Keeping Surface Firmware Updated with Configuration Manager

  • Article

Often times I get asked “how do we keep Surface up-to-date?” If you are using Microsoft Update or Windows Update for Business the answer is easy as it just happens, but the answer becomes a little more complex in enterprises that manage updates using Windows Server Update Services (WSUS) or System Center Configuration Manager.

For more on updating Surface with Windows Server Updates Services: https://blogs.msdn.microsoft.com/beanexpert/2016/03/25/surface-3pro-4book-updates-available-in-wsus/

The Surface team also has a great post covering methods for deploying and updating Surface firmware: https://technet.microsoft.com/en-us/itpro/surface/manage-surface-pro-3-firmware-updates

Today we will focus on updating Surface with System Center Configuration Manager.

Get the latest Surface firmware updates

After each firmware update, the Surface team post the latest Surface update history for each model to https://www.microsoft.com/surface/en-us/support/install-update-activate/surface-update-history. From that page you can get a detailed listing for each firmware or driver update, release dates, fixes, and version numbers.

image

Surface firmware updates are provided in few formats for IT Pros to download:

  • Windows Installer Packages (MSI): Update packages that can be used to install the latest firmware and driver updates using the familiar Windows Installer Package (MSI) format.
  • ZIP Archive: Update package that can be used to install the latest firmware and driver updates during a deployment Task Sequence, PowerShell script, or other automated methods.
  • Windows Provisioning Package: A provisioning package (.ppkg) that contains the latest firmware and driver updates. For use with Windows 10 devices that utilize Windows Provisioning Framework and Windows Imaging and Configuration Designer (Windows ICD) deployments.

You can download these firmware update packages from the Microsoft Downloads Center. Links to each device model’s download page are at this page: https://technet.microsoft.com/en-us/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices

Create the Surface firmware update application

UPDATE 1: /qn has been added to the install program to avoid rebooting users when they do not expect it. The image was updated below but the video was not.

UPDATE 2: Get-SurfaceFirmwareUpdate was updated with a more robust version check. The image was updated below but the video was not.

System Center Configuration Manager can be used to deliver Surface firmware updates using the Windows Installer Package (MSI) provided for each model. This download can be deployed using either a Package or Application, but because of its ease of use and powerful flexibility we will use the Application model.

Note: The Software Update Point role does not currently support the “Driver” category available in WSUS.

  1. Downloaded the latest Windows Installer Packages from the Microsoft Downloads Center (links above)
  2. Create an application using the Windows Installer (*.msi) type for the Windows Installer Package we just downloaded, you can keep all the defaults as we will make changes later
    image
  3. Open the deployment type for the application and change the name to something that describes the Surface the deployment type is meant for (ex: I like to use the name of the Windows Installer Package)
    image
  4. Go to the Programs page and adjust the Installation program to /qn to avoid any unexpected reboots for users
    image
  5. Go to the Detection Method page and remove the default rule for the MSI product code
    image
  6. You might ask “why delete the MSI product code?” Well, you might have a Surface that already has the latest firmware and running this Windows Installer Package to update the firmware on a Surface that is already updated would be silly. To promote efficiency we will change our detection method to check if the firmware has already been installed.Tip: You can check the Surface update history page for a list of all the firmware and drivers that were updated in a particular release of a firmware update. Below is a screenshot of the May 24, 2016, update for Surface Book where you find details like what was updated, what it is called, and what version it is. Be sure to verify the name and version in Device Manager. image
  7. Select the “Use a custom script to detect the presence of this deployment type” detection method option and click Edit
    image
  8. Choose VBScript as the script type and paste the content of the Get-SurfaceFirmwareUpdate script attached to the bottom of this post (the script has been updated since the videos were captured)
    image
  9. Change strDeviceName and strDriverVersion to match the device firmware you chose to update (typos, extra characters, or lines will really mess this up… watch out)
  10. Click OK and move to the Requirements page
    image
  11. Add a requirement for Windows 10
    image
  12. Add another requirement, select the Custom category, and click Create
    image
  13. Use the “WQL query” setting type, “String” data type, and then the details to grab Model from Win32_ComputerSystem displayed below
    image
  14. Enter the Surface name for the device that the Windows Platform Installer Package your using targets (Surface Book, Surface Pro 4, Surface Pro 3, etc.)
    image
  15. Save your changes and close the Deployment type Properties window
    image

Add another Surface

To add another Surface device, just follow the steps below:

  1. Copy the deployment type
  2. Update the Name on the General page
  3. Update the Content location on the Content page to the correct Windows Installer Package location
  4. Update the Windows Installer Package in the Programs page (be sure to keep the same install switches)
  5. Update strDeviceName and strDriverVersion on the Detection method script to the targeted device
  6. Update the Computer model on the Requirements page

Update for the latest Surface firmware

Updating for the latest firmware is easy too. If you already have the deployment type created:

  1. Update the Name on the General page
  2. Update the Content location on the Content page to the correct Windows Installer Package location
  3. Update the Windows Installer Package in the Programs page (be sure to keep the same install switches)
  4. Update strDeviceName and strDriverVersion on the Detection method script to the targeted device

Deploy your Surface firmware update

Now it’s time to deploy our firmware updates. Because we used the application model and deployment types targeted to specific Surface models, we can use this single application to update every Surface device we have.

I recommend that you target a collection with all your Windows client computers in it (after proper testing, of course) and let the application model do all the hard work. That is because of the requirements we set that the deployment type can only run on devices that are both Windows 10 and match the targeted Surface model. The detection method adds another layer to ensure that it only runs on devices that need to be updated.

Sit back and relax knowing that your Surface devices are all up-to-date.

Bonus: Right-click on the application and select “Simulate Deployment.” Deploy this simulated deployment to your collection first to get a good idea of how many devices need updated firmware. Get-SurfaceFirmwareUpdate

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use .

This post was created by Jon Callahan, a Devices Consultant with Microsoft Services.