Since the first generation of Microsoft Surface Pro and Surface 3, Microsoft has implemented custom BIOS firmware on those devices to support required hardware features and securities.
Starting with Surface Pro 4, Microsoft has created its own UEFI firmware for use with newer devices. This new firmware is called Surface UEFI which is currently used on newer devices including Surface Go, Surface Book, and Surface Studio.
In this article, you will find out how to enter Surface Pro 4 UEFI settings. You will also learn how to configure the UEFI settings to improve the device security, check your device information, and more.
- How to access Surface Pro 4 UEFI settings?
- How to Check Your Surface Pro 4 Device Information via UEFI settings?
- How to Configure Device Boot Order on Surface Pro 4?
- How to Manage Device Components on Surface Pro 4?
- How to Protect UEFI settings with a password on Surface Pro 4?
- What is Secure Boot Control?
- What is Trusted Platform Module (TPM)?
- Other Surface UEFI Settings
1 How to access Surface Pro 4 UEFI settings?
You can enter the Surface Pro 4 UEFI setup screen only while your device is starting up. Here is how you do that:
- Shut down your Surface.
- Press and hold the Volume Up button on your Surface, then press and release the Power button.
- When you see the Surface logo screen appear, release the Volume Up button. The Surface UEFI screen will appear in a few seconds.
After you have made any changes to the UEFI settings, you can restart your Surface by:
- In the Surface UEFI menu, choose Exit, and click on Restart Now
2 How to Check Your Surface Pro 4 Device Information via UEFI settings?
The first displayed page when you enter UEFI settings is PC information page. On the page, you can find out more information about your device identities such as Model, System UUID (Universally Unique Identifier), Serial Number, and Asset Tag. Moreover, it also displays all important system other components version that you might need for troubleshooting.
See also: How to manage asset tag on Surface Pro 4.
3 How to Configure Device Boot Order on Surface Pro 4?
To change the alternate system boot order on your Surface Pro 4:
- Enter Surface UEFI settings as per the instructions above.
- In the Surface UEFI menu, go to the Boot Configuration page as below:
On the “Configure boot device order” page, you can:
- Rearrange the boot order by dragging and dropping any boot option available in the list.
- Enable or disable any boot option by using the checkbox
- Remove the available boot option permanently by using the trash button.
4 How to Manage Device Components on Surface Pro 4?
Surface Pro 4 allows you to disable some of your surface device components and features to meet your specific security requirements. You can enable or disable those components by:
- Access Surface UEFI settings as per the instructions above.
- In the Surface UEFI menu, go to Devices and you will see the following options:
- In my Surface Pro 4 with System UEFI version 106.1427.768, you can choose to enable or disable the following device’s components or ports:
- Docking USB Port
- Front Camera
- Rear Camera
- IR Camera
- On-board Audio
- Wi-Fi & Bluetooth
- Type Cover port
5 How to Protect UEFI settings with a password on Surface Pro 4?
You can prevent others from changing your UEFI settings by setting an Administrator Password in UEFI settings. To do that:
- Enter Surface UEFI settings as per the instructions above.
- Go to the Security section below:
- To set the UEFI password, click on Add or Change button and you will see the following requirements:
- You will need to enter a password in the box with your keyboard or the on-screen keyboard with the following criteria:
- Minimum Length: 6 characters
- Maximum Length: 128 characters
- May contain a combination of letters, numbers, and special characters.
- In case you have already set the password before and want to remove it, simply leave the password box blank.
6 What is Secure Boot Control?
The Secure Boot is a technology that blocks the loading of uncertified bootloaders and drives. It helps to prevent your Surface being loaded with unauthorized operating systems and malicious software applications.
If you desire to install other operating systems like Ubuntu, or other Linux distributions, you may need to disable this feature in the UEFI settings above.
7 What is Trusted Platform Module (TPM)?
The Trusted Platform Module (TPM) is a technology that provides a major advancement over BIOS in hardware-based security features. It is a specialized chip that stores RSA encryption keys specific to each Surface device for hardware authentication.
The TPM technology is a requirement of BitLocker disk encryption. The TPM helps you to encrypt/decrypt the entire disks without requiring your complex long passphrases. It means that the encryption key and decryption key are stored within the TPM chip. So your encrypted disks can’t be accessed on other devices.
Other Surface UEFI Settings
We have also covered this topic for other Surface PCs as well, to learn more about other Surface’s UEFI settings check the link below:
Let us know what you think!
We appreciate hearing your thoughts, questions, and ideas about “How to Configure Surface Pro 4 UEFI/BIOS Settings”.
I have a Surface 4 Pro and cannot access the bios. Nothing happens when I press and hold the volume up button then press the power button and then release the volume button at the Surface logo.
simultaneous press power volume up, release power and hold power up…should boot UFEI
I forget my UEFI password, what option I have to reset it
el iniciar la surface 4 pro, aparece una franja roja con un candado abierto en la parte de arriba , como puedo eliminarla ?
Hello. My surface os block on UEFI settings, how can I restore that. Thank you
My surface Pro is stuck on the Surface UEFI screen and every time it restarts it reverts to this screen. How can I move pass this? It’s frustrating, I can’t get to use my device!
So I bought a surface pro 4 off eBay and I got a really good deal on it because it didn’t have a OS installed, I’m not super savvy with computers, and I didn’t realize exactly what I was looking at when I turned it on for the first time and came too the UEFI menu, I just saw I could set a password for UEFI so I did. The reason I bought this device is because I’ve had a serious cyber security crisis happen in my life and everything I’ve done over the past few months has been documented by whom I’m pretty sure is someone in life. In my immediate circle of friends. Soooooo I disabled Bluetooth, WiFi, (my phone was rooted via ABD files I’m pretty sure) and I made it only boot from Microsoft I think? Might’ve disabled the USB too. I’m not sure. I write all my passwords down now and I constantly have too change them. And I know I wrote this one down but I don’t label my passwords cuz I’m normally pretty frantic changing them because it’s frustrating. Well. I can’t remember my password. I put a tempered glass screen protector on this very nice device when I got it and I noticed that when I was entering countless password combinations that sometimes my touch wouldn’t register and that’s not something I payed attention too when I set the password. So it could just be off by one letter but my USB might be disabled and Microsoft only software is the only thing bootable. It never had a OS, but I set the password. I have proof of purchase and everything. If anything can be done please help. There’s a lot of things that can be done in windows too help secure my privacy online that can’t be done on Android os (my phone) and I’m stuck in life until I know 100% with certainty that my privacy has been secured online. I didn’t know giving someone the WiFi password was something too even be cautious with but I mean now I get it. This is just a very niche problem that I’m having and I’m not finding anything online. Please help.
Most new wifi routers allow you to create a guest network that your guest can use and keeps them off of your home (internal network). No need to panic… get a new router from Best Buy or wherever and life life..