<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=492489&amp;fmt=gif">
Group 403

Unpacking Remote Work With Microsoft Surface

June 8, 2021
Read Time 6 mins

From video chats and quick tasks to major projects, look to Surface to help you handle it all. In this article, we take a look at the Microsoft Surface family of devices. 

Designed for the modern workplace, Microsoft’s leading range of Surface devices are the perfect fit for any office environment – even if that office is the kitchen table or corner coffee shop.

From people always on the move to those who tackle intensive creative tasks, there is a Surface that’s a perfect match for everyone on your team. Surface laptops and 2-in-1s are small business-ready.

Covered In This Article:

Security, Wherever You Are
Integration With The Windows Ecosystem
IT Pro Resources
Easy Deployment Across Your Workforce


Across industries, the shift to remote and hybrid productivity was a tipping point to redefine the future of how we work, collaborate and learn outside physical office spaces or classrooms. We have seen a significant increase in the reliance on technology to keep organisations connected.

In the past year, Surface usage within enterprise organisations nearly doubled, driven by strong growth in the use of collaboration and productivity apps to maintain business continuity.

As a company, Microsoft is committed to designing technology that fosters productivity, creativity and connection to empower people to be successful wherever they work and learn in an office or classroom, or remotely. The Surface line of devices embraces just that.

For the latest and greatest Windows hardware on the market, look no further than Microsoft's Surface brand. Best known for innovative, tablet-like designs, Microsoft has expanded its Surface line over the years and now offers a full family of computers.

But with so many to choose from, how do you know which one is right for you? Just like a hammer has a purpose in a toolbox, so does each Surface device. Whether you’re plotting and planning your latest campaign with your team in the boardroom or working remotely from a coffee shop, there is a solution for you.

Security, Wherever You Are, With Microsoft Surface

The adoption of mass remote working during the Coronavirus crisis has helped to keep workers safe but it has also introduced further security challenges for businesses. As a result, the extra hardware security enhancements packaged with the Microsoft Surface devices are sure to be welcomed by firms and employees alike.

Keep data secure from a Surface device’s first deployment to its last, no matter how many times and under what circumstances it changes hands.

  • Cloud-First Deployment and Management: Deploy and manage down to the firmware layer through the cloud with Microsoft Endpoint Manager13 and DFCI.6 Reduce IT complexity with Windows Autopilot.
  • Windows Virtual Desktop: Meet complex business and security requirements with broad device redirection support, endpoint protection and Microsoft 365 virtualised in Azure.
  • OneDrive for Business: Access and protect your business and school work with this intelligent files app. Share and collaborate from anywhere, on any device.
  • Collaborate with Teams: Work better together. New integrations allow you to create shareable links, grant expiring access and follow configured policies.

Surface with Microsoft 365 provides unique protection at the front line. To provide a few illustrations of how devices may be vulnerable and how this new level of protection can support organisations and frontline workers. Here are a few commonplace examples:

Stolen Device

  • Data on the hard drive is encrypted. Surface devises ship with BitLocker drive encryption enabled by default, so the data on the hard drive cannot be accessed without credentials or the encryption key. Even if the hard drive is removed from the device and inserted into a new device, it cannot be decrypted.
  • USB booting is prevented because the organisation used Microsoft Endpoint Manager to proactively turn off the ability to boot from USB through the firmware-level control that the Surface device offers.
  • There is zero access to data even if the SSD is removed. If a Surface’s removable SSD is tampered with, the device will shut off power, erasing any residual data in its memory. Since the device is cloud-managed, the organisation can remote wipe all the machine’s contents.

Malicious Intent

  • A Zero Trust approach means that even if a device is authenticated, the current user profile can only access data and content they have permissions for. The retail establishment assumes that a breach is always possible and maintains strict controls over data access. Conditional access capabilities in Microsoft 365 prevent data leakage from both internal and external actors.
  • Any unusual behaviour on the device is automatically detected and remediated with Microsoft Defender for Endpoint, which analyses signals from the device to recognise any abnormal behaviour, like an uncommon executable running on the device. As part of the remediation path, the device is automatically quarantined from the network until the situation is resolved.

