AzureFeeds

Last year, Microsoft Surface presented its Secure by Design strategy – our commitment to building secure, trustworthy experiences from chip to cloud. Since then, we’ve delivered on that promise with incremental and impactful security innovations that address an evolving threat landscape and align with broader Microsoft and national initiatives. 

One such effort is our adherence to the Secure by Design Pledge from the U.S. Cybersecurity and Infrastructure Security Agency (CISA)—a voluntary commitment by software companies to prioritize security throughout the product lifecycle. The goal: reduce vulnerabilities before software hits the market.  

Microsoft Surface is committed to leading the industry in secure development practices, establishing a robust security baseline and safeguarding customers along with their data.  

Secure Development Lifecycle 

Surface continues to apply Zero Trust principles across its supply chain and development processes. By applying rigorous security controls at every phase—from conception and design to production, delivery and maintenance—Surface devices are built to be secure by design, secure by default and secure in deployment. In alignment with US Executive Order 14028 (“Improving the Nation’s Cybersecurity”), Surface continues to uphold a secure supply chain and Secure Development Lifecycle (SDL).  

Over the past year, we’ve maintained regular supplier audits to mitigate risks like ransomware, phishing and malware. Participation in national and global programs such as the Customs-Trade Partnership Against Terrorism (C-TPAT) and the Transported Asset Protection Association (TAPA) has further strengthened our digital and physical supply chains and bolstered partnerships with global trade communities. 

Surface also integrates advanced tooling to identify and address vulnerabilities early:  

• CodeQL: Performs static code analysis to identify risks before release.  


• Windows Hardware Lab Kit (HLK): Validates certification, reliability and key security features through a continuously evolving test suite that reflects ongoing platform improvements. 


• Cryptographic signing: Microsoft and its trusted partners also digitally sign software components for software integrity during boot and installation. For example, all code running as part of a device’s Secure Boot must be signed by a trusted certification authority (CA) for a reliable and safe boot process.  

Surface devices benefit from constant threat monitoring by Microsoft and Surface Security teams, with rapid response capabilities. And users receive security patches quickly through Windows Update, with new Hotpatches applying the latest security fixes without restarts or workflow disruption. 

In an ever-changing technology landscape, Surface remains steadfast in its commitment to security, ensuring devices are secure by design and rooted in a robust development lifecycle and supply chain. 

A New Baseline for Device Security 

Since late 2021, every Surface device running Windows 11 meets Secured-Core PC (SCPC) standards, integrating hardware, firmware and software protections by default. These features protect against a wide range of threats including malware, physical possession issues (like loss or theft) and device access attacks to defend the device in a variety of scenarios.  

Importantly, last year marked the release of Surface Copilot+ PCs. These devices include built-in Microsoft Pluton security processors integrated into the System on Chip (SoC). These processors enable platform capabilities—such as future support for secure key storage in hardware—to enhance security and reliability. With multiple layers of protection from firmware to applications, these AI-focused devices build on existing security baselines for additional out-of-the-box security. 

Moreover, Surface invests heavily into securing its most fundamental and lowest levels of technology, including Unified Extensible Firmware Interface (UEFI), microcontroller unit (MCU) and drivers to ensure that every layer of the device is protected from potential threats. This comprehensive approach to security helps safeguard the entire system, from the initial boot process to the interactions between hardware and software components. Recently, Surface has been investing greatly in memory safety and plans to scale these investments in the future.  

Key highlights from the past year

UEFI

System boot firmware, of which UEFI is a part, is responsible for securely booting the system. It contains code for initializing system hardware and setting up high-privilege environments such as SMM and TrustZone. When you turn on your computer, this is the firmware that checks that the highest privilege environments are running authentic code and that everything is working properly before handing over control to the OS. It also securely attests to the system state via measurements into the TPM so that the OS can have confidence that the system has not been running compromised code prior to OS load.  

