Friday, October 29, 2021

Windows 11 on Surface for Business

IT administrators who need to deploy and support employees will find that many of the same technologies they have been using on Windows 10 continue to work with Windows 11. We have made the new OS easier to work with and more secure because we all know how important security and protection are today.


Best in class security

Windows 11 raises the bar for security by enabling default protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and Secure Boot.


Figure 1. Security Signals study shows firmware attacks on the rise1


Virtualization-based security enabled by default

Microsoft developed VBS and HVCI to protect against common and sophisticated malware by performing sensitive security operations in an isolated environment.


In Windows 11, hardware and software work together to protect the operating system, with virtualization-based security (VBS) and Secure Boot built-in and enabled by default on new CPUs. VBS uses hardware virtualization features to create and isolate a secure region of memory from the operating system. This isolated environment hosts multiple security solutions, significantly increasing protection from vulnerabilities in the operating system and preventing malicious exploits. In combination with device health attestation with cloud services, Windows 11 is zero trust ready.


Chip to cloud security

The expansion of access and ability to work anywhere has introduced new threats and risks. From the chip to the cloud, hardware and software must work together to stop threats.

In a global environment of ever-changing security threats, especially when nothing is perfectly secure, the only protection is defense in depth across multiple layers including hardware firmware, software, applications and identity.


Optimized Windows Hello



Windows Hello camera provides consistent, fast, secured, and seamless face authentication with Windows 11 technology. Windows 11 has advanced the state of facial recognition authentication technology through algorithmic software improvements. Our newest Surface deviceshave improved face authentication performance via enhanced hardware in the camera system thanks to a larger IR sensor resolution and a higher IR wavelength, which is more resistant to interference from ambient light.



Seamless deployment

  • Reduced deployment time with Autopilot: Windows Autopilot simplifies the device lifecycle from initial deployment to end of life. Using cloud-based services, Windows Autopilot reduces the time IT spends on deploying, managing, and retiring devices. Windows 11 and Surface bring this familiar experience to enrich your Surface experience right from the start.
  • Choosing between operating systems is easier than ever before: Microsoft Surface has made it easy for you to choose between Windows 10 and Windows 11 on select Surface devices and benefit from zero-touch deployment – straight from Microsoft, directly to end-users. (See Introducing OS choice on new Surface devices).
  • Refreshed Out of Box experience: Windows 11 setup is more streamlined to help new users get up and running faster. When deployed through Windows Autopilot,  users can see the new refreshed look during the OOBE flow.




  • Device Firmware configuration interface lets you secure hardware components of your devices and manage UEFI settings.3  For example, if your users are working in highly secure environments that prohibit cameras, you can disable the camera on their devices through Microsoft Endpoint Manager. 

Robust IT management

Windows 11 is designed and built as a complete set of experiences, unlocking the full power of the PC our customers have come to rely on, including in areas like security, reliability, compatibility, video conferencing, multitasking, creating, building, learning and more. It’s now easier to manage all your Surface devices.

  • Surface commercial apps help you manage devices across the lifecycle. With Surface tools for IT, you can create custom UEFI deployment packages, troubleshoot issues, and erase devices securely. All Surface commercial apps support Windows 11 – Download them from Surface Tools for IT.
  • Create automations.  Optimize workflows and automate repetitive and time-consuming tasks through the preinstalled Power Automate for Desktop App. You can build flows with little-to-no coding experience, starting with a collection of more than 400 pre-made actions.



  • Microsoft Surface Management Portal:  As a single environment for the end-to-end visibility of corporate or user-owned Surface devices, the Surface Management Portal lets you quickly see any issues that need prompt attention before they hit your help desk.

    Get insights into device compliance, support activity, and warranty coverage. Quickly see the status of each device, which ones are still in warranty or expiring soon, and the status of active support requests with your hardware providers.




Get Windows 11

Our newest Surface devices -- Surface Laptop Studio, Surface Pro 8, and Surface Go 3 --

can be purchased with Windows 11 installed. Earlier devices are eligible to be upgraded4 to Windows 11 including Surface Pro 7+, Surface Pro 7, Surface Pro 6, Surface Go 2, Surface Laptop 4, Surface Laptop 3, Surface Laptop 2, Surface Laptop Go, Surface Pro X (all generations), Surface Book 3 (13” & 15”), Surface Book 2 (i5-8350U, i7-8650U supported, i5-7300 not supported), Surface Hub 2, and Surface Studio 2.


Check out Windows 11 Specifications page for minimum requirements and visit to download the PC Health Check app and see if your Surface meets the requirements.


For other devices, you can run Windows 11 through Windows 365 Cloud PC, which lets you stream the OS to your Surface device. Let us know what you love about Windows 11.



1. New Security Signals study shows firmware attacks on the rise

2. Surface Laptop Studio, Surface Pro 8, Surface Pro X.

3. Surface Go and Surface Go 2 use a third-party UEFI and do not support DFCI. DFCI is currently available for Surface Go 3, Surface Pro 8, Surface Laptop Studio, Surface Laptop 4, Surface Pro 7+, Surface Laptop Go, Surface Book 3, Surface Laptop 3, Surface Pro 7, and Surface Pro X. Find out more about managing Surface UEFI settings.

4. The Windows 11 upgrade will be delivered to qualifying devices in late 2021 into 2022. Timing varies by device. Certain features require specific hardware (see


Posted at