Microsoft has posted an article which stipulates the requirements PCs or laptops must conform to in order to be considered ‘highly secure’ by the company, and interestingly, the Surface Pro 4 does not meet those specifications.
These details are for OEMs (hardware manufacturers) and show what these vendors need to achieve in order to make a ‘highly secure Windows 10 device’, with Microsoft clarifying that the standards are for ‘general-purpose’ PCs, laptops, tablets and hybrids (running the Fall Creators Update – the latest version of the OS).
The main requirements are a 64-bit processor that must be at least 7th-generation (i.e. Kaby Lake in the case of Intel’s CPUs), along with a minimum of 8GB of system RAM, and support for TPM 2.0 (Trusted Platform Module).
The latter isn’t a surprise considering Microsoft made this a compulsory elementfor hardware vendors last year, with TPM 2.0 offering even more security measures to protect a device against tampering if it’s lost or stolen (compared to TPM 1.2).
A 64-bit CPU is required for virtualization-based security, and Microsoft also stipulates that “systems must implement cryptographically verified platform boot”, clarifying that this means: “Intel Boot Guard in Verified Boot mode, or AMD Hardware Verified Boot”.
The requirement for 8GB of system memory is a complete mystery, with Microsoft not offering up any explanation as to why 4GB might fall short in terms of security. There are, of course, plenty of machines still running with the latter amount of RAM (at the budget end of the laptop market in particular).
As mentioned, what’s perhaps most interesting here in some respects is that something as (relatively) modern as Microsoft’s own Surface Pro 4 doesn’t meet these standards, as it runs with a Skylake CPU (6th-generation).
Before we start flaying the SP4 alive on the security front, though, it’s worth repeating that these are requirements for a ‘highly secure’ device, so it doesn’t suggest that hardware which fails to conform to these standards is insecure; it just doesn’t have top-notch security, as Microsoft sees it.
Meanwhile, on the software side of things, the company is working hard to make Windows 10 as secure as possible, with the latest Fall Creators Update hardening protection against ransomware, a very useful boost.