Manage & deploy Surface driver & firmware updates

How you manage Surface driver and firmware updates depends on your environment and organizational requirements. IT admins in larger organizations often stage deployments and conduct testing before rolling updates to users, ensuring systems remain stable and secure.

Note

This article is intended for IT professionals and applies to Surface devices only. For home users looking to install updates, see Download drivers and firmware for Surface.

Centrally managing updates remains essential for maintaining secure, up-to-date systems. This reduces downtime, ensures Surface devices are protected with the latest security patches, and keeps firmware in sync with new features introduced via Windows updates.

What's in Surface driver and firmware updates

Windows Installer .msi files contain all the required cumulative driver and firmware updates for Surface devices. Update packages may include some or all the following components:

  • Wi-Fi and LTE
  • Video
  • Solid-state drive
  • System Aggregator Module (SAM)
  • Battery
  • Keyboard controller
  • Embedded controller (EC)
  • Management engine (ME)
  • Unified Extensible Firmware Interface (UEFI)

Download and install updates

  1. Choose either Windows 11 or Windows 10 as appropriate for your organization.
  2. If multiple .msi files are available, select the file corresponding to your Surface model and deployed OS version.

Important

When Windows 10 reaches end of support (EOS) on October 14, 2025, Microsoft will no longer release security updates, bug fixes, time zone updates, or technical support from Microsoft. To learn more, including transition options for organizations needing more time, see Plan for Windows 10 EOS with Windows 11, Windows 365, and ESU.

Surface device Downloadable .msi
Surface Pro - Surface Pro (11th Edition)
- Surface Pro 10
- Surface Pro 9 with Intel processor
- Surface Pro 9 with 5G (SQ3 Processor)
- Surface Pro 8
- Surface Pro 7+ and Surface Pro 7+ (LTE)
- Surface Pro 7
- Surface Pro 6
- Surface Pro 5 (LTE)
- Surface Pro 5 (Wi-Fi)
- Surface Pro 4
- Surface Pro 3
- Surface Pro 2
- Surface Pro
Surface Laptop - Surface Laptop (7th Edition)
- Surface Laptop 6
- Surface Laptop 5
- Surface Laptop 4 with Intel Processor
- Surface Laptop 4 with AMD Processor
- Surface Laptop 3 with Intel Processor
- Surface Laptop 3 with AMD Processor
- Surface Laptop 2
- Surface Laptop
Surface Laptop Go - Surface Laptop Go 3
- Surface Laptop Go 2
- Surface Laptop Go
Surface Laptop Studio - Surface Laptop Studio 2
- Surface Laptop Studio
Surface Book - Surface Book 3
- Surface Book 2
- Surface Book
Surface Go - Surface Go 4
- Surface Go 3
- Surface Go 2
- Surface Go (Wi-Fi)
- Surface Go (LTE)
Surface Studio - Surface Studio 2+
- Surface Studio 2
- Surface Studio
Surface 3 - Surface 3 (Wi-Fi)
- Surface 3 (LTE) - ATT
- Surface 3 (LTE) - Verizon
- Surface 3 (LTE) - North America Carrier Unlocked
- Surface 3 (LTE) - Outside of North America and Y!mobile in Japan
Surface Hub running Windows 10 Pro or Windows 10 Enterprise - Windows 10 Pro and Enterprise OS on Surface Hub 2S
Surface Hub running Windows 10 Teams 2020 Update - See Manage Windows updates on Surface Hub
Surface Dock - Surface Thunderbolt 4 Dock
- Surface Dock 2

Installation guidance for Surface devices

  • Windows Update: Surface devices can automatically receive driver and firmware updates via Windows Update, helping ensure security with minimal admin intervention.
  • Surface MSI packages: Useful for testing and controlled deployments. Download and install updates from the links on this page.

Tip

Automating updates through Windows Update for Business ensures firmware and driver updates align with security patches, reducing the need for manual interventions.

Centralized management tools

Microsoft Intune and Endpoint Configuration Manager

  • Intune: Manage Surface firmware updates remotely using Intune and the Surface Management Portal for visibility into device status. The portal provides a consolidated view of all Surface devices across the organization.

  • Configuration Manager: Synchronize Surface firmware and driver updates with Endpoint Configuration Manager for on-premises management. Use Configuration Manager to automate deployments or co-manage devices via Microsoft Entra hybrid join. To learn more, see Configure Microsoft Entra hybrid join.

Helpful resources:

Security benefits of driver and firmware updates

Keeping drivers and firmware up to date ensures:

  • Enhanced security: Regular updates reduce vulnerabilities by addressing firmware-level risks.
  • Improved performance: Drivers aligned with the latest OS updates ensure the best experience.
  • Simplified management: Using tools like Intune and the Surface Management Portal ensures seamless deployment and tracking of updates, reducing administrative overhead.

Best practices for Surface firmware updates

  • Test updates in stages: Deploy updates to a test group first before rolling them out organization-wide.
  • Monitor device health: Use Intune’s Surface Management Portal to track update success and detect any issues. To learn more, see Surface Management Portal overview.
  • Adopt Windows Update for Business: This ensures Surface devices always have the latest drivers, firmware, and security patches. To learn more, see Configure Windows Update for Business.

Managing firmware with DFCI

By having Device Firmware Configuration Interface (DFCI) profiles built into Intune, Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings (including startup options and built-in peripherals), and lays the groundwork for advanced security scenarios in the future. For more information, see the following resources:

Automate driver and firmware updates with MDT on Windows 10

While the Microsoft Deployment Toolkit (MDT) isn’t supported for ARM-based devices or Windows 11, it remains a useful tool for automating updates on x86-based Surface devices running Windows 10. Use task sequences to install drivers and updates during OS deployment, ensuring devices are up to date from the start. To learn more, see Task Sequence Steps.

Surface .msi naming convention

Since August 2019, .msi files have followed the convention:

Product_Windows release_Windows build number_Version number_Revision of version number (typically zero)

Example

  • SurfacePro11_Win11_26100_24.091.12892.0.msi

This file name provides the following information:

  • Product: Surface Pro (11th Edition)
  • Windows release: Win11
  • Build: 26100
  • Version: 24.091.12892 – This version number reveals the following:
    • Year: 24 (2024)
    • Month and week: 091 (first week of September)
    • Minute of the month: 12892
  • Revision of version: 0 (first release of this version)

This helps IT admins select the correct update based on product, OS, and build compatibility.

Learn more