Security and lockdown management – Microsoft Surface Hub 2 SmCamera User Manual
Page 211
To help preserve the appliance-like nature of the device, Surface Hub only supports
installing Universal Windows Platform (UWP) apps, and doesn't support installing classic
Win32 apps, services and drivers. Furthermore, only admins have access to install UWP
apps.
Potential impact on organization policies:
Employees can only use the apps that have been installed by admins, helping
mitigate against unintended use. Surface Hub doesn't support installing Win32
agents required by most traditional PC management and monitoring tools.
For Surface Hub to be used in communal spaces, such as meeting rooms, its custom OS
implements many of the security and lockdown features available in Windows 10 or
Windows 11. To learn more, see
Surface Hub implements these Windows security features:
code integrity
These Surface Hub features provide more security:
Custom UEFI firmware
Custom shell and Start menu limits device to meeting functions
Custom File Explorer only grants access to files and folders under My Documents
Custom Settings app only allows admins to modify device settings
Downloading advanced Plug and Play drivers is disabled
Potential impact on organization policies:
Consider these features when performing your security assessment for Surface
Hub.
Security and lockdown
Management