deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-07 10:07:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/devices/surface/microsoft-surface-data-eraser.md
DocsPreview ce500fde9b
Latest updates for issues content (#379) 
* Updated deployment-vdi-windows-defender-antivirus.md

* Updated deployment-vdi-windows-defender-antivirus.md

* Updated deployment-vdi-windows-defender-antivirus.md

* updates for new vdi stuff

* Adding important note to solve #3493

* Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Typo "&lt;"→"<", "&gt;"→">"

https://docs.microsoft.com/en-us/windows/application-management/manage-windows-mixed-reality

* Issue #2297

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Clarification

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* update troubleshoot-np.md

* update configure-endpoints-gp.md

* Removing a part which is not supported

* Name change

* update troubleshoot-np.md

* removed on-premises added -hello

* Added link into Domain controller guide

* Line corections

* corrected formatting of xml code samples

When viewing the page in Win 10/Edge, the xml code samples stretched across the page, running into the side menu. The lack of line breaks also made it hard to read.

This update adds line breaks and syntax highlighting, replaces curly double quotes with standard double quotes, and adds a closing tag for <appv:appconnectiongroup>for each code sample

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-delivery-optimization-reference.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-delivery-optimization-reference.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* corrected formating of XML examples

The XML samples here present the same formatting problems as in about-the-connection-group-file51.md (see https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3847/)

Perhaps we should open an issue to see if we have more versions of this code sample in the docs

* corrected formatting of XML example section

In the XML example on this page, the whitespace had been stripped out, so there were no spaces between adjacent attribute values or keys.

This made it hard to read, though the original formatting allowed for a scroll bar, so the text was not running into the side of the page (compare to https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3847 and https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3850, where the uncorrected formatting forced the text to run into the side menu).

* update configure-endpoints-gp.md

* Fixed error in registry path and improved description

* Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Removing extra line in 25 

Suggested by

* update windows-analytics-azure-portal.md

* re: broken links, credential-guard-considerations

Context:
* #3513, MVA is being retired and producing broken links
* #3860 Microsoft Virtual Academy video links

This page contains two links to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course the two links point to is already retired, and no replacement course exists.

I removed the first link, as I could not find a similar video available describing which credentials are covered by credential guard.

I replaced the second link with a video containing similar material, though it is not a "deep dive".

Suggestions on handling this problem, as many pages contain similar links, would be appreciated,.

* removed link to retired video re: #3867

Context:
* #3513, MVA is being retired and producing broken links
* #3867, Microsoft Virtual Academy video links

This page contains a broken link to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course is already retired, and no replacement course exists.

I removed the whole _See Also_ section, as I could not find a video narrowly or deeply addressing how to protect privelaged users with Credential Guard. The most likely candidate is too short and general: https://www.linkedin.com/learning/cism-cert-prep-1-information-security-governance/privileged-account-management

* addressing broken mva links, #3817

Context:
* #3513, MVA is being retired and producing broken links
* #3817, Another broken link

This page contains two links to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course the two links point to is already retired, and no replacement course exists.

I removed the first link, as we no longer have a video with similar content for a similar audience. The most likely candidate is https://www.linkedin.com/learning/programming-foundations-web-security-2/types-of-credential-attacks, which is more general and for a less technical audience. 

I removed the second link and the _See Also_ section, as I could not find a similar video narrowly focused on which credentials are covered by Credential Guard. Most of the related material available now describes how to perform a task.

* Update deployment-vdi-windows-defender-antivirus.md

* typo fix re: #3876; DMSA -> DSMA

* Addressing dead MVA links, #3818

This page, like its fellows in the mva-links label, contains links to a retired video course on a website that is retiring soon.

The links listed by the user in issue #3818 were also on several other pages, related to Credentials Guard. 

These links were addressed in the pull requests #3875, #3872, and #3871

Credentials threat & lateral threat link: removed (see PR #3875 for reasoning) 
Virtualization link: replaced (see #3871 for reasoning)
Credentials protected link: removed (see #3872 for reasoning)

* Adding notes for known issue in script

Solves #3869

* Updated the download link admx files Windows 10

Added link for April 2018 and Oct 2018 ADMX files.

* added event logs path

Referenced : https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Suggestions applied.

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update deployment-vdi-windows-defender-antivirus.md

* screenshot update

* Add files via upload

* update 4 scrrenshots

* Update deployment-vdi-windows-defender-antivirus.md

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Re: #3909

Top link is broken, #3909 

> The link here does not work:
> Applies to: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

The link to the pdf describing MDATP was broken.

