What you need to know
- Microsoft breaks down the security features of the Surface Laptop 4 in a recent post.
- The Surface Laptop 4 is the second secured-core PC from the Surface family of hardware.
- The Surface Laptop 4 has several layers of security, including hardware, software, and firmware protection.
Microsoft recently announced the Surface Laptop 4. The newest member of the Surface family has plenty of options, including allowing people to choose an AMD or Intel CPU as well as either a 13.5-inch or 15-inch body. To protect the Surface Laptop 4 and any information people store on it, Microsoft built in several security measures. Microsoft breaks down the security features in a recent post. Specifically, the post breaks down the security elements of the AMD-powered Surface Laptop 4.
The Surface Laptop 4 is the second secured-core PC from the Surface family of hardware, the first being the Surface Pro X for Business. Secured-core PCs have several security features built-in, including virtualization-based security, System Guard, and kernel DMA protection. They also offer multiple layers of protection, including hardware, firmware, software, and identification. Microsoft goes into more depth about secured-core PCs on its website.
The Surface Laptop 4 also has the Trusted Platform Module 2.0 (TPM) and an AMD Ryzen Mobile processor with System Guard. Kernel Direct Memory Access Protection is pre-enabled on the Surface Laptop 4 and helps protect against Direct Memory Access (DMA) attacks.
Microsoft built its own Unified Extensible Firmware Interface (UEFI) that's within the Surface Laptop 4 as well as other devices. As explained by Microsoft, it is "essentially a modern version of a BIOS that initializes and validates system hardware components, boots Windows 10 from an SSD, and provides an interface for the OS to interact with the keyboard, display, and other input/output devices."
The UEFI can be updated through Windows Update, which means you don't have to use a third-party piece of software or a website to grab an update. Microsoft shared an example of how this setup allowed the company to roll out an update to address Spectre and Meltdown right away.
The Surface Laptop 4 also supports Surface Enterprise Management Mode. This lets you remotely enable or disable components of the Surface Laptop 4. This improves security by reducing how many components can be utilized by attackers.
Virtualization-based security (VBS) provides another layer of protection for the Surface Laptop 4. It creates a hardware-based security boundary that separates security features and sensitive data from any vulnerabilities in Windows 10.
On top of all these features, the Surface Laptop 4 supports several types of identity protection. People can use Windows Hello with the device, including support for biometric logins and FIDO2 keys.
While no device is impenetrable, Microsoft put in quite a bit of effort to help secure the Surface Laptop 4.
Secured-core PC
The Surface Laptop 4 is the second secured-core PC from Microsoft. It has security features on every level, including hardware, firmware, and software.
