Start on tomorrow – today – with Microsoft Surface

Start on tomorrow
– today – with
Microsoft Surface

How Surface powers your transformation to modern management

The modern workplace in transition
01

The modern workplace in transition

The modern workplace is in the middle of a transition—a digital transformation—where your organization, your users, and your customers are more connected and mobile than ever. Successfully navigating this digital transformation is likely one of your highest priorities. You need to help your organization create a modern workplace where employees can use innovative devices to engage customers and collaborate with partners; where they (and you) can optimize operations, improve security, and transform your products. However, you face incredible challenges in creating that modern workplace. Employees now expect access to productivity and collaboration tools anytime and anywhere. Your on-premises environment has become more complex than ever, especially as you extend that environment to the cloud. Your tried-and-true tools and processes struggle to keep up with your changing needs. The challenges are not just internal. You’re also facing more external threats, from cannier bad guys and competitors that are always setting the bar higher.

You can address these challenges and begin your transition to a modern workplace and a modern desktop when you adopt Microsoft Surface and modern management. A modern desktop includes Windows 10, the operating system designed for a modern desktop; Office 365 ProPlus, the latest and most secure suite of productivity apps and services; and Microsoft Enterprise Mobility + Security (EMS), the simplest solution for managing devices and keeping them up to date.

A modern desktop is the most productive, most secure desktop environment with the lowest total cost of ownership (TCO). Because it’s built for a modern desktop, Surface amplifies the benefits of moving to a modern desktop. In fact, it’s the best device for achieving your modern desktop goals.

Surface and Microsoft 365 – better together

Surface and Microsoft 365 – better together

Microsoft 365 makes adopting a modern desktop simple by including everything you need – Windows 10, Office 365 ProPlus, and EMS – in a complete, intelligent solution. And a recent study as shown that Surface is the best device for Microsoft 365.1

Sources i

Surface amplifies the benefits of a modern desktop

Reduction in security breaches

20% Microsoft 365 alone2
50% Microsoft 365 Enterprise with Surface3

Sources i

Designed for the modern workplace

Designed for the modern workplace

Microsoft Surface prepares you for tomorrow. Surface equips you with tools to stay competitive, manage change, and leverage the latest technologies. It inspires your employees to do great things by enabling them to work naturally with premium devices. When you want Surface is the choice when you expect seamlessly connected hardware, software, apps, and services. Surface helps everything work together.

This includes built-in support for simplified modern management.

Benefits of moving to Surface and Microsoft 365

Reduce Costs

86%

Reduction in password reset
requests

  • 15 % reduction on application performance-related tickets
  • 2.5 hours saved per application provisioning request
  • 25 minutes saved configuring each device

Free up time for other investments

45%

less time spent in application provisioning

70%

less time testing applications

Improve end user experience

76%

of organizations say Microsoft 365 and Surface devices have helped improve retention

  • 75% of organizations agree that Microsoft 365 powered Surface devices improve employee satisfaction
  • 71% of organizations agree that Microsoft 365 powered Surface devices position them as a top employer
Modern Management Experience
02

Modern Management Experience

Let’s review what we mean by modern management. We can start by describing traditional IT management. Traditional management assumes every device you manage is owned by the organization and is connected to your on-premises network. You have some control over the available device options to help you manage the time and costs of creating custom OS images for the devices you support and to help you ensure a good end user experience. You use Group Policy to lock down how each user operates the single device assigned to them. Meanwhile, you struggle to keep up with growing security threats and the increasing speed with which operating systems and application software change. As a result, you are always reacting instead of being proactive. You want to act on strategic initiatives that add value to your organization instead of spending time on tasks and processes that could be automated with the cloud.

You’re hearing about it from your users, too. They’re now accustomed to the smart phone and app model of devices and software, with continuously introduced new capabilities and their choice of easy, intuitive devices and apps. They expect to bring their own devices from home and work from a variety of devices. When you provide them with a device, they want the startup experience to feel just as seamless as when they open the box for a phone or tablet they bought for personal use. They want more self-service options and the ability to help each other. They don’t want to have to adapt their workstyle to the technology you provide—they want the technology to adapt to their workstyle.

Modern management embraces your users’ needs and the changing environment. You can not only handle the fact that users have multiple devices, but you can also quickly get their new devices up-and-running with minimal interaction from your team. Setup is automatic and self-serviced. Updates are quick and painless for both your team and your users. You can also easily manage devices from the cloud-based services, wherever the devices are physically located. Modern management is the foundation of the modern workplace. By adopting new approaches to IT management, including cloud technologies, you can simplify management, improve security, and provide better user experiences while lowering TCO.

