Surface works closely with Windows and the M365 security stack to ensure that the device not only meets every standard for a highly secured PC but is also capable of automatically receiving updates from the dynamic world of defensive security.
In a global environment of ever-changing security threats – when nothing is entirely secure – the only protection is defence in depth across multiple layers including:
With Surface, it is a security standard to boot only within a trusted OS. This industry-standard feature ensures that every single step of the boot process is measured, signed and implemented in the intended order. See boot phases below:
Firmware was brought inhouse starting with Surface Pro 4 and Surface Book. This move enables complete control over what goes into every Surface device. The firmware is also kept current via Windows Update.
The Surface Enterprise Management Mode (SEMM) allows you to manage devices at the boot level. It also acts as the first line of defence in protecting a customer’s investment by implementing signed policies via PKI certificates.
4. Application - DFCI/Cloud UEFI Management
Through coding, you can geo-locate and monitor surface devices anywhere. Another great feature is the ability to survive any reboot if the device is stolen, reimaged, or wiped, which prevents thieves from disabling it. Surface devices also automatically activate and report location using GPS, Wi-Fi triangulation, or IP address.
There have been significant advances made in how a computer device identifies a user. Surface devices provide more than just the ability to log in with your face. With the Windows Hello for Business feature, passwords get replaced with 2FA on Surface. In addition, you can use biometric security – facial and iris recognition – to authenticate via a certificate stored in the Trusted Platform Module (TPM) located on the motherboard.
The Microsoft Defender ATP feature pinpoints and tracks attacks in real-time and uses big data analytics to predict how vulnerabilities will spread. It also preempts attacks from spreading by delivering updates to users before their devices can be infected, and protects users’ devices without requiring manual approval of updates.
For more information, please contact our Microsoft Surface Expert
905-755-000 ext. 55406