How to Configure Surface 3 UEFI/BIOS Settings

Microsoft uses a standard BIOS firmware on some of its early devices that include the Microsoft Surface 3. The BIOS was optimized to support Surface hardware features, security, and touch as input. The company, however, later use UEFI as a firmware on newer Surface devices starting with Surface Pro 4 launching in 2015.

In this article, we will walk you through how to enter the Surface 3 BIOS settings. You will also learn how to configure the BIOS settings to check device identity information, improve device security, and more.

Table of contents

1. How to access Surface 3 BIOS settings?
2. What is Trusted Platform Module (TPM)?
3. What is Secure Boot Control?
4. How to Check Your Surface 3 Device Information via BIOS Settings?
5. How to Change System Boot Order on Surface 3?
6. How to Manage Device Security on Surface 3 BIOS Settings?
7. How to Protect BIOS settings with a password on Surface 3?
8. Other Surface BIOS Settings

1 How to access Surface 3 BIOS settings?

You can enter the Surface 3 BIOS setup screen only while your Surface is starting up. Here is how you do that:

1. Shut down your Surface.
2. Press and hold the Volume Up button on your Surface, then press and release the Power button.
3. When you see the Surface logo screen appear, release the Volume Up button. The BIOS settings menu will appear in a few seconds.
   

After you have made any changes to the BIOS settings, you can save or delete those changes by:

Save Configuration and Restart Your Surface

• In the BIOS settings menu, choose Exit Setup, and you will see the following screen:
  
• Now you have 2 options:
  • Yes – Save your changes and restart your Surface.
  • No – turn back to the BIOS settings.

Restart Your Surface without Saving Your Configuration

• In the BIOS settings menu, press the ESC key as in the picture below or press the ESC key if you have a Surface Type Cover connected.
  
• Now you have 2 options:
  • Yes – Delete your changes and restart your Surface.
  • No – turn back to the BIOS settings.

2 What is Trusted Platform Module (TPM)?

The Trusted Platform Module (TPM) is a technology that provides a major advancement over BIOS in hardware-based security features. It is a specialized chip that stores RSA encryption keys specific to each Surface device for hardware authentication.

The TPM technology is a requirement of BitLocker disk encryption. The TPM helps you to encrypt/decrypt the entire disk without requiring your complex long passphrases. It means that the encryption key and decryption key are stored within the TPM chip. So your encrypted disks can’t be accessed on other devices.

3 What is Secure Boot Control?

The Secure Boot is a technology that blocks the loading of uncertified bootloaders and drives. It helps to prevent your Surface from being loaded with unauthorized operating systems and malicious software applications.

If you desire to install other operating systems like Ubuntu, or other Linux distributions, you may need to disable this feature in the BIOS settings above.

4 How to Check Your Surface 3 Device Information via BIOS Settings?

Through BIOS settings, you can find out more information about your device identities such as System UUID, Serial Number, and Asset Tag. To check that information:

• Enter Surface BIOS settings as per the instructions above.
• In the BIOS settings menu, choose Device Information and you will see the following information:

See also: How to manage asset tag on Surface 3.

5 How to Change System Boot Order on Surface 3?

To change the alternate system boot order on your Surface 3:

• Enter Surface BIOS settings as per the instructions above.
• In the BIOS settings menu, you will see Configure Alternate System Boot Order as below:

• Select the option and choose one of the following options:
  • SSD only
  • Network -> USB -> SSD

6 How to Manage Device Security on Surface 3 BIOS Settings?

Surface 3 allows you to disable some of your surface device components and features to meet your specific Security requirements. You can enable or disable those security options by:

• Enter Surface BIOS settings as per the instructions above.
• In the BIOS settings menu, choose Advanced Device Security and you will see the following options:
  
• In my Surface 3 with BIOS Version 2.17.1246, there are the following advanced security options:
  • Side USB – enable/disable the ability to boot from a USB device. However, the side USB port remains enabled in Windows.
  • Front Camera – enable/disable the front-facing camera.
  • Rear Camera – enable/disable the main rear camera.
  • On-Board Audio – enable/disable internal audio or speakers.
  • SD Port – enable/disable the microSD port.
  • WiFi – enable/disable Wi-Fi. It will also disable Bluetooth if you disable the WiFi option.
  • Bluetooth – enable/disable the internal Bluetooth.

7 How to Protect BIOS settings with a password on Surface 3?

You can prevent others from changing your BIOS settings by setting an Administrator Password in BIOS settings. To do that:

• Enter Surface BIOS settings as per the instructions above.
• In the BIOS settings menu, choose Administrator Pass and you will see the following requirements:
  
• You will need to enter a password in the box with your keyboard or the on-screen keyboard with the following criteria:
  • Minimum Length: 4 characters
  • Maximum Length: 20 characters
  • Alphanumeric values only

Other Surface BIOS Settings

We have also covered this topic for other Surface PCs as well, to learn more about other Surface’s BIOS settings check the link below:

• Surface Go UEFI Settings
• Surface 3 UEFI Settings
• Surface Pro 3 BIOS Settings
• Surface Pro 4 UEFI Settings
• Surface Pro (2017) UEFI Settings
• Surface Book UEFI Settings