The best of Microsoft – optimized for modern management
03

The best of Microsoft – optimized for modern management

Of course, making the change to modern management isn’t always easy. You’re already invested in your current infrastructure, and, unfortunately, legacy IT processes and hardware continue to be the biggest blockers to transitioning to modern management. While Microsoft has built great management features into Windows 10—it is the first OS to have full mobile device management capabilities built-in, for example—if your device manufacturer doesn’t embrace modern management and take advantage of those capabilities, you can’t realize the full potential of the transformation to modern management.
Surface offers modern hardware and software that is built to take advantage of all the management capabilities of Windows 10. It’s reliable, secure, and easy to deploy and manage. You can use Surface to lead your transformation efforts so you and your organization can experience the greatest return on your digital transformation experience.

Let’s take a closer look at three of the modern management scenarios enabled by Microsoft Surface.

01
Make deployment easy with Surface and Windows Autopilot
02
Modernize device and software configuration with Surface and Intune
03
Gain Surface insights quickly with Windows Analytics

Make deployment easy with Surface and Windows Autopilot

Of course, making the change to modern management isn’t always easy. You’re already invested in your current infrastructure, and, unfortunately, legacy IT processes and hardware continue to be the biggest blockers to transitioning to modern management. While Microsoft has built great management features into Windows 10—it is the first OS to have full mobile device management capabilities built-in, for example—if your device manufacturer doesn’t embrace modern management and take advantage of those capabilities, you can’t realize the full potential of the transformation to modern management.
Surface offers modern hardware and software that is built to take advantage of all the management capabilities of Windows 10. It’s reliable, secure, and easy to deploy and manage. You can use Surface to lead your transformation efforts so you and your organization can experience the greatest return on your digital transformation experience.

Surface Partners Surface Partners
Ship & deliver direct to employee Ship & deliver direct to employee
Employee unboxes device, self deploys Employee unboxes device, self deploys
Device IDs Device IDs
Self-deploy Self-deploy
IT Admin IT Admin
Configure Profile Configure Profile
Windows Autopilot deployment service Windows Autopilot deployment service
  1. Enroll your Surface device in Windows Autopilot at the time of purchase (with a qualifying Microsoft partner).
  2. Configure Windows Autopilot deployment service device profiles. The profile settings will tell the service how to configure the device.
  3. Have the Surface shipped directly to your employee.
  4. Employee unboxes device, turns it on, connects to a network, and signs in.
  5. The device connects to the Windows Autopilot deployment service and downloads the configuration settings.
  6. Windows 10 setup completes, using the Windows Autopilot profile settings, connecting to Azure AD and Microsoft Intune.
  7. Once connected to Azure AD and Intune, the device downloads and implements additional policies and configuration settings from Intune, including app installation.
Surface and Microsoft 365 – better together

Configuring Autopilot with Intune

For most organizations making the transition from traditional device management to modern device management, you will want to use Intune to manage Surface devices. This includes managing device deployments with Windows Autopilot.

Configuring Autopilot with Microsoft Store for Business

You can also configure and manage Windows Autopilot profiles from the Microsoft Store for Business. This is a good option for organizations that have not started adopting Intune yet. It’s also a good option when you are working with a partner for device fulfillment and are not giving that partner access to your Intune environment.

Partner opportunities with Windows Autopilot

As a Microsoft partner, you can administer Windows Autopilot for your clients, including device hardware IDs. Some Surface partners are enabled for Windows Autopilot and can enroll devices directly for you or your customers. Check for the most current list of Surface partners.

If you are not purchasing Surfaces through one of these partners for your clients, you can still register the Surfaces your clients purchase for them. You can configure Autopilot for your clients, and upload Surface hardware IDs within Intune, Microsoft Store for Business, or Partner Center.

Modernize device and software configuration with Surface and Intune

Intune is the tool of choice for configuring your Surface. It provides a platform that you can use to manage Surface and many other modern devices, including those running Windows, Android, iOS, and Mac operating systems. Intune lets you manage employee-owned devices as well as corporate-owned devices, which makes it the perfect tool for transitioning to modern management. With Intune, you can manage the following Surface device settings directly:

Certificates Certificates
BitLocker BitLocker
Email Email
Windows security baselines Windows security baselines
Update Settings Update Settings
Device features Device features
VPN Connections VPN connections
Wi-fi connections Wi-fi connections
Certificates Certificates
BitLocker BitLocker
Email Email
Windows security baselines Windows security baselines
Update Settings Update Settings
Device features Device features
VPN Connections VPN connections
Wi-fi connections Wi-fi connections

In fact, because Surface is the premier platform for Windows features such as Windows Hello, you get the most complete cloud management experience with Intune and Surface. For applications, Intune’s ability to configure Windows Information Protection (WIP) policies combined with Azure AD, and capabilities built into various devices make this possible to protect your data, even if the Surface device you are managing is personally owned.

Deep integration between Intune, Surface, Windows 10, and Office 365 gives you even more control. For example, you can configure custom suites of Office 365 apps, choose how and when those apps are updated, and even decide which apps are mandatory. You can also remotely wipe Intune managed devices completely, lock them, or reset passcodes – protecting data in case a device is lost or stolen. Or, you can use Fresh start to remove all applications and install the latest version of Windows.

