Secure Surface Dock 2 ports with Surface Enterprise Management Mode
Published May 26 2020 04:30 PM 11.2K Views

When we started developing the new surface dock, a key priority was to enable IT admins to secure and manage all the ports using Surface Enterprise Management Mode (SEMM). Today, we’re very pleased to announce this key management feature is now supported in Surface Dock 2 on Surface Book 3, Surface Laptop 3, and Surface Pro 7. 


See Microsoft Docs for full documentation and a live demo from Surface Specialist Tyler Ross. 



IT admins can now deploy port settings on end user devices. Based on if a device is authenticated or unauthenticated, the package gets applied to the host.  We anticipate this will be particularly useful in open offices and shared spaces especially for customers who want to lock USB ports for security reasons. Here’s a screenshot of what that looks like for IT admins using SEMM. Note how USB ports are disabled only for unauthenticated hosts but the ports will function normally for all other scenarios.




This feature provides another tool for IT admins to better secure corporate devices in remote or work from home scenarios. For example, employees can use their Surface device along with the new dock with USB enabled; but if they switch to a personal device, the USB ports in Surface Dock 2 are disabled. Users can determine which ports are enabled or disabled along with other key information by opening the Surface app on their system (Start > Surface), as shown here:




The Accessories tab shows the serial number and firmware version:




Learn more

Version history
Last update:
‎Jun 09 2020 11:27 AM
Updated by: