How to Configure Surface Pro UEFI/BIOS Settings

In this article, you will find out how to enter the Surface Pro (2017) UEFI/BIOS settings and how to manage device boot order, devices, security and more.

Configuring Surface Pro UEFI/BIOS Settings

You might already know that since the first generation of Microsoft Surface Pro (2013) and Surface 3, Microsoft has implemented a new firmware called Unified Extensible Firmware Interface (UEFI) on those devices. As this new firmware interface allows your Surface boot faster and providing better security improvements.

Starting from Surface Pro 4, Microsoft has created their own Surface UEFI for using with newer devices. This new Surface UEFI is currently used on newer devices including Surface Book and Surface Studio.

In this article, you will find out how to get to the Surface Pro (2017) UEFI settings. You will see also about how to configure the UEFI settings to improve the device security, check your device information and more.

1 How to access Surface Pro (2017) UEFI settings?

You can enter Surface Pro (2017) UEFI setup screen only while your device is starting up. Here is how you do that:

  1. Shut down your Surface.
  2. Press and hold the Volume Up button on your Surface, then press and release the Power button.
  3. When you see the Surface logo screen appear, release the Volume Up button. The Surface UEFI screen will appear in a few seconds.How to Enter Surface Pro UEFI/BIOS Settings

After you have made any changes to the UEFI settings, you can restart your Surface by:

  • In Surface UEFI menu, choose Exit, and click on Restart Now

Surface Pro (2017) UEFI Exit Page

2 How to Check Your Surface Pro (2017) Device Information via UEFI settings?

The first displayed page when you enter UEFI settings is PC information page. On the page, you can find out more information about your device identities such as Model, System UUID (Universally Unique Identifier), Serial Number, and Asset Tag. Moreover, it also displays all important system other components version that you might need for troubleshooting.

Surface Pro (2017) UEFI > PC Information

3 How to Configure Device Boot Order on the new Surface Pro (2017)?

To change the alternate system boot order on your Surface Pro:

  1. Enter Surface UEFI settings as the instructions above.
  2. In Surface UEFI menu, go to Boot Configuration page as below:

Surface Pro (2017) UEFI > Boot Configuration

On the “Configure boot device order” page, you can:

  • Rearrange boot order by drag and drop any boot option available in the list.
  • Enable or disable any boot option by using the checkbox
  • Remove available boot option permanently by using the trash button.

Note if you accidentally delete Windows Boot Manager from your Master Boot Record, simply restart your Surface and Windows Boot Manager will reinstall automatically.

4 How to Manage Device Components on Surface Pro (2017)?

Surface Pro allows you to disable some of your surface device components and features to meet your specific security requirements. You can enable or disable those components by:

  1. Access Surface UEFI settings as the instructions above.
  2. In Surface UEFI menu, go to Devices and you will see the following options:Surface Pro (2017) UEFI > Devices
  3. In my Surface Pro with System UEFI version 231.1662.769, you can choose to enable or disable following device’s components or ports:
    1. Docking USB Port
    2. Front Camera
    3. Rear Camera
    4. IR Camera
    5. On-board Audio
    6. SDcard
    7. Wi-Fi & Bluetooth
    8. Bluetooth
    9. Type Cover port

5 How to change your Surface Pro (2017) Date and Time via Surface UEFI?

The new Surface UEFI now allows you to set your Surface Pro’s date and time right on UEFI settings page. To check or set date and time for your Surface Pro:

  1. Enter Surface UEFI settings as the instructions above.
  2. In Surface UEFI menu, go to Date and Time page as below:Surface Pro (2017) UEFI >Date and Time
  3. To set a new date and time, select the edit box and type your new date and time.
  4. Press Enter to apply changes.

6 How to Protect UEFI settings with a password on Surface Pro (2017)?

You can prevent others from changing your UEFI settings by setting an Administrator Password in UEFI settings. To do that:

  1. Enter Surface UEFI settings as the instructions above.
  2. Go to Security section as below:Surface Pro (2017) UEFI > Security
  3. To set UEFI password, click on Add or Change button and you will see the following requirements:Surface Pro (2017) UEFI > Add Password
  • You will need to enter a password in the box with your keyboard or the on-screen keyboard with following criteria:
    • Minimum Length: 6 characters
    • Maximum Length: 128 characters
    • May contain a combination of letters, numbers, and special characters.
  • In case that you have already set the password before and you want to remove it, simply leave the password box as blank.

Note If you enter the administrator password incorrectly three times, you’ll be locked out of the UEFI. Restart your Surface to enter the password again.

Important If you set a password for the UEFI, record it in a safe place. If you forget the password, you won’t be able to access the UEFI settings. You can only reset the administrator password from within the UEFI.

7 What is Secure Boot Control?

Surface Pro (2017) UEFI > Change Secure Boot Configuration

The Secure Boot is a technology which blocks the loading of uncertified bootloaders and drives. It helps to prevent your Surface being loaded with unauthorized operating systems and malicious software applications.

Surface Pro (2017) UEFI > What is Secure Boot?

If you desire to install other operating systems like Ubuntu, or other Linux distributions, you may need to disable this feature in the UEFI settings above.

8 What is Trusted Platform Module (TPM)?

Surface Pro (2017) UEFI > What is TPM?

The Trusted Platform Module (TPM) is a technology that provides a major advancement over BIOS in hardware-based security features. It is a specialized chip that stores RSA encryption keys specific to each Surface device for hardware authentication.

The TPM technology is a requirement of BitLocker disk encryption. The TPM helps you to encrypt/decrypt entire disk without required your complex long passphrases. It means that the encryption key and decryption key are stored within the TPM chip. So your encrypted disks can’t be accessed on other devices.

Other Surface’s UEFI Settings

We have also covered this topic for other Surface PCs as well, to learn more about other Surface’s UEFI settings check the link below:

Surface Deals

Comments (0)

Read These Stories Next