Usually, when it comes to driver management, for computer already deployed, we say ‘If it ain’t broken don’t fix it’. Once in a while, a driver or firmware could require an update because of a bug reported by multiple users but that would usually be an exception.
Microsoft Surface devices have proven over and over that this statement doesn’t apply to them. Microsoft Surface, since the beginning of the brand, tend to work better with latest firmware version. Microsoft often releases new firmware revision along major Windows 10 releases.
For home users, the update will be applied with the standard Windows Update process and delivered in stages. For businesses, firmware update management by WSUS or SCCM is not yet available. (Feature is included in the latest SCCM Technical Preview 1706 but not yet in the latest 1702 production version)
This blog post will detail how to update the Microsoft Surface firmware using SCCM.
SCCM Update Microsoft Surface Firmware Prerequisites
- Download the latest MSI version of the needed firmware
- Surface Pro 4
- Surface Pro 3
- Surface Book
- Surface Studio
- Other sub-model (Wifi, LTE, AT&T) of Surface 3 and older are available here
- Surface 3 and newer model
- Older models don’t have an available MSI version for Firmware management
As an example, the Surface Pro 4 has a release specifically for the Creators Update (build ID 15063).
This would mean that older Windows 10 version should use the other release of the firmware, which as no build ID in the name.
Why use the MSI to Update Microsoft Surface Firmware?
Microsoft Surface firmware contains multiple drivers, software, and UEFI updates. Most releases do not upgrade all drivers, firmware and UEFI at once. Some releases only update one or two component, while others will update pretty much everything. Having an inventory of each of those components would be huge to maintain and managed throughout releases.
Using the provided MSI file provides an easy way to inventory of all those components since it has an entry in Programs and Features once installed.
Update Microsoft Surface Firmware History
The update history for all Microsoft Surface models is available here.
As an example, the update for a Surface Pro 4 on May 25th had many components updated:
Microsoft also provides a preview of what to expect from the update:
Microsoft has inconsistency with firmware version. In this example, the MSI version which will eventually display in Program and Features, is not on the history page.
The only thing matching “approximately” is the Date Published. Word of advice, keep track of version and release dates for future debugging.
Create application for SCCM Microsoft Surface Firmware Update
We will now shows how to deploy the Firmware MSI files using SCCM:
- Under Software Library \ Application Management \ Applications, select Create application
- Provide the path to the downloaded MSI file
- On the Import Information pane, click Next
- Add additional information if desired, click Next
- On the Summary pane, click Next
- Click Close to close the wizard
- Select your new application and on the top ribbon, click Distribute Content to send your content to your distribution points
- Looking at the Detection Method under the Deployment Type, we see that it looks for an MSI Product Code
SCCM Update Microsoft Surface Firmware
The deployment can be done just like any other deployment.[su_box title=”Important consideration” style=”glass” title_color=”#F0F0F0″]Microsoft Surface firmware update require a reboot. If the deployment is mandatory, the client computer will reboot to complete the installation. Plan accordingly. Target deployment date and time outside of working hours. Use Maintenance Windows if necessary.[/su_box]
- The user will see the following happen on the Microsoft Surface after the installation as been triggered by SCCM
- Getting Windows Ready
- Please wait while we install a system Update
- After the reboot, Working on updates
- Under the hood, the .BIN files under C:\Windows\Firmware will be updated:
- After the installation, the SurfacePro4 Update is visible in the Programs and Features
Monitor Microsoft Surface Firmware Versions
- You can use a built-in report (Computers with specific software registered in Add Remove Programs) to check the which devices have the Firmware installed using hardware inventory. Just use the exact name that is displayed in Program and Feature to target your search.
- You can use our new Asset – Surface devices report to get detailed information about every Microsoft Surface in your environment, including UEFI versions and Firmware versions when deployed with this method.
In regards to the Recovery Key prompt I assume the option to Suspend Bitlocker using SCCM wasn’t selected, but my bigger question is in regards to updating the Docking Stations, has that been remedied with the latest version of SCCM 1810 – 5.00.8740.1042?
SInce i have read your comment from feb 2018 that there is command line to update surface docks.
Do you know if MS found any way to do it from SCCM as we have around 200 users who are given with Surface pro that needs a Surface dock as well and updating them manually will be a laborious job and we can not give the users with LA rights as well for this thing only.
if you can suggest an option since microsoft is recommending this only for updating the docks:
When I distribute the .msi file it shows the size is 91292448kb which is 91GB in distmgr.log. The msi file is only 226mbs. Do you know why this happens. We have SCCM Version 1710 on Windows Server 2012 R2.
Figured out that it was including some other drivers which were in that folder. Made a new folder for Surface Drivers. It works!!!
What about Surface Docks, how are they updated through SCCM?
when I wrote this blog I looked to find a way to do so. I remember that there was no command line to do so at that time.
maybe the tool as been updated with command line, but I haven’t looked 🙁
I have noticed you don’t monetize your page, don’t waste your
traffic, you can earn extra bucks every month because you’ve got high quality content.
If you want to know how to make extra money, search for: Mrdalekjd methods for $$$
Hi Nice Blog,
How do you handle bitlocker in this case? When enabled users get that bitlocker thinks there is a change in hardware or something and aks for the recovery key.
I had BitLocker enabled for my test and never had prompt for recovery key.
Can you provide more details?
SCCM version, OS version, BitLocker configuration