Ayaan_Rehmani - Some of the key security highlights I'd call out for these devices:
- Both:
- Windows Hello Enhanced Sign-in Security, enabled by default.
- Granular USB-C disablement which includes Dynamic USB-C disablement to lock down USB-C ports whenever your device is undocked/docked to an unauthorized or authorized dock. This is currently supported with the Surface Thunderbolt 4 Dock. We've got a technical overview here: Manage USB ports on Surface devices but note that we'll have updates to that doc and more details to share in the coming weeks.
- We've begun rewriting key elements of our firmware using RUST to help further reduce attack surface areas across our platform (see this blog)
- Backed by a secure supply chain for delivery (more details will be available in an upcoming blog)
- Both devices meet the standards of Secured-core PC which are grounded in the latest chip-to-cloud security measures that we've adopted (VBS/HVCI enabled, FASR enabled, removable SSD for data retention, WUFB for firmware and security updates, DFCI for managing the Surface firmware, etc.).
- Surface Pro 10 for Business
- Includes NFC on most SKUs which provides additional sign in methods including FIDO2.0
- Optional 5G coming available later this year to minimize the need to rely on potentially unsecure, public Wi-Fi.
- Surface Laptop 6 for Business
- Optional Smart Card Reader in select SKUs in select markets for customers who require that capability for regulatory reasons
Hope that helps!
Microsoft