Safer Drivers, Stronger Devices
Surface is advancing Windows driver development by adopting Rust, a memory-safe programming language, to improve device security and reliability. Through contributions to the open-source windows-drivers-rs platform, Surface has shipped several Copilot+ PCs with Rust-based drivers, reducing vulnerabilities and enhancing maintainability.On-device AI and security: What really matters for the enterprise
AI is evolving, and so is the way businesses run it. Traditionally, most AI workloads have been processed in the cloud. When a user gives an AI tool a prompt, that input is sent over the internet to remote servers, where the model processes it and sends back a result. This model supports large-scale services like Microsoft 365 Copilot, which integrates AI into apps like Word, Excel, and Teams. Now, a new capability is emerging alongside cloud-based AI. AI can also run directly on a PC—no internet connection or remote server required. This is known as on-device processing. It means the data and the model stay on the device itself, and the work is done locally. Modern CPUs and GPUs are beginning to support this kind of processing. But neural processing units (NPUs), now included in enterprise-grade PCs such as Microsoft Surface Copilot+ PCs, are specifically designed to run AI workloads efficiently. NPUs are designed to perform the types of operations AI needs at high speed while using less power. That makes them ideal for features that need to work instantly, in a sustained fashion in the background, or without an internet connection. A flexible approach to AI deployment NPUs can enable power-efficient on-device processing, fast response times with small models, consistent functionality in offline scenarios, and more control over how data is processed and stored. For organizations, it adds flexibility in choosing how and where to run AI—whether to support real-time interactions at the edge or meet specific data governance requirements. At the same time, cloud-based AI remains essential to how organizations deliver intelligent services across teams and workflows. Microsoft 365 Copilot, for example, is powered by cloud infrastructure and integrates deeply across productivity applications using enterprise-grade identity, access, and content protections. Both models serve different but complementary needs. On-device AI adds new options for responsiveness and control. Cloud-based AI enables broad integration and centralized scale. Together, they give businesses flexibility to align AI processing with the demands of the use case, whether for fast local inference or connected collaboration. For business and IT leaders, the question is not which model is better but how to use each effectively within a secure architecture. That starts with understanding where data flows, how it is protected, and what matters most at the endpoint. Understanding AI data flow and its security impact AI systems rely on several types of input such as user prompts, system context, and business content. When AI runs in the cloud, data is transmitted to remote servers for processing. When it runs on the device, processing happens locally. Both approaches have implications for security. With cloud AI, protection depends on the strength of the vendor’s infrastructure, encryption standards, and access controls. Security follows a shared responsibility model where the cloud provider secures the platform while the enterprise defines its policies for data access, classification, and compliance. Microsoft’s approach to data security and privacy in cloud AI services Although the purpose of this blog post is to talk about on-device AI and security, it’s worth a detour to briefly touch on how Microsoft approaches data governance across its cloud-based AI services. Ultimately, the goal is for employees to be able to use whatever tools work best for what they want to get done, and they may not differentiate between local and cloud AI services. That means having a trusted provider for both is important for long-term AI value and security in the organization. Microsoft’s generative AI solutions, including Azure OpenAI Service and Copilot services and capabilities, do not use your organization’s data to train foundation models without your permission. The Azure OpenAI Service is operated by Microsoft as an Azure service; Microsoft hosts the OpenAI models in Microsoft's Azure environment and the Service does not interact with any services operated by OpenAI (e.g. ChatGPT, or the OpenAI API). Microsoft 365 Copilot and other AI tools operate within a secured boundary, pulling from organization-specific content sources like OneDrive and Microsoft Graph while respecting existing access permissions. For more resources on data privacy and security in Microsoft cloud AI services, check out Microsoft Learn. Local AI security depends on a trusted endpoint When AI runs on the device, the data stays closer to its source. This reduces reliance on network connectivity and can help limit exposure in scenarios where data residency or confidentiality is a concern. But it also means the device must be secured at every level. Running AI on the device does not inherently make it more or less secure. It shifts the security perimeter. Now the integrity of the endpoint matters even more. Surface Copilot+ PCs are built with this in mind. As secured-core PCs, they integrate hardware-based protections that help guard against firmware, OS-level, and identity-based threats. TPM 2.0 and Microsoft Pluton security processors provide hardware-based protection for sensitive data Hardware-based root of trust verifies system integrity from boot-up Microsoft-developed firmware can reduce exposure to third-party supply chain risks and helps address emerging threats rapidly via