Deploy, manage, and service ARM-based Surface devices
Built to handle high-performance commercial requirements, Surface Pro 9 with 5G incorporates the most powerful processors in its class, the Microsoft SQ3 ARM chipset.
Deploy
For the best experience, deploy Surface Pro 9 with 5G or Surface Pro X using Windows Autopilot either with the assistance of a Microsoft Cloud Solution Provider or self-provisioned using Autopilot deployment profiles and related features. For more information, refer to the following:
Autopilot deployment has several advantages: It allows you to use the factory-provisioned operating system, streamlined for zero-touch deployment, to include pre-installation of Microsoft 365 Apps for enterprise. Organizations already using modern management, security, and productivity solutions are well-positioned to take advantage of the unique performance features in Surface Pro 9 with 5G and Surface Pro X. Customers using modernized line of business apps, Microsoft Store (UWP) apps, or remote desktop solutions also stand to benefit.
Image-based deployment now supported
Image-based Operating System Deployment (OSD) is now supported via Endpoint Configuration Manager for Windows 11 on Surface Pro 9 with 5G.
Manage firmware with UEFI Configurator and SEMM
Surface Pro 9 with 5G
With Surface Enterprise Management Mode (SEMM), you can manage the following hardware components at the firmware level for Surface Pro 9 with 5G devices:
- Accessories. Docking USB Port, Type Cover, Onboard Audio, Onboard Microphone, MAC Address Emulation.
- Cameras. Front Camera, Rear Camera, IR Camera.
- Wireless (aka Radio). Bluetooth, Wi-Fi, LTE (5G) and GNSS.
Advanced settings
- Kiosk Overrides. Battery limit.
- Boot. Wake-on-LAN, Wake-on-Power, IPv6 for PXE boot, Alternate Boot, Boot Order Lock, USB Boot, Network Stack.
- UEFI Front Page. Security, Devices, Boot, DateTime
Surface Pro X
With Surface Enterprise Management Mode (SEMM), you can manage the following hardware components at the firmware level for Surface Pro X devices:
- Wake-on-Power
- IPv6 for PXE boot
- Alternate Boot
- Boot Order Lock
- USB Boot
- PXE Boot
- Battery Limit
To learn more about managing firmware with SEMM, see:
Microsoft Intune admin center
Manage firmware with Intune and DFCI
With Microsoft Intune and Device Firmware Configuration Interface (DFCI) profiles, you can manage hardware components at the firmware level just like any other Surface device. To learn more, see Manage DFCI on Surface devices.
Manage with Microsoft Entra ID
Microsoft Intune admin center and Intune integrate with Microsoft Entra ID for identity and access control and provide granular management of enrolled devices. Highlights include faster device login times and a more streamlined catalog of policy settings enabling full device management from the cloud. For example, you can manage LTE using eSIM profiles to configure data plans and deploy activation codes to multiple devices.
Co-management
Once deployed in Autopilot, you can join devices to Microsoft Entra ID or Active Directory (Microsoft Entra hybrid join), where you can manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client.
Third-party MDM solutions
You may be able to use third-party MDM tools to manage Surface Pro 9 with 5G and Surface Pro X. For details, contact your MDM provider.
Antivirus software
Microsoft Defender will help protect Windows 10 and 11 on ARM-based PCs for the supported lifetime of the device. Some third-party antivirus software cannot be installed on devices running on an ARM-based processor. Collaboration with third-party antivirus software providers is continuing for AV app readiness on ARM-based PCs. Contact your antivirus software provider to understand when their apps will be available.
Service and maintain
ARM-based devices have specific requirements for maintaining the latest drivers and firmware. Surface Pro 9 with 5G and Surface Pro X were designed to use Windows Update to simplify keeping drivers and firmware up to date for home and small business users. Use the default settings to receive Automatic updates. To verify:
- Go to Start > Settings > Update & Security > Windows Update > Advanced Options.
- Under Choose how updates are installed, select Automatic (recommended).
Recommendations for commercial customers
- Use Windows Update or Windows Update for Business to maintain the latest drivers and firmware. For more information, see Deploy Updates using Windows Update for Business.
- For more information about deploying and managing updates on Surface devices, see Manage and deploy Surface driver and firmware updates.
- Note that Windows Server Update Services (WSUS) does not support the delivery of drivers and firmware to Surface Pro 9 with 5G and Surface Pro X.
App compatibility
Most apps run on ARM-based Windows 10 PCs with limited exclusions.
Supported apps
- Most x86 Win32 apps run on Surface Pro 9 with 5G and Surface Pro X.
- Native ARM64 and Microsoft Store UWP apps provide an excellent user experience utilizing the full native speed of the ARM-based processor while optimizing battery life. More Native ARM64 apps are now available including Adobe Photoshop and Adobe Lightroom.
- Apps that use drivers designed for a Windows 10 or Windows 11 PC running on an ARM-based processor.
- x64 emulation for Windows is now generally available in Windows 11.
