Dec 08 2022

Under the Surface: How Microsoft Is Digging Deep into Security

Microsoft Surface devices are fast and user-friendly. The latest models enhance security with chip-to-cloud protection. Here’s how.

The Microsoft Surface line of laptop and tablet computers has enjoyed steady success.

According to data from research firm Forrester, businesses using a combination of Microsoft 365 and Surface devices saw benefits totaling just over $21 million in three years and costs of $9.9 million during the same period, for an ROI of 112 percent.

The story behind this success is simple: Microsoft Surface devices are fast, user-friendly and offer some of the best form factors on the market. But the company isn’t resting on its laurels — the new Surface Pro 9 and Laptop 5 products dig deep into security to provide end-to-end protection. Here’s how.

Click the banner below to receive exclusive industry content when you register as an Insider

Autonomous Protection Helps Users Focus on Being Productive

Cyberattacks on mobile devices are now a clear and present danger. As noted by SecurityWeek, while the volume of attacks dropped in 2021, their sophistication increased. This leads to a challenge. “It’s not just that devices need to be intelligent,” says Eric Veal, senior partner technology strategist at Microsoft. “They need to be fast and secure as well. It’s Microsoft’s worldview that there’s an intelligent edge and an intelligent cloud that leads to technology intensity. The cloud is alive and well, and the Surface is the intelligent client on the edge.”

Veal notes that the goal of device security is to run effectively in the background, becoming an ambient, continuous part of the environment. “You don’t want to think about it,” he says. “You don’t drive around in your car thinking about airbags or door locks. The same should be true of technology.”

LEARN: Why IT leaders are opting for more efficient cloud computing. 

Chip-to-Cloud Security Changes the Game

Chip-to-cloud security lets the Microsoft Surface Pro 9 with 5G go beyond protective basics to provide comprehensive device defense. What does this mean in practice? Put simply, it’s all about layers of security baked into the hardware, firmware, operating system and the cloud itself:

  • Hardware. The hardware layer includes the Pluton processor, which lives inside the CPU and makes it possible to write security protocols into the silicon. It also offers significant advantages for services such as Trusted Platform Module (TPM) 2.0 support. These modules help ensure platform integrity, deliver disk encryption and store password data. Depending on the chipset architecture, however, TPM could pose an unintentional risk. “When TPM is separate on the board, there’s a bus between the chip and the processor that can get attacked,” Veal says, referring to the physical connection between the chip and processor that presents a possible vulnerability. “Pluton takes that away,” he says.
  • Firmware. Here, the Microsoft Unified Extensible Firmware Interface enables key features such as Secure Boot for verifying platform integrity. Surface Enterprise Management Mode, meanwhile, makes it easier for administrators to effectively manage devices across the organization.
  • Operating System. Surface protections built within the OS include virtualization-based security and hypervisor-protected code integrity. VBS enables the Windows hypervisor to create regions of memory that are separate from the standard OS to help reduce the risk of data compromise. Hypervisor-protected code integrity, meanwhile, is a feature of VBS that ensures kernel integrity and restricts the type of kernel memory allocations available.
  • Cloud. Finally, Surface protection extends into the cloud with solutions such as Microsoft Defender and the Surface Management Portal. Microsoft Defender provides front-line anti-malware support, while the Surface Management Portal enables administrators to self-serve, monitor and manage Surface devices across the organization.
Eric Veal Bio Pic
We don’t want problems. We don’t want to get hacked. NPUs will help reduce this risk.”

Eric Veal Senior Partner Technology Strategist, Microsoft

In combination, these layers are critical for individual users to retain complete control over their devices and for IT administrators to manage thousands — or tens of thousands — of devices simultaneously across corporate networks. Veal also points to the rise of neural processing units, or NPUs, which leverage artificial intelligence to help mitigate security threats. “AI on the client is going to be a thing,” he says. “We don’t want problems. We don’t want to get hacked. NPUs will help reduce this risk.”

Maximize ROI with Surface Devices

*Microsoft is also taking steps to make its Surface devices more sustainable by making it easier to repair components and replace parts. For example, replaceable parts for the Surface Pro 9 include solid-state drives, rSSD doors, batteries, charging ports, thermal modules and motherboards.

“The edge device is a composition of parts,” says Veal. “It is not an atomic unit. Some of those parts can fail or break.” Microsoft is moving away from an exchange-only model to a product line that’s easier to repair and service, helping you maximize ROI for your devices and helping Microsoft achieve its sustainability goals.

There’s more to the Surface than meets the eye. Along with superior performance and reliable ROI for businesses, chip-to-cloud security provides an end-to-end risk reduction approach, while repairability initiatives look to enable sustainability goals without compromising protection.

*Note: Customer replaceable units are components available for purchase through a Surface Commercial Authorized Device Reseller. Components can be replaced onsite by a skilled technician following Microsoft’s Service Guide. Opening or repairing your device can present electric shock, fire and personal injury risks and other hazards. Use caution undertaking do-it-yourself repairs. Device damage caused during repair will not be covered under Microsoft’s Hardware Warranty or protection plans. Components will be available shortly after initial launch; timing of availability varies by component and market.


Brought to you by:  Microsoft Surface 

TU IS / Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.