Windows Update Windows Hello and Enhanced Sign-in Security (ESS) offer strong authentication at the hardware level These protections and others work together to create a dependable foundation for local AI workloads. When AI runs on a device like this, the same enterprise-grade security stack that protects the OS and applications also applies to AI processing. Why application design is part of the security equation Protecting the device is foundational—but it’s not the whole story. As organizations begin to adopt generative AI tools that run locally, the security conversation must also expand to include how those tools are designed, governed, and managed. The value of AI increases dramatically when it can work with rich, contextual data. But that same access introduces new risks if not handled properly. Local AI tools must be built with clear boundaries around what data they can access, how that access is granted, and how users and IT teams can control it. This includes opt-in mechanisms, permission models, and visibility into what’s being stored and why. Microsoft Recall (preview) on Copilot+ PCs is a case study in how thoughtful application design can make local AI both powerful and privacy conscious. It captures snapshots of the desktop embedded with contextual information, enabling employees to find almost anything that has appeared on their screen by describing it in their own words. This functionality is only possible because Recall has access to a wide range of on-device data—but that access is carefully managed. Recall runs entirely on the device. It is turned off by default—even when enabled by IT—and requires biometric sign-in with Windows Hello Enhanced Sign-in Security to activate. Snapshots are encrypted and stored locally, protected by Secured-core PC features and the Microsoft Pluton security processor. These safeguards ensure that sensitive data stays protected, even as AI becomes more deeply embedded in everyday workflows. IT admins can manage Recall through Microsoft Intune, with policies to enable or disable the feature, control snapshot retention, and apply content filters. Even when Recall is enabled, it remains optional for employees, who can pause snapshot saving, filter specific apps or websites, and delete snapshots at any time. This layered approach—secure hardware, secure OS, and secure app design—reflects Microsoft’s broader strategy for responsible local AI and aligns to the overall Surface security approach. It helps organizations maintain governance and compliance while giving users confidence that they are in control of their data and that the tools are designed to support them, not surveil them. This balance is essential to building trust in AI-powered workflows and ensuring that innovation doesn’t come at the expense of privacy or transparency. For more information, check out the related blog post. Choosing the right AI model for the use case Local AI processing complements cloud AI, offering additional options for how and where workloads run. Each approach supports different needs and use cases. What matters is selecting the right model for the task while maintaining consistent security and governance across the entire environment. On-device AI is especially useful in scenarios where organizations need to reduce data movement or ensure AI works reliably in disconnected environments In regulated industries such as finance, legal, or government, local processing can help support compliance with strict data-handling requirements In the field, mobile workers can use AI features such as document analysis or image recognition without relying on a stable connection For custom enterprise models, on-device execution through the Windows AI Foundry Local lets developers embed AI in apps while maintaining control over how data is used and stored These use cases reflect a broader trend. Businesses want more flexibility in how they deploy and manage AI. On-device processing makes that possible without requiring a tradeoff in security or integration. Security fundamentals matter most Microsoft takes a holistic view of AI security across cloud services, on-device platforms, and everything in between. Whether your AI runs in Azure or on a Surface device, the same principles apply. Protect identity, encrypt data, enforce access controls, and ensure transparency. This approach builds on the enterprise-grade protections already established across Microsoft’s technology stack. From the Secure Development Lifecycle to Zero Trust access policies, Microsoft applies rigorous standards to every layer of AI deployment. For business leaders, AI security extends familiar principles—identity, access, data protection—into new AI-powered workflows, with clear visibility and control over how data is handled across cloud and device environments. Securing AI starts with the right foundations AI is expanding from cloud-only services to include new capable endpoints. This shift gives businesses more ways to match the processing model to the use case without compromising security. Surface Copilot+ PCs support this flexibility by delivering local AI performance on a security-forward enterprise-ready platform. When paired with Microsoft 365 and Azure services, they offer a cohesive ecosystem that respects data boundaries and aligns with organizational policies. AI security is not about choosing between cloud or device. It is about enabling a flexible, secure ecosystem where AI can run where it delivers the most value—on the endpoint, in the cloud, or across both. This adaptability unlocks new ways to work, automate, and innovate, without increasing risk. Surface Copilot+ PCs are part of that broader strategy, helping organizations deploy AI with confidence and control—at scale, at speed, and at the edge of what’s next.Understanding the opportunity of Copilot+ PCs: Five benefits for businesses
