You can boot from a specific device immediately, or swipe left on that device's entry in the list using the touchscreen. The Boot Configuration page allows you to change the order of your boot devices as well as enable or disable the boot of the following devices: Enable and disable specific devices UEFI Boot configuration page Components consist of the following:Įach device is listed with a slider button that you can move to On (enabled) or Off (disabled) position, as shown in Figure 6.įigure 6.
The Devices page allows you to enable or disable specific components on eligible devices, including Surface Pro 8, Surface Go 3, Surface Laptop Studio, Surface Pro 7+, Surface Pro 7, Surface Pro X, Surface Laptop 4, Surface Laptop 3, Surface Laptop SE, and Surface Book 3. The TPM is used to authenticate encryption for your device's data with BitLocker. If you do not see the Enable TPM setting, open tpm.msc in Windows to check the status, as shown in Figure 5. To learn more, see Secure Boot.ĭepending on your device, you may also be able to see if your TPM is enabled or disabled. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 4. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media.
Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. On the Security page, you can also change the configuration of Secure Boot on your Surface device. Add a password to protect Surface UEFI settings Special characters: password must be at least six characters and is case-sensitive.įigure 3. The password can contain the following characters (as shown in Figure 3): This password must be entered when you boot the Surface device to UEFI. The Security page allows you to set a password to protect UEFI settings.
You can find up-to-date information about the latest firmware version for your Surface device in the Surface Update History for your device. System information and firmware version information The firmware version of each of the following devices is displayed on the PC information page (as shown in Figure 1):įigure 1. Surface devices have several internal components that each run different versions of firmware.
You will also find detailed information about the firmware of your Surface device.
Serial Number – This number identifies this specific Surface device for asset tagging and support scenarios.Īsset Tag – The asset tag is assigned to the Surface device with the Asset Tag Tool. UUID – This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management.
The exact configuration of your device is not shown (such as processor, disk size, or memory size). Model – Your Surface device's model will be displayed here, such as Surface Book 2 or Surface Pro 7. The PC information page includes detailed information about your Surface device:
As the Microsoft or Surface logo appears on your screen, continue to hold the Volume-up button until the UEFI screen appears.Press and hold the Volume-up button and - at the same time - press and release the Power button.Shut down your Surface and wait about 10 seconds to make sure it's off.To adjust UEFI settings during system startup: For more information, refer to Intune management of Surface UEFI settings. DFCI is currently available for Surface Laptop SE, Surface Laptop Studio, Surface Pro 8, Surface Go 3, Surface Laptop 4, Surface Laptop Go, Surface Book 3, Surface Laptop 3, Surface Pro 7+, Surface Pro 7, and Surface Pro X. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings - including boot options and built-in peripherals - and lays the groundwork for advanced security scenarios in the future. With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. To learn more, see View your system info. In UEFI, commercial SKUs are the only models to feature the Devices page and Management page.
Commercial SKUs (aka Surface for Business) run Windows 10 Pro/Enterprise or Windows 11 Pro/Enterprise consumer SKUs run Windows 10/Windows 11 Home.