Manage & deploy Surface driver & firmware updates
How you manage Surface driver and firmware updates depends on your environment and organizational requirements. IT admins in larger organizations often stage deployments and conduct testing before rolling updates to users, ensuring systems remain stable and secure.
Note
This article is intended for IT professionals and applies to Surface devices only. For home users looking to install updates, see Download drivers and firmware for Surface.
Centrally managing updates remains essential for maintaining secure, up-to-date systems. This reduces downtime, ensures Surface devices are protected with the latest security patches, and keeps firmware in sync with new features introduced via Windows updates.
What's in Surface driver and firmware updates
Windows Installer .msi files contain all the required cumulative driver and firmware updates for Surface devices. Update packages may include some or all the following components:
- Wi-Fi and LTE
- Video
- Solid-state drive
- System Aggregator Module (SAM)
- Battery
- Keyboard controller
- Embedded controller (EC)
- Management engine (ME)
- Unified Extensible Firmware Interface (UEFI)
Download and install updates
- Choose either Windows 11 or Windows 10 as appropriate for your organization.
- If multiple .msi files are available, select the file corresponding to your Surface model and deployed OS version.
Important
When Windows 10 reaches end of support (EOS) on October 14, 2025, Microsoft will no longer release security updates, bug fixes, time zone updates, or technical support from Microsoft. To learn more, including transition options for organizations needing more time, see Plan for Windows 10 EOS with Windows 11, Windows 365, and ESU.
Installation guidance for Surface devices
- Windows Update: Surface devices can automatically receive driver and firmware updates via Windows Update, helping ensure security with minimal admin intervention.
- Surface MSI packages: Useful for testing and controlled deployments. Download and install updates from the links on this page.
Tip
Automating updates through Windows Update for Business ensures firmware and driver updates align with security patches, reducing the need for manual interventions.
Centralized management tools
Microsoft Intune and Endpoint Configuration Manager
Intune: Manage Surface firmware updates remotely using Intune and the Surface Management Portal for visibility into device status. The portal provides a consolidated view of all Surface devices across the organization.
Configuration Manager: Synchronize Surface firmware and driver updates with Endpoint Configuration Manager for on-premises management. Use Configuration Manager to automate deployments or co-manage devices via Microsoft Entra hybrid join. To learn more, see Configure Microsoft Entra hybrid join.
Helpful resources:
Security benefits of driver and firmware updates
Keeping drivers and firmware up to date ensures:
- Enhanced security: Regular updates reduce vulnerabilities by addressing firmware-level risks.
- Improved performance: Drivers aligned with the latest OS updates ensure the best experience.
- Simplified management: Using tools like Intune and the Surface Management Portal ensures seamless deployment and tracking of updates, reducing administrative overhead.
Best practices for Surface firmware updates
- Test updates in stages: Deploy updates to a test group first before rolling them out organization-wide.
- Monitor device health: Use Intune’s Surface Management Portal to track update success and detect any issues. To learn more, see Surface Management Portal overview.
- Adopt Windows Update for Business: This ensures Surface devices always have the latest drivers, firmware, and security patches. To learn more, see Configure Windows Update for Business.
Managing firmware with DFCI
By having Device Firmware Configuration Interface (DFCI) profiles built into Intune, Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings (including startup options and built-in peripherals), and lays the groundwork for advanced security scenarios in the future. For more information, see the following resources:
Automate driver and firmware updates with MDT on Windows 10
While the Microsoft Deployment Toolkit (MDT) isn’t supported for ARM-based devices or Windows 11, it remains a useful tool for automating updates on x86-based Surface devices running Windows 10. Use task sequences to install drivers and updates during OS deployment, ensuring devices are up to date from the start. To learn more, see Task Sequence Steps.
Surface .msi naming convention
Since August 2019, .msi files have followed the convention:
Product_Windows release_Windows build number_Version number_Revision of version number (typically zero)
Example
- SurfacePro11_Win11_26100_24.091.12892.0.msi
This file name provides the following information:
- Product: Surface Pro (11th Edition)
- Windows release: Win11
- Build: 26100
- Version: 24.091.12892 – This version number reveals the following:
- Year: 24 (2024)
- Month and week: 091 (first week of September)
- Minute of the month: 12892
- Revision of version: 0 (first release of this version)
This helps IT admins select the correct update based on product, OS, and build compatibility.