Thankfully, PR #2897 updated the same link in another page some time ago, so I didn't have to go hunting for an equivalent

* CI Update

* Updated as per task 3405344

* Updated author

* Update windows-analytics-azure-portal.md

* added the example query

* Updated author fields

* Update office-csp.md

* update video for testing

* update video

* Update surface-hub-site-readiness-guide.md

line 134 Fixed  video link MD formatting

* fixing video url

* updates from Albert

* Bulk replaced author to manikadhiman

* Bulk replaced ms.author to v-madhi

* Latest content is published (#371)

* Added 1903 policy DDF link and fixed a typo

* Reverted the DDF version

* Latest update (#375)

* Update deployment-vdi-windows-defender-antivirus.md

* Update deployment-vdi-windows-defender-antivirus.md
2019-06-06 15:54:17 -07:00

10 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, manager, ms.localizationpriority, keywords, ms.prod, ms.mktglfcycl, ms.pagetype, ms.sitesec, author, ms.author, ms.topic, ms.date
title description ms.assetid ms.reviewer manager ms.localizationpriority keywords ms.prod ms.mktglfcycl ms.pagetype ms.sitesec author ms.author ms.topic ms.date
Microsoft Surface Data Eraser (Surface) Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. 8DD3F9FE-5458-4467-BE26-E9200341CF10 dansimp medium tool, USB, data, erase w10 manage surface, devices, security library dansimp dansimp article 05/15/2018

Microsoft Surface Data Eraser

Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.

Microsoft Surface Data Eraser is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB stick is easy to create by using the provided wizard, the Microsoft Surface Data Eraser wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see Protecting your data if you send your Surface in for service.

Important

Microsoft Surface Data Eraser uses the NVM Express (NVMe) format command to erase data as authorized in NIST Special Publication 800-88 Revision 1.

Compatible Surface devices include:

  • Surface Pro 6
  • Surface Laptop 2
  • Surface Go
  • Surface Book 2
  • Surface Pro with LTE Advanced (Model 1807)
  • Surface Pro (Model 1796)
  • Surface Laptop
  • Surface Studio
  • Surface Book
  • Surface Pro 4
  • Surface 3 LTE
  • Surface 3
  • Surface Pro 3
  • Surface Pro 2

Some scenarios where Microsoft Surface Data Eraser can be helpful include:

  • Prepare a Surface device to be sent for repair

  • Decommission a Surface device to be removed from corporate or organizational use

  • Repurpose a Surface device for use in a new department or for use by a new user

  • Standard practice when performing reimaging for devices used with sensitive data

Note

Third-party devices, Surface devices running Windows RT (including Surface and Surface 2), and Surface Pro are not compatible with Microsoft Surface Data Eraser.

Note

Because the ability to boot to USB is required to run Microsoft Surface Data Eraser, if the device is not configured to boot from USB or if the device is unable to boot or POST successfully, the Microsoft Surface Data Eraser tool will not function.

Note

Surface Data Eraser on Surface Studio and Surface Studio 2 can take up to 6 minutes to boot into WinPE before disk erasure can occur.

How to create a Microsoft Surface Data Eraser USB stick

To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft Surface Data Eraser setup tool from the Microsoft Download Center using the link provided at the beginning of this article. You do not need a Surface device to create the USB stick. After you have downloaded the installation file to your computer, follow these steps to install the Microsoft Surface Data Eraser creation tool:

  1. Run the DataEraserSetup.msi installation file that you downloaded from the Microsoft Download Center.

  2. Select the check box to accept the terms of the license agreement, and then click Install.

  3. Click Finish to close the Microsoft Surface Data Eraser setup window.

After the creation tool is installed, follow these steps to create a Microsoft Surface Data Eraser USB stick. Before you begin these steps, ensure that you have a USB 3.0 stick that is 4 GB or larger connected to the computer.

  1. Start Microsoft Surface Data Eraser from the Start menu or Start screen.

  2. Click Build to begin the Microsoft Surface Data Eraser USB creation process.

  3. Click Start to acknowledge that you have a USB stick of at least 4 GB connected, as shown in Figure 1.

    Start the Microsoft Surface Data Eraser tool

    Figure 1. Start the Microsoft Surface Data Eraser tool

  4. Select the USB drive of your choice from the USB Thumb Drive Selection page as shown in Figure 2, and then click Start to begin the USB creation process. The drive you select will be formatted and any existing data on this drive will be lost.

    Note

    If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB.