AI is accelerating. Is your business ready? There’s a growing need for end-to-end technology strategies that include Copilot+ PCs. 75% of global knowledge workers are already using AI tools. 1 Choosing the right endpoints can help you capture the best possible ROI from your AI investment. Copilot+ PCs provide powerful on-device processing to elevate employee productivity, enhance collaboration, and drive innovation. To unlock the full benefits of Copilot+ PCs, it's important to understand how they work and what they can do. This blog defines this new device category and explores its benefits to help you make informed decisions for your business. What is a Copilot+ PC? A Copilot+ PC includes a neural processing unit (NPU). This specialized chip processes AI workloads locally with high performance and efficiency. That creates new possibilities for on-device experiences, including content and image generation, optimizing the performance of AI models and apps, and accelerating compute. CPUs and GPUs can also process AI workloads, but NPUs are specially designed for the task. NPU performance is measured in trillion operations per second (TOPS). NPUs handle AI workloads with extraordinary efficiency. The latest chips are optimized to perform trillions of operations using less than 10 watts of power to deliver strong AI processing while extending battery life. Align the benefits of Copilot+ PCs with your strategic priorities Employees are eager to use AI to save time, accelerate productivity, and get more enjoyment out of their work. 1 The benefits are already tangible, and this device class is highly likely to pay dividends as AI technology continues to advance. Devices designed for AI can help business and IT leaders meet strategic goals in five crucial areas. Empowering talent Getting AI into your workers’ hands means they have more ways to benefit from AI. They’ll be able to take advantage of new NPU-dependent software features sooner. Enhancing experiences PCs with premium hardware and software experiences working in tandem give employees more and better ways to interact with AI tools. Examples include high-quality microphones and voice recognition that enable more accurate AI commands or vibrant screens that make the most of AI image generation capabilities. Unlocking innovation Developers who build apps that use local AI need devices with powerful onboard processing. As AI app development becomes more prevalent, Copilot+ PCs will gain even greater relevance. Outpacing competition AI is a rapidly evolving technology. Organizations with the right endpoints will be in a better position to stay ahead of the pack as new solutions appear. Reinforcing security Features like multi-factor authentication, hardware-based threat protection, and a secure supply chain matter more than ever in this data-dependent AI era. Devices built for enterprise-grade security and privacy enable AI adoption with peace of mind and help your business stay ahead of emerging threats. Devices matter to the success of your AI strategy Understanding the technology behind Copilot+ PCs bolsters your strategic adoption of AI. It helps you choose the devices that suit your vision. Microsoft Surface Copilot+ PCs and Copilot+ PCs accelerate AI ROI by helping you engage employees, boost collaboration, streamline IT, strengthen security, and drive innovation. Start capturing the AI opportunity today. Read the e-book for a step-by-step guide to creating your AI device strategy: https://info.microsoft.com/ww-landing-capturing-the-opportunity-of-microsoft-surface-copilot-plus-pCs.htmlExpert Insights: AI PCs and your technology strategy with Microsoft, Intel, and Forrester
Workplace AI is becoming as common as word processors and spreadsheets. And tangible AI benefits like better decision-making, increased productivity, and better security will soon become must-haves for every business. Early movers have an opportunity to gain a competitive advantage with AI adoption. But doing so requires a strategic approach to device choice that leverages technological advancements early—such as laptops and 2-in-1s with breakthrough AI capabilities. These devices are now easy for any business to obtain in the form of AI PCs from Microsoft Surface. Because they contain a new kind of processor called an NPU, they can run AI experiences directly on the device. Just as CPU and GPU work together to run business applications, the NPU adds power-efficient AI processing for new and potentially game-changing experiences that complement those delivered from the cloud. In a recent Microsoft webinar with experts from Forrester and Intel, leaders discussed how a thoughtful AI device strategy fuels operational success and positions organizations for sustained growth. In this blog post, we’ll examine a few key areas of AI device strategy. For more, watch the full webinar here: How device choice impacts your AI adoption strategy Focusing on high-impact roles An effective AI device strategy requires organizations to identify roles that gain the most value from AI capabilities. Data-centric functions—such as developers, analysts, and creative teams—depend on high-speed data processing, and AI-ready devices help these employees manage complex workflows, automate repetitive tasks, and visualize data-driven insights in real time. Choosing AI-enabled endpoints is not just about the NPU. High-resolution displays and optimized screen ratios, for example, support high-impact roles by providing ample workspace for AI-assisted analysis, modeling, and design work. Starting with on-device AI for these functions helps drive rapid value and motivates other teams to see the potential in AI-powered workflows. The phased rollout of AI devices