mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-16 02:43:43 +00:00
Merge remote-tracking branch 'refs/remotes/origin/master' into janb-surface-semm-articles
This commit is contained in:
Jan Backstrom
@ -29,7 +29,7 @@ If you prefer to use a graphical user interface, you can create a device account
|
||||
1. Sign in to Office 365 by visiting http://portal.office.com/admin/
|
||||
2. Provide the admin credentials for your Office 365 tenant. This will take you to your Office 365 Admin Center.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Once you are at the Office 365 Admin Center, navigate to **Users** in the left panel, and then click **Active Users**.
|
||||
|
||||
@ -37,13 +37,13 @@ If you prefer to use a graphical user interface, you can create a device account
|
||||
|
||||
4. On the controls above the list of users, click **+** to create a new user. You'll need to enter a **Display name**, **User name**, **Password** and an email address for the recipient of the password. Optionally you can change the password manually, but we recommend that you use the auto-generated option. You also need to assign this account a license that gives the account access to Exchange and Skype for Business services.
|
||||
|
||||
|
||||
|
||||
|
||||
Click **Create**.
|
||||
|
||||
5. Once the account has been successfully created, click **Close** on the resulting dialog box, and you will see the admin center Active Users list again.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Select the user you just created from the **Active Users** list. You need to disable the Skype for Business license, because you can’t create a Skype Meeting Room with this option.
|
||||
|
||||
@ -51,7 +51,7 @@ If you prefer to use a graphical user interface, you can create a device account
|
||||
|
||||
In the right panel you can see the account properties and several optional actions. The process so far has created a regular Skype account for this user, which you need to disable. Click **Edit** for the **Assigned license** section, then click the dropdown arrow next to the license to expand the details.
|
||||
|
||||
|
||||
|
||||
|
||||
From the list, uncheck **Skype for Business Online (plan 2)** (this license may vary depending on your organization), and click **SAVE**.
|
||||
|
||||
@ -59,39 +59,39 @@ If you prefer to use a graphical user interface, you can create a device account
|
||||
|
||||
1. In the Office 365 Admin Center’s left panel, click **ADMIN**, and then click **Exchange**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. This will open another tab on your browser to take you to the Exchange Admin Center, where you can create and set the Mailbox Setting for Surface Hub.
|
||||
|
||||
|
||||
|
||||
|
||||
3. To create a Mobile Device Mailbox Policy, click **Mobile** from the left panel and then click **Mobile device mailbox policies**. Surface Hubs require an account with a mobile device mailbox policy that does not require a password, so if you already have an existing policy that matches this requirement, you can apply that policy to the account. Otherwise use the following steps to create a new one to be used only for Surface Hub device accounts.
|
||||
|
||||
|
||||
|
||||
|
||||
4. To create a New Surface Hub mobile device mailbox policy, click the **+** button from the controls above the list of policies to add a new policy. For the name, provide a name that will help you distinguish this policy from other device accounts (for example, *SurfaceHubDeviceMobilePolicy*). Make sure the policy does not require a password for the devices assigned to, so make sure **Require a Password** remains unchecked, then click **Save**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. After you have created the new mobile device mailbox policy, go back to the **Exchange Admin Center** and you will see the new policy listed.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Now, to apply the ActiveSync policy without using PowerShell, you can do the following: In the EAC, click **Recipients** > **Mailboxes** and then select a mailbox.
|
||||
|
||||
|
||||
|
||||
|
||||
7. In the Details pane, scroll to **Phone and Voice Features** and click **View details** to display the **Mobile Device Details** screen.
|
||||
|
||||
|
||||
|
||||
|
||||
8. The mobile device mailbox policy that’s currently assigned is displayed. To change the mobile device mailbox policy, click **Browse**.
