Work remote, securely with Surface

In today’s digital age, remote work has become a norm. With remote work, ensuring the security of your personal computer and data is paramount. A Surface Copilot+ PC is a powerful tool that can significantly enhance your remote work productivity. And, most importantly, from the moment you turn it on, Surface brings you the highest standard for Windows security available.

The security features built into Surface protect against cyber threats, helping to ensure your data remains protected. Additionally, by following a few best practices for security, you can work remotely with confidence in security, allowing you to focus on what matters most without worry.

Secure to the core

Whether you’re working on sensitive documents, communicating with colleagues or managing personal information, you can trust that your data is protected with Surface. All Copilot+ PCs include the Microsoft Pluton¹ security co-processor. It’s not just any processor. It’s the ultimate security processor because it’s built right into the CPU. The result? It’s harder to hack and easier to update—all to protect your credentials and data.

Windows 11 security offers improved experience and protocols too. Because your Surface runs Windows 11, you can count on more secure and reliable connection methods and advanced network security, including encryption and firewall protection and built-in Virtual Private Network (VPN) protocols. Windows 11 supports Hyper-V, Firewall, Wi-Fi6, WPA3, and an encrypted DNS protocol, as well as support for more Bluetooth connections, such as Secure Simple Pairing, Secure Connections, and Core Spec compliance up through version 5.3.

A personal guard dog with Microsoft Defender

Microsoft Defender is like a personal guard dog built right into your Surface. With features like real-time protection, firewall, and cloud-based intelligence, Microsoft Defender is always ready to protect you from online viruses, malware, and other online threats. The Always-on Protection feature continuously scans your Surface, detecting and neutralizing threats, so you can enjoy peace of mind knowing your Surface and data are secure.

Microsoft Defender security features include: 

• Real-time protection: Continuously scans for and removes malware.
• Firewall: Controls network traffic, preventing unauthorized access.
• Cloud protection: Leverages cloud-based intelligence for enhanced threat detection.
• Network protection: Protects against network-based threats like ransomware.
• Behavior monitoring: Detects suspicious activity on your device.
• Exploit protection: Helps prevent attacks that exploit vulnerabilities.
• Application control: Restricts the execution of untrusted applications.
• Device guard: Enforces hardware-based security measures.
• File screening: Scans files for malware before they're opened.
• Automatic updates: Ensures you have the latest security definitions.

Microsoft Defender also offers advanced protection capabilities, such as:

• A powerful network protection feature that helps safeguard your device from network-based threats. This feature continuously monitors your network traffic for suspicious activity, such as attempts to exploit vulnerabilities or spread malware. By detecting and blocking these threats, Microsoft Defender helps protect your device and your network from potential harm.
• A behavior monitoring feature helps detect suspicious activity on your device, even if it doesn’t match known malware signatures. By analyzing the behavior of running processes and applications, Microsoft Defender can identify and block potentially malicious activities, such as unauthorized attempts to access sensitive data or execute malicious code. This helps protect your device from emerging threats that traditional antivirus methods may miss.

Configure firewall settings

Microsoft Defender Firewall, a robust network-level firewall included in Microsoft Defender, acts as a barrier between your Surface and the internet, controlling incoming and outgoing network traffic. By default, the firewall is configured to allow only trusted traffic, helping to prevent unauthorized access and protect against various network-based threats, including DDoS attacks.

You can customize the firewall settings to suit your specific needs, such as blocking certain IP addresses or applications. Compared to other firewall solutions, Microsoft Defender Firewall offers comprehensive protection and seamless integration with the Microsoft ecosystem—a reliable choice for safeguarding your network.

To configure firewall settings:

1. Open Windows Security: Go to Settings > Privacy & Security > Windows Security.
2. Firewall & network protection: Select Firewall & network protection and verify that the firewall is turned on for all network profiles (Domain, Private, and Public).

Secure your Wi-Fi connection

A secure Wi-Fi connection helps protect your data while working remotely. Your Surface supports WPA3, and you’ll want to ensure your home Wi-Fi network is secured with a strong password and WPA3 encryption. Avoid using public Wi-Fi networks for sensitive work unless you use a Virtual Private Network (VPN) to encrypt your internet connection.

Here are a few steps you can take to help ensure your Wi-Fi network is as secure as possible:

• Enable network encryption (WPA3): WPA3 is the latest and most secure Wi-Fi encryption standard and helps ensure your data is encrypted and protected from unauthorized access. You’ll need a router that supports WPA3. To find out if your router supports this, check the documentation that came with it or visit the router manufacturer’s website. If you’re considering buying a new router, look for a Wi-Fi 7 label for the latest Wi-Fi features.
• Use a strong Wi-Fi password: A strong, complex password for your Wi-Fi network prevents easy access by unauthorized users.
• Regularly update firmware: Keeping your router’s firmware up to date helps protect against known vulnerabilities and exploits.
• Change default router settings: Changing the default login credentials for your router helps prevent unauthorized access. Default usernames and passwords are often easy targets for attackers.
• Use a VPN: Using a VPN adds an extra layer of security by encrypting your internet traffic, especially when accessing sensitive work information.

