deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md

3.5 KiB
Raw Blame History

title, description, keywords, ms.prod, ms.sitesec, author, ms.author, manager, audience, ms.topic, ms.date, ms.localizationpriority
title description keywords ms.prod ms.sitesec author ms.author manager audience ms.topic ms.date ms.localizationpriority
Secure and manage Surface Hub 2S with SEMM Learn more about securing Surface Hub 2S with SEMM. separate values with commas surface-hub library robmazz robmazz laurawi Admin article 06/20/2019 Medium

Secure and manage Surface Hub 2S with SEMM and UEFI

New in Surface Hub 2S, you can use SEMM to manage the UEFI setting of the device. Use the Microsoft Surface UEFI Configurator to control the following components:

  • Wired LAN
  • Cameras
  • Bluetooth
  • Wi-Fi
  • Occupancy sensor

Use the Microsoft Surface UEFI Configurator to turn on or off the following UEFI settings:

  • Boot

    • IPv6 for PXE Boot
    • Alternate Boot
    • Boot Order Lock
    • USB Boot

  • UEFI Front Page

    • Devices
    • Boot
    • Date/Time

Create UEFI configuration image

Unlike other Surface devices, you cannot use an MSI file or a Win PE image to apply these settings on Surface Hub 2S. Instead, you need to create a USB image to load into the device. To create a Surface Hub 2S UEFI configuration image, download and install the latest version of the Microsoft Surface UEFI Configurator from the Surface Tools for IT page in the Microsoft Download Center. For more information about using UEFI and SEMM, see Microsoft Surface Enterprise Management Mode.

To configure UEFI on Surface Hub 2S

  1. Start the UEFI Configurator and on the first screen, choose Configuration Package.

    * Start the UEFI Configurator and choose Configuration Package*

  2. To add the certificate to your package, you must have a valid certificate with the private key in a .pfx file format to sign and protect the package. Select + Certificate Protection.
    * Select + Certificate Protection *

  3. Enter the certificates private keys password.
    * Enter the certificate’s private key’s password *

  4. After importing the private key, continue creating the package.
    * Continue creating the package *

  5. Choose Hub and Surface Hub 2S as the target for the UEFI configuration package.
    * Choose Hub and Surface Hub 2S as the target for the UEFI configuration package *

  6. Choose the components and settings you want to activate or deactivate on Surface Hub 2S.
    * Choose the components and settings you want to activate or deactivate *

  7. Use the USB option to export the file.
    * Use the USB option to export the file *

  8. Insert and choose the USB drive youd like to use for this package. The USB drive will be formatted and you lose any information you have on it.
    * Insert and choose the USB drive for your package *

  9. Upon successful creation of the package, the Configurator will display the last two characters of your certificates thumbprint. You need these characters when you import to the configuration to Surface Hub 2S.
    * Successful configuration of package *

To boot into UEFI

Turn off Surface Hub 2S. Press and hold the Volume Up button and press the Power Button. Keep holding the Volume Up button until the UEFI menu appears.