Enterprise-grade security, Harden device account with password rotation – Microsoft Surface Hub 2 SmCamera User Manual
Page 298
![background image](/files/873833/content/doc298.png)
Surface Hub 2S enables admins to reinstall the device to factory settings using a
recovery image in as little as 20 minutes. Typically, you would only need to do this if
your Surface Hub is no longer functioning. Recovery is also useful if you have lost the
Bitlocker key or no longer have admin credentials to the Settings app.
Surface Hub uses a device account, also known as a "room account," to authenticate
with Exchange, Microsoft Teams, and other services. When you enable password
rotation, Hub 2S automatically generates a new password every seven days, consisting
of 15-32 characters with a combination of uppercase and lowercase letters, numbers,
and special characters. Because no one knows the password, the device account
password rotation effectively mitigates associated risks from human error and potential
social engineering security attacks.
In addition to Surface Hub-specific configurations and features addressed in this
document, Surface Hub also uses standard Windows security features. These include:
BitLocker
. The Surface Hub SSD is equipped with BitLocker to protect the data on
the device. Its configuration follows industry standards. For more information, see
.
Windows Defender.
The Windows Defender anti-malware engine runs
continuously on Surface Hub and works to automatically remediate threats found
on Surface Hub. The Windows Defender engine receives updates automatically and
is manageable via remote management tools for IT admins. The Windows
Defender engine is a perfect example of our Defense in Depth approach: If
malware can find a way around our core code-signage-based security solution, it
Plug and play drivers.
To prevent malicious code from reaching the device through
drivers, Surface Hub does not download advanced drivers for PnP devices. This
allows devices that leverage basic drivers such as USB flash drives to work as
expected while blocking more advanced systems such as printers.
Trusted Platform Module 2.0.
Surface Hub has an industry standard discrete
Trusted Platform Module (dTPM) for generating and storing cryptographic keys
and hashes. The dTPM protects keys used for the verification of boot phases, the
Harden device account with password rotation
Enterprise-grade security