificates displayed on the **Choose a SEMM reset key** page (shown in Figure 7), and then click or press **Next**. - ![Select SEMM certificate for your Recovery Request](images/surface-semm-unenroll-fig7.png "Select SEMM certificate for your Recovery Request") + ![Select SEMM certificate for your Recovery Request](images\surface-semm-unenroll-fig7.png "Select SEMM certificate for your Recovery Request") *Figure 7. Choose SEMM Certificate for your Recovery Request (Reset Request)* 7. On the **Enter SEMM reset verification code** page you can click the **QR Code** or **Text** buttons to display your Recovery Request (Reset Request) as shown in Figure 8, or the **USB** button to save your Recovery Request (Reset Request) as a file to a USB drive, as shown in Figure 9. - ![Recovery Request displayed as a QR Code](images/surface-semm-unenroll-fig8.png "Recovery Request displayed as a QR Code") + ![Recovery Request displayed as a QR Code](images\surface-semm-unenroll-fig8.png "Recovery Request displayed as a QR Code") *Figure 8. A Recovery Request (Reset Request) displayed as a QR Code* - ![Save a recovery request to a USB drive](images/surface-semm-unenroll-fig9.png "Save a recovery request to a USB drive") + ![Save a recovery request to a USB drive](images\surface-semm-unenroll-fig9.png "Save a recovery request to a USB drive") *Figure 9. Save a Recovery Request (Reset Request) to a USB drive* @@ -112,7 +112,7 @@ To initiate a Recovery Request, follow these steps: 9. Click **Start**. 10. Click **Recovery Request**, as shown in Figure 10. - ![Start process to approve a Recovery Request](images/surface-semm-unenroll-fig10.png "Start process to approve a Recovery Request") + ![Start process to approve a Recovery Request](images\surface-semm-unenroll-fig10.png "Start process to approve a Recovery Request") *Figure 10. Click Recovery Request to begin the process to approve a Recovery Request* @@ -120,14 +120,14 @@ To initiate a Recovery Request, follow these steps: 12. Browse to and select your SEMM certificate file, and then click **OK**. 13. When you are prompted to enter the certificate password as shown in Figure 11, type and confirm the password for the certificate file, and then click **OK**. - ![Type password for SEMM certificate](images/surface-semm-unenroll-fig11.png "Type password for SEMM certificate") + ![Type password for SEMM certificate](images\surface-semm-unenroll-fig11.png "Type password for SEMM certificate") *Figure 11. Type the password for the SEMM certificate* 14. Click **Next**. 15. Enter the Recovery Request (Reset Request), and then click **Generate** to create a reset verification code (as shown in Figure 12). - ![Enter the recovery request](images/surface-semm-unenroll-fig12.png "Enter the recovery request") + ![Enter the recovery request](images\surface-semm-unenroll-fig12.png "Enter the recovery request") *Figure 12. Enter the Recovery Request (Reset Request)* @@ -137,7 +137,7 @@ To initiate a Recovery Request, follow these steps: 16. The reset verification code is displayed in Microsoft Surface UEFI Configurator, as shown in Figure 13. - ![Display of the reset verification code](images/surface-semm-unenroll-fig13.png "Display of the reset verification code") + ![Display of the reset verification code](images\surface-semm-unenroll-fig13.png "Display of the reset verification code") *Figure 13. The reset verification code displayed in Microsoft Surface UEFI Configurator* @@ -146,7 +146,7 @@ To initiate a Recovery Request, follow these steps: 17. Enter the reset verification code in the provided field on the Surface device (shown in Figure 8), and then click or press **Verify** to reset the device and unenroll the device from SEMM. 18. Click or press **Restart now** on the **SEMM reset successful** page to complete the unenrollment from SEMM, as shown in Figure 14. - ![Example display of successful unenrollment from SEMM](images/surface-semm-unenroll-fig14.png "Example display of successful unenrollment from SEMM") + ![Example display of successful unenrollment from SEMM](images\surface-semm-unenroll-fig14.png "Example display of successful unenrollment from SEMM") *Figure 14. Successful unenrollment from SEMM* diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md index a8b3b8e063..996293cae5 100644 --- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md +++ b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md @@ -78,7 +78,7 @@ In the import process example shown in the [Deploy Windows 10 to Surface devices * Surface Pro 3 5. Right-click the **Surface Pro 3** folder, and then click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1. - ![Import Surface Pro 3 drivers for Windows 10](images/surface-upgrademdt-fig1.png "Import Surface Pro 3 drivers for Windows 10") + ![Import Surface Pro 3 drivers for Windows 10](images\surface-upgrademdt-fig1.png "Import Surface Pro 3 drivers for Windows 10") *Figure 1. Import Surface Pro 3 drivers for Windows 10* @@ -89,7 +89,7 @@ In the import process example shown in the [Deploy Windows 10 to Surface devices - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Drivers Wizard. 