Secure a SEMM configuration package with a certificateįor more information about the requirements for the SEMM certificate, see the Surface Enterprise Management Mode certificate requirements section later in this article. This confirmation requires a user to be physically present at the device during enrollment to perform the confirmation.įigure 2. When enrolling a device in SEMM, and before the certificate is stored and the enrollment finishes, you're prompted to confirm the operation by providing the last two digits of the SEMM certificate thumbprint. When a configuration package runs for the first time on a Surface device that's not already enrolled in SEMM, it provisions the certificate file in the device’s firmware and enrolls the device in SEMM. The configuration file contains UEFI settings that are specified when the package is created in Microsoft Surface UEFI Configurator. These packages contain a configuration file and a certificate file, as shown in Figure 2. Surface UEFI configuration packages are the primary mechanism to implement and manage SEMM on Surface devices. For ARM devices, download: SurfaceUEFI_Configurator_v2.97.139.0_x86.msi.For Intel/AMD devices, download: SurfaceUEFI_Configurator_v2.97.139.0_圆4.msi.You can download Microsoft Surface UEFI Configurator from the Surface Tools for IT page in the Microsoft Download Center. Use this mode to respond to a recovery request to unenroll a Surface device from SEMM where a Reset Package operation isn't successful.ĭownload Microsoft Surface UEFI Configurator Use this mode to unenroll a Surface device from SEMM. Use this mode to create a Surface UEFI configuration package to enroll a Surface device in SEMM and to configure UEFI settings on enrolled devices. You can use the Microsoft Surface UEFI Configurator tool in three modes: To learn more, see Secure Surface Dock ports with SEMM.įigure 1. You can now use Surface UEFI Configurator and SEMM to manage ports on Surface Dock 2 or Surface Thunderbolt 4 Dock. SEMM packages also contain a certificate that's installed and stored in firmware and is used to verify the signature of configuration files before UEFI settings are applied. These packages contain a configuration file that specifies the UEFI settings. Use WinPE images to enroll, configure, and unenroll SEMM on a Surface device.Create Windows Installer (.msi) packages.You can use Microsoft Surface UEFI Configurator to: The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. For information, see Use Microsoft Endpoint Configuration Manager to manage devices with SEMM. Integration with Microsoft Endpoint Configuration Manager. SEMM standalone tool, Microsoft Surface UEFI Configurator, is described in this article. There are two administrative options that you can use to manage SEMM and enroll Surface devices: When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered unenrolled in SEMM. When Surface devices are configured by SEMM and secured with the SEMM certificate, they're considered enrolled in SEMM. To learn more, see View your system info. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |