What is slightly embarrassing is that the Surface Pro 4 does not meet those specifications.
These details are for OEMs and show what these vendors need to achieve in order to make a ‘highly secure Windows 10 device.
The main requirements are a 64-bit processor that must be at least 7th-generation - so Kaby Lake in the case of Intel’s CPUs - along with a minimum of 8GB of system RAM, and support for TPM 2.0 (Trusted Platform Module).
Microsoft made TPM 2.0 compulsory for hardware vendors last year, with TPM 2.0 offering even more security measures to protect a device against tampering if it’s lost or stolen.
A 64-bit CPU is required for virtualisation-based security, and Microsoft also stipulates that “systems must implement cryptographically verified platform boot”, clarifying that this means: “Intel Boot Guard in Verified Boot mode, or AMD Hardware Verified Boot”.
Apparently you need 8GB of system memory -- Jeff knows why.
Microsoft’s own Surface Pro 4 does not meet these standards, because it uses a Skylake CPU which is too old.
On the software side of things, the company is working hard to make Windows 10 as secure as possible, with the latest Fall Creators Update hardening protection against ransomware, a useful boost.