Microsoft has released the Microsoft Surface Data Eraser for Surface Pro 3, Surface Pro 2 and Surface Pro on Microsoft Download Center.
In cases where the Surface needs to be shipped to Microsoft, ADR’s for repair or maintenance purposes – in order to make sure no data can leak to these external parties. As long as the disk still can read/write, this tool allows a secure data wipe – you don’t even need a working/booting OS on the Surface.
“Microsoft Surface Data Eraser is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a Surface Pro 3, Surface Pro 2, or Surface Pro device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB tool is easy to create by using the provided wizard, the Microsoft Surface Data Eraser Wrapper, and easy to use with a simple graphic interface, no command line needed. ”
On Surface Pro 3, Surface Pro 2, and Surface Pro devices, the Microsoft Surface Data Eraser tool is able to provide secure wiping to US Department of Defense (DOD) and National Institute of Standards and Technology (NIST) standards.
“What am I talking about? Reducing the privilege required to perform Exchange recipient provisioning using the Active Directory Domain Services Management Agent (ADMA). The default documentation on the subject clearly states that in order to provision mailbox-enabled users or linked mailboxes the ADMA account needs to be a member of the Recipient Administrators role group. Now, while it’s true membership in that group will allow you to run Update-Recipient and successfully invoke the RUS after creating a user and stamping the mandatory Exchange attributes that same membership also grants you access to perform a multitude of recipient administration tasks that the account doesn’t need to perform.”