    USB thumb drive selection

    Figure 2. USB thumb drive selection

  5. After the creation process is finished, the USB drive has been formatted and all binaries are copied to the USB drive. Click Success.

  6. When the Congratulations screen is displayed, you can eject and remove the thumb drive. This thumb drive is now ready to be inserted into a Surface device, booted from, and wipe any data on the device. Click Complete to finish the USB creation process, as shown in Figure 3.

    Surface Data Eraser USB creation process

    Figure 3. Complete the Microsoft Surface Data Eraser USB creation process

  7. Click X to close Microsoft Surface Data Eraser.

How to use a Microsoft Surface Data Eraser USB stick

After you create a Microsoft Surface Data Eraser USB stick, you can boot a supported Surface device from the USB stick by following this procedure:

  1. Insert the bootable Microsoft Surface Data Eraser USB stick into the supported Surface device.

  2. Boot your Surface device from the Microsoft Surface Data Eraser USB stick. To boot your device from the USB stick follow these steps:

    a. Turn off your Surface device.

    b. Press and hold the Volume Down button.

    c. Press and release the Power button.

    d. Release the Volume Down button.

    Note

    If your device does not boot to USB using these steps, you may need to turn on the Enable Alternate Boot Sequence option in Surface UEFI. You can read more about Surface UEFI boot configuration in Manage Surface UEFI Settings.

  3. When the Surface device boots, a SoftwareLicenseTerms text file is displayed, as shown in Figure 4.

    Booting the Microsoft Surface Data Eraser USB stick

    Figure 4. Booting the Microsoft Surface Data Eraser USB stick

  4. Read the software license terms, and then close the Notepad file.

  5. Accept or decline the software license terms by typing Accept or Decline. You must accept the license terms to continue.

  6. The Microsoft Surface Data Eraser script detects the storage devices that are present in your Surface device and displays the details of the native storage device. To continue, press Y (this action runs Microsoft Surface Data Eraser and removes all data from the storage device) or press N (this action shuts down the device without removing data).

    Note

    The Microsoft Surface Data Eraser tool will delete all data, including Windows operating system files required to boot the device, in a secure and unrecoverable way. To boot a Surface device that has been wiped with Microsoft Surface Data Eraser, you will first need to reinstall the Windows operating system. To remove data from a Surface device without removing the Windows operating system, you can use the Reset your PC function. However, this does not prevent your data from being recovered with forensic or data recovery capabilities. See Recovery options in Windows 10 for more information.

    Partition to be erased is displayed

    Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser

  7. If you pressed Y in step 6, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.

  8. Click the Yes button to continue erasing data on the Surface device.

Note

When you run Surface Data Eraser on the Surface Data Eraser USB drive, a log file is generated in the SurfaceDataEraserLogs folder.

Changes and updates

Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:

Version 3.2.78.0

Release Date: 4 Dec 2018

This version of Surface Data Eraser:

  • Includes bug fixes

Version 3.2.75.0

Release Date: 12 November 2018

This version of Surface Data Eraser:

  • Adds support to Surface Studio 2
  • Fixes issues with SD card

Version 3.2.69.0

Release Date: 12 October 2018

This version of Surface Data Eraser adds support for the following:

  • Surface Pro 6
  • Surface Laptop 2

Version 3.2.68.0

This version of Microsoft Surface Data Eraser adds support for the following:

  • Surface Go

Version 3.2.58.0

This version of Microsoft Surface Data Eraser adds support for the following:

  • Additional storage devices (drives) for Surface Pro and Surface Laptop devices

Version 3.2.46.0

This version of Microsoft Surface Data Eraser adds support for the following:

  • Surface Pro with LTE Advanced

Version 3.2.45.0

This version of Microsoft Surface Data Eraser adds support for the following:

  • Surface Book 2

  • Surface Pro 1TB

Note

Surface Data Eraser v3.2.45.0 and above can be used to restore Surface Pro or Surface Laptop devices with the 1TB storage option in the scenario that the device shows two separate 512GB volumes or encounters errors when attempting to deploy or install Windows 10. See Surface Pro Model 1796 and Surface Laptop 1TB display two drives for more information.

Version 3.2.36.0

This version of Microsoft Surface Data Eraser adds support for the following:

  • Surface Pro

  • Surface Laptop

Note

The Microsoft Surface Data Eraser USB drive creation tool is unable to run on Windows 10 S. To wipe a Surface Laptop running Windows 10 S, you must first create the Microsoft Surface Data Eraser USB drive on another computer with Windows 10 Pro or Windows 10 Enterprise.