builds a foundation for broader AI integration. Data governance remains central to technology’s advantage Data privacy and security enable confident adoption of AI tools. One benefit of devices with NPUs is that they allow AI to be used in scenarios where sending data to the cloud is not feasible. It’s also important to consider the general security posture enabled by a device. Hardware-based security features such as TPM 2.0 and biometric authentication help protect device integrity, supporting AI usage within a secure framework. With built-in protections that include hardware encryption, secure user authentication options, and advanced firmware defenses, AI-enabled devices create a trusted environment that upholds privacy standards and aligns with organizational compliance requirements. Choosing devices like Microsoft Surface that fit seamlessly into a wide range of device management setups supports faster adoption and reduces risk. Balancing advanced AI features with stable performance AI-enabled devices bring unique processing capabilities that don’t compromise the reliability of core functions. Specialized processors dedicated to AI workloads manage intensive tasks without drawing from the main CPU, preserving battery life and maintaining consistent performance. This balanced approach supports both advanced AI capabilities and essential day-to-day operations, providing employees with stable, responsive tools that adapt to their needs. AI-driven interactions, like responsive touch, intuitive inking, and enhanced image processing, further improve user experience. High-quality cameras and intelligent audio capture, for instance, optimize interactions in virtual meetings and collaboration, making these devices versatile and effective across different work scenarios. By focusing on the user experience, organizations empower teams to take full advantage of technology without a steep learning curve. Aligning IT and business goals for an effective AI strategy A strong AI device strategy brings together IT priorities and broader business objectives. While IT teams focus on security, manageability, and integration with existing infrastructure, business leaders aim to increase efficiency and support innovation. Aligning these goals enables a smooth AI adoption process, allowing organizations to leverage AI’s capabilities while meeting essential technical requirements. Strategically investing in devices with integrated security and manageability features, such as remote management of device settings and firmware updates, gives IT greater control over deployment and maintenance. This integrated approach allows organizations to keep their AI device strategy aligned with long-term goals, reducing the need for costly upgrades and enabling teams to work within a secure, adaptable tech environment. Supporting employee workflows with AI tools AI-enabled devices enhance productivity by automating repetitive tasks and giving employees more time to focus on high-value work. Tools like intelligent personal assistants and voice-driven commands support employees by streamlining tasks that would otherwise require manual effort. Enhanced typing experiences and personalized touch interactions improve user engagement, making AI tools easier to integrate into everyday workflows. With customizable features and inclusive design options, AI-enabled devices make advanced technology accessible to all team members, increasing satisfaction and reducing turnover. By enabling employees to focus on higher-level work, organizations can create an environment that supports meaningful productivity and helps retain talent. Proactive IT management with AI-driven insights Beyond the device, AI also offers new capabilities for device management, allowing IT teams to proactively monitor and resolve potential issues. By analyzing device usage patterns, AI can detect anomalies early, enabling IT to address risks before they impact employees. This shift from reactive to proactive management improves device reliability and reduces downtime, freeing IT resources to focus on broader strategic initiatives. Integrated AI security tools also improve protection, identifying threats as they emerge and securing devices with minimal manual intervention. With insights derived from AI-driven monitoring, IT teams can maintain secure, reliable systems that enhance overall operational stability. Crafting a forward-looking AI device strategy A structured AI device strategy prioritizes both immediate and long-term ROI by examining where new technology can have the greatest impact while also enhancing existing capabilities. By acting early, organizations position themselves to gain speed with AI and adopt the latest advancements as they are released. Whether you’re beginning with AI or looking to expand its role, a well-designed AI device strategy keeps your organization prepared for growth. To explore how AI-enabled devices can drive your team’s success, gain insights from experts at Forrester and Intel by watching the webinar: How device choice impacts your AI adoption strategy.3 Zero Trust strategies for cyber resilience with Surface devices
While the Zero Trust security model has been around for a number of years, pressure to incorporate these security strategies has increased. Growing cyber threats mean it’s likely not a matter of ‘if’ an organization is breached, but ‘when’. According to Forrester, three-quarters of organizations reported one or more incidents in the past 12 months.[1] Cyber insurance companies are requiring policyholders to implement strategies like multifactor authentication (MFA). Even the US government is mandating that all federal agencies adopt Zero Trust architecture by 2024. [1] "Top Cybersecurity Threats In 2023," Forrester Research, Inc., 17 April 2023.