Unsecured Network Connection

  • Instead of worrying about encrypting data that could be shared on a public network, the organisation takes a proactive approach to have a guaranteed secure connection, especially for employees in the field, by equipping frontline workers with LTE-enabled devices. The entire Surface 2-in-1 portfolio (Surface Go 2, Surface Pro 7+, Surface Pro X) has LTE available.
  • Any websites, cloud resources, or internal networks not explicitly defined as “trusted” are contained with Microsoft Defender Application Guard. These untrusted sites or files are opened in a virtualised container – essentially a separate PC within the existing PC – to isolate those potentially harmful sites or files from the rest of the device.
entire Surface family

Complete Integration With The Windows Ecosystem

The entire Surface family of devices are integrated seamlessly with the Windows 11 operating system and all the Microsoft applications your business depends on.

OneDrive For Microsoft Surface

With OneDrive cloud storage, you have one place for your important documents, spreadsheets and other files. And OneDrive works across all your devices, so you’ll have everything ready to view and share from your Surface device or the OneDrive mobile app anytime. ​Keep your private and confidential files secured with OneDrive Personal Vault, an extra layer of protection for documents, photos, and videos for you and your family. ​

Microsoft 365

The backbone of any business. Microsoft 365 provides solutions to empower users to work together more securely to improve mission outcomes. With tools like Microsoft Teams, you can transform how you collaborate and coordinate efforts within and across departments.

The hub for teamwork in Microsoft 365, Teams helps users to:

  • Connect employees with stakeholders across departments in a shared workplace.
  • Centralised communication and coordination to provide visibility, and accountability, and keep initiatives moving forward.
  • Enable teams to access resources from virtually anywhere, so they can spend time on the tasks at hand.
  • Do all this while helping to protect sensitive information your teams work with daily.
Microsoft Surface

IT Pro Resources For Microsoft Surface

As workers increasingly interact with workplace applications using mobile devices, tablets, or other mobile form factors, organisations face higher risks of these devices being lost, stolen, or temporarily misplaced.

Surface devices can better protect their devices and data against attacks or accidents. With security capabilities built into the firmware, operating system, and Microsoft 365, Microsoft has taken a comprehensive chip-to-cloud approach to help organisations deliver more protection for employees using Surface devices with Microsoft 365.

In addition to the ways that Surface with Microsoft 365 can help keep frontline devices secure, with cloud management and Windows Autopilot, Surface devices can also be shipped directly to a worker’s location without IT ever touching the device, saving time and effort. As frontline workers increasingly use devices in public spaces, the need to protect sensitive information at the front line has never been more important.

Microsoft Surface

Easy Deployment Of Microsoft Surface Devices Across Your Workforce

Do more with less – fewer resources, less complexity, less associated risk. Improve IT efficiency and reduce costs with remote Surface device deployment and management. Realise cost and time savings with a device portfolio that optimises Microsoft software in the environments your apps are deployed. Businesses that choose Surface and Microsoft 365 E5 see real impact.

  • 4 hours saved for each device deployed: With Microsoft Autopilot and Microsoft Endpoint Manager, which includes Intune, IT departments saw cost and time savings with Surface device deployments.
  • 67% reduction in help desk support calls: IT help desk call times decreased on average from 45 minutes to 15 minutes with Microsoft 365-powered Surface device deployments.
  • 25 hours saved deploying updates on Surface: Reduced challenges when Windows Update pushes patches to Surface devices powered by Microsoft 365.

Windows Autopilot & Microsoft Surface Devices

Windows Autopilot is a cloud-based deployment technology in Windows 10. You can use Windows Autopilot to remotely deploy and configure devices in a zero-touch process right out of the box.

Traditionally, IT pros spend a lot of time building and customising images that will later be deployed to devices that already come with a perfectly good OS already installed on them. Windows Autopilot introduces a new zero-touch deployment approach using a collection of technologies to set up and configure Windows devices. This enables an IT department to configure/customise images with little to no infrastructure to manage and a process that is easy and simple. From the user’s perspective, it only takes a few simple steps to get Surface to a productive state. In fact, the only interaction required from the end-user is to connect to a network and verify their credentials. Everything after that is fully automated.

Windows Autopilot allows you to:

  • Automatically join devices to Azure Active Directory (Azure AD).
  • Auto-enroll devices into MDM services, such as Microsoft Intune (requires an Azure AD Premium subscription).
  • Restrict the Administrator account creation. Autopilot is the only way to have the first person who logs into Windows enter as a standard user.
  • Create and auto-assign devices to configuration groups based on device profiles.
  • Customise OOBE (Out of Box Experience) content and branding to meet organisational requirements.
  • Enable full device configuration with Intune.
  • Reset or restart devices remotely.

Subscribe to our blog