Manage and deploy Surface driver and firmware updates

How you manage Surface driver and firmware updates may vary depending on your environment and organizational requirements. In larger organizations, IT admins typically stage deployments internally and allocate time to test upgrades before rolling them out to user devices.

Note

This article is intended for IT professionals and technical support agents and applies to Surface devices only. If you're looking for help to install Surface updates or firmware on a home device, see Download drivers and firmware for Surface.

While enterprise-grade software distribution solutions continue to evolve, the business rationale for centrally managing updates remains the same: Maintain the security of Surface devices and keep them updated with the latest operating system and feature improvements. This IT practice is essential for sustaining a stable production environment and making sure that users aren't blocked from being productive.

What's in Surface driver and firmware updates

Windows Installer .msi files contain all the required cumulative driver and firmware updates for Surface devices. Update packages may include some or all the following components:

  • Wi-Fi and LTE
  • Video
  • Solid-state drive
  • System aggregator module (SAM)
  • Battery
  • Keyboard controller
  • Embedded controller (EC)
  • Management engine (ME)
  • Unified extensible firmware interface (UEFI)

Download .msi files

This section provides direct links to downloadable packages containing driver and firmware updates for Surface devices.

  1. Select Windows 10 or Windows 11 as appropriate.
  2. For devices with multiple .msi files, select the .msi file name that matches the Surface model and version of Windows deployed in your organization.
Surface device Downloadable .msi
Surface Pro - Surface Pro 9 with Intel processor
- Surface Pro 8
- Surface Pro 7+ and Surface Pro 7+ (LTE)
- Surface Pro 7
- Surface Pro 6
- Surface Pro 5 (LTE)
- Surface Pro 5 (Wi-Fi)
- Surface Pro 4
- Surface Pro 3
- Surface Pro 2
- Surface Pro
Surface Laptop - Surface Laptop Go
- Surface Laptop Go 2
- Surface Laptop 5
- Surface Laptop 4 with Intel Processor
- Surface Laptop 4 with AMD Processor
- Surface Laptop 3 with Intel Processor
- Surface Laptop 3 with AMD Processor
- Surface Laptop 2
- Surface Laptop
Surface Laptop Studio - Surface Laptop Studio
Surface Book - Surface Book 3
- Surface Book 2
- Surface Book
Surface Go - Surface Go 3
- Surface Go 2
- Surface Go (Wi-Fi)
- Surface Go (LTE)
Surface Studio - Surface Studio 2+
- Surface Studio 2
- Surface Studio
Surface 3 - Surface 3 (Wi-Fi)
- Surface 3 (LTE) - ATT
- Surface 3 (LTE) - Verizon
- Surface 3 (LTE) - North America Carrier Unlocked
- Surface 3 (LTE) - Outside of North America and Y!mobile in Japan
Surface Hub running Windows 10 Pro or Windows 10 Enterprise - Windows 10 Pro and Enterprise OS on Surface Hub 2
Surface Hub running Windows 10 Teams 2020 Update - See Manage Windows updates on Surface Hub
Surface Dock 2 - Surface Dock 2

Tip

For earlier devices that include separate files for different Windows versions, select the .msi file name that matches the Surface model and version of Windows. The .msi file name includes the minimum supported Windows build number that's required to install the drivers and firmware. For example, to update a Surface Book 2 that has build 18362 of Windows 10, choose SurfaceBook2_Win10_18362_19.101.13994.msi. For a Surface Book 2 that has build 16299 of Windows 10, choose SurfaceBook2_Win10_16299_1803509_3.msi.

Central update management in commercial environments

Tools for managing devices, including driver and firmware updates, are included in Microsoft Endpoint Manager. Microsoft Endpoint Manager includes Microsoft Intune, Windows Autopilot, and Microsoft Endpoint Configuration Manager.

Manage updates with Configuration Manager and Intune

Microsoft Endpoint Manager is the recommended solution for large organizations to manage Surface updates. Configuration Manager allows you to synchronize and deploy Surface firmware and driver updates with the Configuration Manager client. Integration with Intune lets you see all your managed, co-managed, and partner-managed devices in one place. The Microsoft Surface Management Portal is a centralized place in the Microsoft Endpoint Manager admin center where you can self-serve, manage, and monitor your organization's Intune-managed Surface devices at scale.

For more information, see the following resources:

Manage updates with Microsoft Deployment Toolkit

The Microsoft Deployment Toolkit (MDT) is a free tool for automating Windows deployment. It uses the task sequence engine from Configuration Manager, and can also install drivers and software updates during the deployment.

For more information, see the following resources:

Windows PE and Surface firmware and drivers

Configuration Manager and MDT both use the Windows Preinstallation Environment (Windows PE) during the deployment process. Windows PE supports only a limited set of basic drivers such as network adapters and storage controllers. Drivers for Windows components that aren't part of Windows PE might produce errors. You can prevent such errors by configuring the deployment process to use only the required drivers during the Windows PE phase.

Supported devices

Downloadable .msi files are available for Surface Pro 2 and later devices (except Surface Pro X, which runs Windows 10 on ARM processor).

Managing firmware with DFCI

By having Device Firmware Configuration Interface (DFCI) profiles built into Intune, Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings (including startup options and built-in peripherals), and lays the groundwork for advanced security scenarios in the future. For more information, see the following resources:

Best practices for update deployment processes

To maintain a stable environment, we strongly recommend that you keep parity with the most recent version of Windows 10. For best practice recommendations, see Prepare servicing strategy for Windows client updates.

Surface .msi naming convention

Since August 2019, .msi files are using the following naming convention:

  • ProductWindows releaseWindows build numberVersion numberRevision of version number (typically zero).

Example

  • SurfacePro6_Win10_18362_19.073.44195_0.msi

This file name provides the following information:

  • Product: SurfacePro6
  • Windows release: Win10
  • Build: 18362
  • Version: 19.073.44195 – Version number shows the date and time that the file was created, as follows:
    • Year: 19 (2019)
    • Month and week: 073 (third week of July)
    • Minute of the month: 44195
  • Revision of version: 0 (first release of this version)

Legacy Surface .msi naming convention

Legacy .msi files (files that were built before August 2019) followed the same overall naming formula but used a different method to derive the version number.

Example

  • SurfacePro6_Win10_16299_1900307_0.msi

This file name provides the following information:

  • Product: SurfacePro6
  • Windows release: Win10
  • Build: 16299
  • Version: 1900307 – Version number shows the date that the file was created and its position in the release sequence, as follows:
    • Year: 19 (2019)
    • Number of release: 003 (third release of the year)
    • Product version number: 07 (Surface Pro 6 is officially the seventh version of Surface Pro)
  • Revision of version: 0 (first release of this version)

Learn more