In the last year, the Surface UEFI team has invested in memory safety via Rust code adoption for certain critical components, including some used for human input to the device, like a mouse. This ushers in a new standard for secure computing, as Rust’s memory-safe architecture is designed to prevent entire classes of vulnerabilities, such as buffer overflows and use-after-free bugs, which have historically accounted for a significant portion of security issues in system-level code. 

Additionally, Surface UEFI has continued its commitment to Microsoft-built UEFI to reduce reliance on third party firmware and reduce device attack surface, making it harder to introduce vulnerabilities to the system. The Surface UEFI team has also persisted in contributing to open-source Project Mu – a benefit to the entire Windows ecosystem.  

MCU 

MCU controls specific functions like managing timing, temperature controls and user inputs. It also can handle power management and communication between different parts of the system.

Last year, the Surface MCU team adopted Rust to improve memory safety in a component responsible for parsing communication between system modules. This investment helps ensure secure and reliable communication while mitigating an entire class of memory-related vulnerabilities. 

Drivers 

Drivers allow the OS to communicate with hardware components, such as graphic cards or keyboards. 

Over a year ago, the Surface Drivers team introduced windows-drivers-rs (WDR), an open-source initiative that brings a Rust-based  framework to Windows driver development. Since then, the team has expanded Rust API coverage across the Windows Driver Framework (WDF).  

Surface is now partnering with Windows teams to accelerate adoption with a shared commitment to enhancing memory safety and enabling broader Rust-based driver development across the Windows ecosystem. The GitHub-hosted project is being actively developed in collaboration with Windows teams and external contributors. Key features include:  

• Metadata Configuration System to configure the Windows Driver Kit (WDK) based on driver type (UMDF, KMDF, WDM) and target Operating System. 

• Binding generation support for core driver components like base DDK, WDF, HID, GPIO, Parallel Ports, SPB, Storage and USB.   

• Idiomatic Safe Abstractions for WDF, improving safety and code quality. 

• 1st-Party Cargo Plugin for better post-build developer workflows. 

We are committed to using the WDR project in Surface-developed drivers.  

Seamless inbox security 

At the heart of Surface is the user. Coupled with Windows, Surface devices seamlessly safeguard users and their data by default.  

Microsoft Defender and BitLocker 

By leveraging Windows OS protections, Surface users benefit from built-in anti-virus Microsoft Defender and BitLocker encryption to provide next-generation protection against threats and malware. Many of these protections work seamlessly in the background with minimal configuration, helping keep user data secure without compromising performance. Some features, such as key management in BitLocker, may require additional setup depending on your environment. 

Windows Hello with Enhanced Sign-in Security 

Surface devices also provide secure passwordless experiences using Windows Hello with Enhanced Sign-In Security. Using Windows Hello – PIN, Face, or Fingerprint – coupled with Microsoft Entra ID provides a seamless multifactor authentication (MFA) solution to greatly reduce identity-based attacks for businesses. The Windows Hello team continues to improve users’ experiences and expand passkey support to ensure users have simple and secure access to their devices and data.  

Advanced security tools 

Meanwhile, Surface for Business continues to offer enterprise-grade security and control through Surface Enterprise Management Mode (SEMM) and Device Firmware Configuration Interface (DFCI), enabling IT admins to remotely manage hardware components like cameras and Bluetooth. The Surface IT Toolkit simplifies secure data erasure when devices are transferred or retired. Flexible management and deployment options, including cloud-based and traditional methods, streamline device setup, configuration and management. Additionally, secure decommissioning is supported with removable SSDs and the Surface Data Eraser, ensuring data is inaccessible after a device leaves the organization.  

Surface and the road ahead 

Microsoft Surface’s Secure by Design strategy has made significant strides in building trustworthy and secure experiences from chip to cloud. Over the past year, we’ve expanded our security investments and aligned with national initiatives like CISA’s Secure by Design Pledge to help raise the industry standard. With advances in memory safety, Pluton technology and Windows OS protections, Surface devices are well-equipped to meet today’s evolving threats. Whether for individuals or organizations, Surface remains focused on delivering the latest innovations to help safeguard your data, your identity and your peace of mind.