7. Select the **Surface Pro 3** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 2. - ![Drivers for Surface Pro 3 imported and organized in the MDT deployment share](images/surface-upgrademdt-fig2.png "Drivers for Surface Pro 3 imported and organized in the MDT deployment share") + ![Drivers for Surface Pro 3 imported and organized in the MDT deployment share](images\surface-upgrademdt-fig2.png "Drivers for Surface Pro 3 imported and organized in the MDT deployment share") *Figure 2. Drivers for Surface Pro 3 imported and organized in the MDT deployment share* @@ -129,7 +129,7 @@ After the task sequence is created, you can modify some additional settings to p 6. Between the two Windows Update steps is an **Install Applications** step. Select that step and then click **Add**. 7. Hover the mouse over **General** under the **Add** menu, and then choose **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3. - ![A new Install Application step in the deployment task sequence](images/surface-upgrademdt-fig3.png "A new Install Application step in the deployment task sequence") + ![A new Install Application step in the deployment task sequence](images\surface-upgrademdt-fig3.png "A new Install Application step in the deployment task sequence") *Figure 3. A new Install Application step in the deployment task sequence* @@ -144,7 +144,7 @@ After the task sequence is created, you can modify some additional settings to p - **Task Sequence Variable** – DriverGroup001 - **Value** – Windows 10 x64\%Make%\%Model% - ![Configure a new Set Task Sequence Variable step in the deployment task sequence](images/surface-upgrademdt-fig4.png "Configure a new Set Task Sequence Variable step in the deployment task sequence") + ![Configure a new Set Task Sequence Variable step in the deployment task sequence](images\surface-upgrademdt-fig4.png "Configure a new Set Task Sequence Variable step in the deployment task sequence") *Figure 4. Configure a new Set Task Sequence Variable step in the deployment task sequence* @@ -153,7 +153,7 @@ After the task sequence is created, you can modify some additional settings to p * In the **Choose a selection profile** drop-down menu, select **Nothing**. * Click the **Install all drivers from the selection profile** button. - ![Configure the deployment task sequence to not install drivers](images/surface-upgrademdt-fig5.png "Configure the deployment task sequence to not install drivers") + ![Configure the deployment task sequence to not install drivers](images\surface-upgrademdt-fig5.png "Configure the deployment task sequence to not install drivers") *Figure 5. Configure the deployment task sequence to not install drivers* diff --git a/devices/surface/using-the-sda-deployment-share.md b/devices/surface/using-the-sda-deployment-share.md index 1f822ac82b..75bb5c6f65 100644 --- a/devices/surface/using-the-sda-deployment-share.md +++ b/devices/surface/using-the-sda-deployment-share.md @@ -82,7 +82,7 @@ To import drivers for a peripheral device: 6. Click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1. - ![Provide the location of your driver files](images/using-sda-driverfiles-fig1.png "Provide the location of your driver files") + ![Provide the location of your driver files](images\using-sda-driverfiles-fig1.png "Provide the location of your driver files") *Figure 1. Provide the location of your driver files* @@ -120,7 +120,7 @@ In the previous example for including drivers for a POS system, you would also n 6. Click **New Application** to start the New Application Wizard, as shown in Figure 2. - ![Provide the command to install your application](images/using-sda-installcommand-fig2.png "Provide the command to install your application") + ![Provide the command to install your application](images\using-sda-installcommand-fig2.png "Provide the command to install your application") *Figure 2: Provide the command to install your application* @@ -143,7 +143,7 @@ In the previous example for including drivers for a POS system, you would also n 11. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3. - ![A new Install Application step for Sample POS App](images/using-sda-newinstall-fig3.png "A new Install Application step for Sample POS App") + ![A new Install Application step for Sample POS App](images\using-sda-newinstall-fig3.png "A new Install Application step for Sample POS App") *Figure 3. A new Install Application step for Sample POS App*