Windows intune, Group policy, Features – Microsoft Surface 3 User Manual
Page 154: Firmware, Asset tagging
© 2014 Microsoft
Page 154
Windows Intune
Windows Intune is a cloud based management solution that provides a web-accessible interface for management of
your client systems. Unlike SCCM, Windows Intune supports management of Windows clients that are not domain
joined and those that do not require connectivity to the corporate network, which can make it an ideal solution for
organizations with remote workers or disconnected offices. Windows Intune is not covered further in this guide.
Group Policy
Surface Pro 3 devices joined to active directory (AD) can be managed using the same group policies that are used to
manage other Windows client systems. These group policies can be used to control the experience of the Start Screen,
access to the Windows Store, and many other components of the Windows operating system. Links to the
documentation for management of Windows clients with group policy are found in the Appendix of this guide.
Features
Surface Pro 3 devices include a number of additional features and capabilities above and beyond a standard PC. These
features are described in this section. For some of these features, additional processes for administration and
deployment may be required, which are detailed in
Firmware
Surface Pro 3 device firmware is provided as a driver package and can be updated by deploying the latest firmware
drivers from the Firmware and Driver pack to the device. This process can be performed during deployment, as is
described in
. However, when new firmware is deployed to an existing device, the process can be a bit more
complicated. The firmware updates are made available through the standard Windows Update channel, so if your
Surface Pro 3 device receives updates directly from Windows Update, it will be updated automatically. The firmware
updates are not made available for use with Windows Server Update Services (WSUS), so if your organization manages
updates with WSUS, the firmware must be deployed separately.
Note: To deploy updated firmware without performing an operating system deployment, the following PowerShell
script can be placed in the root folder of the extracted Firmware and Driver Pack. To save this PowerShell script, copy
the text into Notepad and save the file as a .ps1 file.
$ScriptPath = Split-Path -parent $MyInvocation.MyCommand.Definition
$files = get-childitem -path $Scriptpath -recurse -filter *.inf
foreach ($file in $files)
{
Write-host "Injecting driver $file"
pnputil -i -a $file.FullName
}
Asset Tagging
The firmware of Surface Pro 3 devices supports asset tagging, where a customized string used to identify a device can be
written directly into the firmware of the device. This enables devices to be easily tracked and identified, even when the
operating system is changed through deployment or when the device is passed between users. The process for writing
the asset tag is covered in the