diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 9b9c05d03d..cdf909411f 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -40,6 +40,19 @@ manager: dansimp +Steps to use this policy correctly: + +1. Create a device configuration profile for kiosk targeting Azure AD groups and assign it to HoloLens device(s). +1. Create a custom OMA URI based device configuration that sets this policy value to desired number of days (> 0) and assign it to HoloLens device(s). + 1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays + 1. The value can be between min / max allowed. +1. Enroll HoloLens devices and verify both configurations get applied to the device. +1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created. +1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days. +1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point here is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted. + +> [!NOTE] +> Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments.