The National Security Agency (NSA) has added Microsoft's Surface Book laptop and Surface Pro 3 and 4 tablets to its commercial solutions for classified (CSfC) list of devices considered secure for official use.
To make the list, devices and applications must meet the requirements set by the Committee on National Security Systems Policy number 11 (CNSSP#11), which assesses whether they are secure enough for classified government tasks.
Recent Apple iPhones and iPads are already on the NSA list of validated devices, along with the Boeing Black phone, as well as LG and Samsung Android smartphones.
According to Microsoft, the Surface devices meet the "highest security requirements for use in classified environments" when used in a layered solution.
Microsoft's head of Windows Enterprise and Security Rob Lefferts touted one such layer, the Surface Enterprise Management Mode (SEMM) hardware security functionality.
SEMM is aimed at customers in heavily regulated industries, and allows organisations to control hardware configurations, security, and Windows 10 behaviour within the firmware of the device being managed.
This lets organisations roll out SEMM digital certificates created during the initial device deployment for configuration rules that can be applied to Surface hardware such as the wi-fi and Bluetooth network interfaces, switching on or off cameras, microphones, USB and SD card slots, as well as the detachable TypeCover keyboard, Lefferts said.
Using SEMM means organisations that wish to reduce information leakage risks no longer have to physically block access to hardware such as cameras, microphones and I/O ports, and can instead manage these in device firmware.
Lefferts also said that Microsoft's Defender Advanced Threat Protection cloud service in the Windows 10 Creators Update has been enhanced with new security features to protect against zero-day, ransomware, and advanced attacks.
These include the ability to create custom detection rules, and to search through six months of historical data when new threats are added.
Customers will be able to have a single view of security insights generated by Office ATP and WDATP, Lefferts said.