Enable device encryption in Windows

Device encryption in Windows helps protect your files and folders from unauthorized access in case your Surface is lost or stolen. Requiring minimal setup and management, device encryption offers robust security to protect your data, which is essential for remote work. Device encryption is particularly beneficial for users who want to ensure their data is safe without having to manage complex security settings. Once enabled, it encrypts your entire system drive without requiring much intervention from you.

To enable device encryption:

1. Open Settings and select Privacy & security > Device encryption.
2. Toggle the Device encryption button to On.

Say hello to Windows Hello

With Windows Hello, you are the security. Windows Hello is a faster, more personal, more secure way to get instant access to your Surface using only your facial recognition, fingerprint², or a PIN–there’s no password to remember. This means if your Surface falls in the wrong hands, it cannot easily be opened without your face.

Keep trouble away when you’re away. Your Surface can automatically lock when you walk away and unlock with Windows Hello and sign you back in when you return.

Follow these steps to set up Windows Hello:

1. Open Settings and select Accounts > Sign-in options.
2. Under Ways to sign in, you'll see the following choices to sign in with Windows Hello:
   • Select Facial recognition (Windows Hello) to set up facial recognition sign-in with your laptop’s infrared camera or an external infrared camera.
   • Select Fingerprint recognition (Windows Hello) to set up sign-in with a fingerprint reader¹.
   • Select PIN (Windows Hello) to set up sign-in with a PIN.

Use strong passwords and multi-factor authentication (MFA)

Strong passwords help protect your accounts and data. Use a combination of letters, numbers, and special characters to create a strong password. Avoid using easily guessable information like birthdays or common words.

Additionally, enable multi-factor authentication (MFA) for an extra layer of security. MFA requires you to verify your identity using a second method, such as a text message or authentication app, in addition to your password.

Enabling MFA on your Surface involves setting it up for your Microsoft account. Here’s how:

1. Download Microsoft Authenticator.
2. Set up MFA for your Microsoft account:
   • On your Surface, use Microsoft Edge to open a web browser and go to the Microsoft account security page.
   • Sign in with your Microsoft account credentials.
   • Under Security basics, select More security options.
   • Scroll down to Two-step verification and select Set up two-step verification.
   • Follow the prompts to set up MFA. You will be asked to scan a QR code with the Microsoft Authenticator app on your mobile device.
3. Configure the Authenticator app:
   • Open the Microsoft Authenticator app on your mobile device.
   • Tap the + icon to add an account.
   • Select Work or school account and scan the QR code shown in the browser window.
   • Follow the prompts to complete the setup.
4. Verify MFA setup:
   • After setting up, you will be prompted to verify your identity using the Microsoft Authenticator app whenever you sign in to your Microsoft account from a new device or location.

Secure and convenient passkeys instead of passwords

Forget the password. Instead, use Passkeys in Windows to get fast, easy, and secure sign-in and protection against phishing for your online accounts.^2 4 Passkeys provide a more secure and convenient way to sign in, eliminating the need for complicated password creation processes and the hassle of remembering them.

Additionally, passkeys are unique to each website or application, so you don't have to worry about someone using your passkey to access other services. And unlike passwords, passkeys are resistant to phishing attempts, making them a much more secure option.

With passkeys, you can use Windows Hello to sign in with a PIN, facial recognition, or fingerprint, making signing into web sites and applications faster and more convenient than ever before.

Additional measures for enhancing remote work security

To further improve your remote work security, consider implementing the following practices. These practices will help ensure your data remains protected and your system stays protected while working from home:

• Use Smart App Control³: With the power of AI, Smart App Control can help predict which apps are safe to run on your Surface.
• Use VPN for remote access: VPN encrypts your internet connection, providing a secure way to access your company’s network remotely. Ensure you use a reputable VPN service to protect your data and maintain privacy while working remotely.
• Keep your system updated: Regular updates help maintain security. Microsoft frequently releases updates that include security patches and improvements. Ensure that your system is set to automatically download and install updates:
  • Open Settings and select Privacy & Security > Windows Update.
  • Check for updates by selecting Check for updates to ensure your system is up to date.
• Back up your data regularly: Regular backups protect your data from loss due to hardware failure, malware, or accidental deletion. Use tools like Microsoft OneDrive to back up your important files. Seamless integration with Microsoft 365 ensures that your work is always backed up and accessible from anywhere.
• Be cautious with emails and links: Phishing attacks are a common method used by cybercriminals to gain access to your information. Be cautious with emails and links, especially from unknown sources. Avoid clicking on suspicious links or downloading attachments from untrusted emails. Use email filtering tools to help identify and block phishing attempts.

A trusted ally for a truly secure remote work experience

By implementing a few best practices into your remote work routine, along with the built-in, highest standard for Windows security available, your Surface is a trusted ally for protecting your valuable data. Ongoing security advancements from Microsoft help ensure your Surface continues to be reliable and secure for years to come. Stay vigilant, stay updated, and enjoy the peace of mind that comes with a truly secure remote work experience.