FastTrack App Assure
The App Assure program is available to commercial customers for their LOB, ISV and Microsoft first-party apps targeting Windows 10 on ARM. If commercial customers encounter an app compatibility issue using Windows 10 on ARM, Microsoft will provide developer resources to troubleshoot and assist with app remediations at no additional cost. To learn more, visit aka.ms/AppAssure.
For more information about running apps on Surface Pro 9 with 5G or Surface Pro X, refer to:
Virtual Desktops (VDI)
Azure Virtual Desktop enables access to Windows desktops, applications, and data on any computing device or platform, from any location. To learn more, refer to the Azure Virtual Desktop site.
Browsing
Popular browsers run on Surface Pro 9 with 5G and Surface Pro X:
- Inbox Edge, Firefox, Chrome, and Internet Explorer run on Surface Pro 9 with 5G and Surface Pro X.
- Firefox and Microsoft Edge based on Chromium run natively with enhanced performance on ARM-based Windows 10 or Windows 11 PCs.
Installing and using Microsoft Office
- Use Microsoft 365 for the best experience on a Windows 10 or Windows 11 PC on an ARM-based processor.
- Microsoft 365 "click-to-run" installs Outlook, Word, Excel, and PowerPoint optimized to run on a Windows 10 or Windows 11 PC on an ARM-based processor.
- Microsoft Teams runs natively on Surface Pro 9 with 5G and Surface Pro X.
- For "perpetual versions" of Office, such as Office 2021, install the 32-bit version.
VPN
To confirm if a specific third-party VPN supports a Windows 10 or Windows 11 PC on an ARM-based processor, contact the VPN provider.
Feature summary
The following tables show the availability of selected key features on Surface Pro 9 with 5G and Surface Pro X with Windows 10 or Windows 11 on ARM.
Deployment
| Feature | Surface Pro X | Surface Pro 9 with 5G | Notes |
|---|---|---|---|
| Windows Autopilot | Yes | Yes | Recommended deployment option |
| Support for Network Boot (PXE) | No | No | |
| Windows Configuration Designer | No | No | Not recommended for Surface Pro 9 with 5G or Surface Pro X. |
| WinPE | No | No | Not recommended for Surface Pro 9 with 5G or Surface Pro X. Microsoft does not provide the necessary .ISO and drivers to support WinPE with Surface Pro 9 with 5G and Surface Pro X. |
| Operating System Deployment (OSD) | No | Yes | Now supported with Windows 11 on Surface Pro 9 with 5G. |
| MDT | No | No | Not supported on Surface Pro 9 with 5G or Surface Pro X. |
Management
| Feature | Surface Pro X | Surface Pro 9 with 5G | Notes |
|---|---|---|---|
| Intune | Yes | Yes | |
| Windows Autopilot | Yes | Yes | |
| Microsoft Entra ID (co-management) | Yes | Yes | Ability to join Surface Pro 9 with 5G or Surface Pro X to Microsoft Entra ID or Active Directory (Microsoft Entra hybrid join). |
| Endpoint Configuration Manager | Yes | Yes | |
| Power on When AC Restore | Yes | Yes | |
| Surface Diagnostic Toolkit (SDT) for Business | Yes | Yes | |
| Surface Asset Tag tool | Yes | Yes | |
| Surface Enterprise Management Mode (SEMM) | Partial | Yes | Surface Pro 9 with 5G adds UEFI management options |
| Surface UEFI Configurator | No | Yes | Surface Pro 9 with 5G adds UEFI management options |
| Surface UEFI Manager | Partial | Yes | Surface Pro 9 with 5G adds UEFI management options |
Security
| Feature | Surface Pro X | Surface Pro 9 with 5G | Notes |
|---|---|---|---|
| BitLocker | Yes | Yes | |
| Microsoft Defender | Yes | Yes | |
| Support for third-party antivirus | See note | See note | Some third-party antivirus software cannot be installed on an ARM-based processor. Contact your antivirus software provider to understand when their apps will be available. |
| Secure Boot | Yes | Yes | |
| Windows Information Protection | Yes | Yes | |
| Surface Data Eraser (SDE) | Yes | Yes |
FAQ
Can I deploy Surface Pro 9 with 5G and Surface Pro X with Endpoint Configuration Manager?
- Microsoft Endpoint Configuration Manager now supports Operating System Deployment for Windows 11 on Surface Pro 9 with 5G with 5G.
How can I deploy Surface Pro 9 with 5G or Surface Pro X?
- Deploy Surface Pro 9 with 5G via OSD or Windows Autopilot. Deploy Surface Pro X via Windows Autopilot.
Is a BMR available?
- Yes a BMR is available for Surface Pro X and Surface Pro 9 with5G. Refer to Download a recovery image for your Surface.
Is Intune required to manage Surface Pro 9 with 5G or Surface Pro X?
- Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro 9 with 5G and Surface Pro X devices to Microsoft Entra ID or Active Directory (Microsoft Entra hybrid join), where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client.
To learn more, see ARM-based Surface devices FAQ.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for