Designed for the modern workplace

Manage and update Surface firmware simply

Historically, managing device firmware settings has been difficult. If any configuration and management option was provided at all, it was custom OEM-provided software. For Surface, however, Surface Enterprise Management Mode (SEMM) allows you to configure firmware settings on Surface devices with Surface unified extensible firmware interface (UEFI) firmware, which is a replacement for BIOS.

SEMM allows you to manage firmware settings using either the Surface UEFI Configurator or with System Center Configuration Manager (Config Manager). You can use the Surface UEFI Configurator to create .msi packages to deploy and administer SEMM using Config Manager. You can also manage SEMM using Config Manager with Windows PowerShell scripts if you install the lightweight Microsoft Surface UEFI Manager on your Surface devices.

Firmware updates with Windows Update for Business

What if I’m not quite ready to go fully modern and have my devices receive Surface firmware or other updates directly?

Firmware updates with Windows Update for Business

Surface also makes firmware updates simple to manage. Microsoft delivers Surface firmware updates using Windows Update and Windows Update for Business. If you currently use Windows Server Update Services (WSUS) for other devices and don’t want to switch to Windows Update across the board, just exclude your Surface devices from the Group Policy that directs devices to receive updates from WSUS.

What if I’m not quite ready to go fully modern and have my devices receive Surface firmware or other updates directly?

As you make the transition to modern management, you may not be ready to let your Surface devices receive firmware and other updates directly. There are some disadvantages to doing so—updates are downloaded directly by each device instead of from a central location, increasing demand on your network, and updates are not subject to review and testing by your administrative team. In that case, you can take the traditional approach and deploy firmware updates with the Microsoft Deployment Toolkit (MDT), Configuration Manager, or Intune.

Faster system updates
One-third the downtime for updates.

Surface customers experience faster system updates than other users. When upgrading to Windows 10 RS4, the average upgrade downtime was under 33 minutes—a 37% reduction from the RS3 upgrade. For Surface devices, with their solid state drive (SSD), the downtime was less than 10 minutes.

Partner opportunities with Intune

Microsoft Intune lets your customers use the devices and applications they love while configuring device settings to meet compliance needs. You can also manage their devices from the cloud or while connected to an existing Configuration Manager infrastructure. Microsoft Intune lets you manage devices in a flexible way that’s best for you and your customers.

You’ll need to make sure that your customers have an Intune subscription, their Surface devices are connected to their Azure AD tenant, and that you’ve been given delegated admin privileges (DAP) in Intune.

Gain Surface insights quickly with Windows Analytics

Windows Analytics is a set of solutions that run as part of Microsoft Operations Management Suite (OMS). The solutions help you gain insights about the current state of your Windows environment, including your Surface devices.

Windows Analytics enables you to monitor:

Monitor Surface health

Monitor Surface health

Identify problem devices and configurations, including misconfigured WIP policies with Device Health in Windows Analytics.

Surface update compliance

Surface update compliance

Inventory Surface (and other) devices and verify their update status with Update Compliance in Windows Analytics.

Surface and application upgrade readiness

Surface and application upgrade readiness

Inventory both your Surface devices and their applications and identify possible compatibility issues with Windows Analytics Upgrade Readiness.

Partner opportunities with Windows Analytics

If you are a Microsoft Partner, making Windows Analytics a part of your service offerings can help you monitor your clients’ Surface devices in a cost-effective manner. Windows Analytics capabilities are available for free as part of OMS—just pay for the data storage fees.

Get started
04

Get started

Surface is designed for the best of Microsoft software—Office, Windows, Microsoft Edge, and Microsoft OneDrive. Because Surface hardware and Microsoft software are built together, your users get a streamlined Office experience. The true power of professional-grade software lets you collaborate with your teams from anywhere and streamline real-time collaborations. Surface reliability and security make sure you don’t skip a beat. You can defend your organization and prevent security breaches by enforcing more secure sign-ins with support for advanced security features built in to Windows.

And possibly more important to you, Surface devices are easy to deploy and manage, making modern management and getting ready for tomorrow easier. With Surface, you can tackle deployment requirements with simplified rollouts, durable hardware, and predictable device costs. Surface integrates seamlessly into your organization, offering easy deployment, management, and procurement. You can also move procurement from a capital expense to an operational expense with Surface as a Service (SaaS). Get the latest devices, software, accessories, services, and support on a cost-predictable, regular subscription basis. You can also secure and manage firmware settings within your organization with SEMM and stay up-to-date on security features with the latest Windows 10 updates.

With Microsoft Surface, you can stay competitive, manage change, and leverage the latest technology advancements so you’re ready for what’s next. Get the assurances of a trusted brand that has consistently delivered industry-leading innovation and is committed to powering future experiences. Surface devices are easy to deploy and manage, making getting ready for tomorrow and modern management easier.

Learn more

Learn more about how Surface can help you power your modern management transformation, visit the Surface devices page on the Windows IT Pro Center at https://www.microsoft.com/itpro/surface.