Covid-19 and the work from home (WFH) move have been particularly challenging for IT administrators.

Colin Erasmus

Colin Erasmus, Modern Workplace and Security Business Group Lead at Microsoft SA, points out that managing an IT infrastructure under the conditions of the last two years have been nothing short of a nightmare for many.

“Just think of the people who have joined companies during the pandemic and lockdowns,” he says. “In the past, they would have gone to IT and got a new device. But those days are gone: if people are working from home you can’t just give them their new computer.

“And with everyone working remotely, day-to-day administration is a nightmare too – IT has to manage devices remotely, ensure their security and wipe them if they are lost or stolen.”

To improve employee experience across organisations, firms are looking to replace legacy device technologies with more flexible hardware solutions and cloud technologies to support modern work environments, where employees can remain productive, collaborate and stay secure from any location.

CIOs are looking to provide employees with better performance, collaboration and teamwork, and productivity – and, with the right tools, they can save their companies money as well.


Better management drives cost savings

With Microsoft 365, Microsoft AutoPilot and Microsoft EndPoint Manager, which includes Intune, Surface can unlock substantial IT time savings by automating the traditional run model, allowing IT to focus on end user experience​.

Up to four hours can be saved in provisioning per device, using zero-touch deployment, while cloud management of the device firmware can cut a further 3,25 hours in application updates.

Microsoft Endpoint Configuration Manager reduces time when deploying Surface firmware and driver updates, while Surface plus Microsoft 365 Enterprise Security features reduces firmware layer threats and reduced use of third-party security solutions.

Indeed, organisations can see a 20% decrease in data breaches and security incidents as a result of the improved security environment – and the help desk can experience up to 75% fewer calls as a result of the lower hardware failure rate​.


Rapid deployment and cloud management

Every Microsoft Surface device is shipped with the AutoPilot service available. The reseller partner enrolls the device and AutoPilot takes care of all pre-configuration for the end user.

“The end user can literally unbox the device and connect to the Internet. It will provision itself, the operating system starts up, and the applications are deployed automatically,” Erasmus says.

“It really is a zero-touch setup and delivers up to a 16% deployment cost reduction.”

Most of the calls to IT helpdesks are about lost or forgotten passwords. Windows Hello, built into Surface devices, is a more personal, more secure way to get instant access to devices using a PIN, facial recognition, or fingerprint.

The Surface Unified Extensible Firmware Interface (UEFI) replaces the standard basic input/output system (BIOS) with new features including faster startup and improved management and security, and it can be used to manage Surface firmware features.

Enterprise mobility and security is key for the modern workplace and Device Firmware Configuration Interface (DFCI) makes it possible for IT administrators to do so remotely via the cloud.

DFCI is built into Microsoft InTune, extending Surface UEFI management to support zero-touch provisioning, eliminating BIOS passwords, providing control of security setting, and laying the groundwork for advanced security scenarios in future. And DFCI has been shown to deliver a 17% cost reduction.


Enterprise-grade devices

Surface with Microsoft 365 enables process improvements and better employee productivity​.

A massive 1,6 hours can be saved every day through improved productivity, while 88% of users agree that Microsoft 365-powered Surface devices help employees become more collaborative.

There are pure cost savings too: by employing a single device that performs multiple tasks, organisations can see a 17% reduction in procurement costs.

Collaboration has always been important for organisations, and has now become vital as work from home and remote working become mainstream.

Surface Hub is a meetings platform and interactive whiteboard for business. This all-in-one digital whiteboard ensures that all meeting attendees are engaged and collaborating via the SurfaceHub – regardless of whether they are joining the meeting in-person or from a remote location.


Security from chip to cloud

Working from home has also created new challenges around security. “This really has been one of the biggest issues for IT over the last couple of years,” Erasmus says.

“A lot of cyberattacks happen on the device itself, with many of them happening at the firmware level.

So Surface designers started embedding a lot of security into the hardware, all the way from chip to cloud.”

Surface uses Microsoft’s UEFI 2 to reduce firmware layer threats, and Windows Update for Business to stay secure. With these features available out of the box, companies can spend 18% less on third-party security solutions.

At the same time, Microsoft 365’s Enterprise security features​ deliver a 17% reduction in data and security breaches, while Surface Device security features​ can set up a 17% reduction in spending on security incidents.

Windows Hello for Business​ replaces passwords with strong ​two-factor authentication, using biometric security like facial and iris recognition to authenticate via a certificate stored in the Trusted Platform Module (TPM).​

Windows Hello solves a number of problems with traditional passwords. These include strong passwords can be difficult to remember; they are often reused on multiple sites; server breaches can expose symmetric network credentials; passwords are subject to replay attacks; and users can inadvertently expose their passwords due to phishing attacks.​

Multifactor authentication (MFA) adds a layer of protection to the sign-in process. When accessing accounts or apps, users provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.

Surface with Microsoft 365 grants users Conditional Access based on their compliance with a variety of data inputs, which helps administrators control access and secure the device.

These data points include logins and passwords, the device itself, physical and virtual location, and which apps or services are being accessed.

Depending on the compliance level, Conditional Access grants full or partial access. It could also block access, require MFA, force a password reset or block legacy authentication.

Ensuring security right down to chip level, the Surface devices ship with Trusted Platform Module (TPM) on the firmware, and soon it will be housed on the CPU as well.

TPM serves as a root of trust on the device, basically acting as a vault for highly sensitive data like cryptographic keys.

The TPM stores sensitive data in secured parts of software and uses the CPU’s power to handle any cryptographic functions.

“These features add up to a big impact,” says Erasmus. “And, because Surface supports them out of the box, administrators can effectively manage all the organisation’s devices remotely.”


What the future holds

If we think the era of change and disruption is over, we would be wrong, says Erasmus.

“Going forward, I think we have to expect even more change. And in this environment, flexibility is going to be important.

“I believe that the whole world of hybrid work is a major disrupter and companies will have to remain flexible if they are going to survive.

“They will have to keep reinventing themselves. Change is always going to be with us, and organisations will have to adapt to things like bots, cloud, skills issues and company culture.

“IT has to keep challenging itself and maintain a growth mindset.”


For more information about how Microsoft Surface devices can help to enable better IT administration and management, click here