|
||||
|
||||
|
||||
|
||||
|
||||
9. Choose the appropriate mobile device mailbox policy from the list, click **OK** and then click **Save**.
|
||||
|
||||
|
||||
|
||||
|
||||
### <a href="" id="create-device-acct-o365-complete-acct"></a>Use PowerShell to complete device account creation
|
||||
|
||||
@ -107,11 +107,11 @@ In order to run cmdlets used by these PowerShell scripts, the following must be
|
||||
|
||||
1. Run Windows PowerShell as Administrator.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Create a Credentials object, then create a new session that connects to Skype for Business Online, and provide the global tenant administrator account, then click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. To connect to Microsoft Online Services, run:
|
||||
|
||||
@ -119,7 +119,7 @@ In order to run cmdlets used by these PowerShell scripts, the following must be
|
||||
Connect-MsolService -Credential $Cred
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
4. Now to connect to Skype for Business Online Services, run:
|
||||
|
||||
@ -127,7 +127,7 @@ In order to run cmdlets used by these PowerShell scripts, the following must be
|
||||
$sfbsession = New-CsOnlineSession -Credential $cred
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
5. Finally, to connect to Exchange Online Services, run:
|
||||
|
||||
@ -136,7 +136,7 @@ In order to run cmdlets used by these PowerShell scripts, the following must be
|
||||
"https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication "Basic" –AllowRedirection
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
6. Now you have to import the Skype for Business Online Session and the Exchange Online session you have just created, which will import the Exchange and Skype Commands so you can use them locally.
|
||||
|
||||
@ -147,7 +147,7 @@ In order to run cmdlets used by these PowerShell scripts, the following must be
|
||||
|
||||
Note that this could take a while to complete.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Once you’re connected to the online services you need to run a few more cmdlets to configure this account as a Surface Hub device account.
|
||||
|
||||
@ -180,11 +180,11 @@ Now that you're connected to the online services, you can finish setting up the
|
||||
|
||||
You will see the correct email address.
|
||||
|
||||
|
||||
|
||||
|
||||
2. You need to convert the account into to a room mailbox, so run:
|
||||
|
||||
|
||||
|
||||
|
||||
``` syntax
|
||||
Set-Mailbox $strEmail -Type Room
|
||||
@ -196,7 +196,7 @@ Now that you're connected to the online services, you can finish setting up the
|
||||
Set-Mailbox $strEmail -RoomMailboxPassword (ConvertTo-SecureString -String "<your password>" -AsPlainText -Force) -EnableRoomMailboxAccount $true
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
4. Various Exchange properties can be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
|
||||
|
||||
@ -205,7 +205,7 @@ Now that you're connected to the online services, you can finish setting up the
|
||||
Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a <tla rid="surface_hub"/> room!"
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
|
||||
|
||||
@ -260,11 +260,11 @@ You can use the Exchange Admin Center to create a device account:
|
||||
1. Sign in to your Exchange Admin Center using Exchange admin credentials.
|
||||
2. Once you are at the Exchange Admin Center (EAC), navigate to **Recipients** in the left panel.
|
||||
|
||||
|
||||
|
||||
|
||||
3. On the controls above the list of mailboxess, choose **+** to create a new one, and provide a **Display name**, **Name**, and **User logon name**, and then click **Save**.
|
||||
|
||||
|
||||
|
||||
|
||||
### <a href="" id="create-device-acct-exch-mbx-policy"></a>Create a mobile device mailbox policy from the Exchange Admin Center
|
||||
|
||||
@ -274,37 +274,37 @@ You can use the Exchange Admin Center to create a device account:
|
||||
|
||||
1. Go to the Exchange Admin Center.
|
||||
|
||||
|
||||
|
||||
|
||||
2. To create a mobile device mailbox policy, click **Mobile** from the left panel, then **Mobile device mailbox policies**. Surface Hubs require an account with a mobile device mailbox policy that does not require a password, so if you already have an existing policy that matches this requirement, you can apply that policy to the account. Otherwise use the following steps to create a new one to be used only for Surface Hub device accounts.
|
||||
|
||||
|
||||
|
||||
|
||||
3. To create a new mobile device account mailbox policy, click the **+** button from the controls above the list of policies to add a new policy. For the name provide a name that will help you distinguish this policy from other device accounts (for example, *SurfaceHubDeviceMobilePolicy*). The policy must not be password-protected, so make sure **Require a Password** remains unchecked, then click **Save**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. After you have created the new mobile device mailbox policy, go back to the Exchange Admin Center and you will see the new policy listed.
|
||||
|
||||
|
||||
|
||||
|
||||
5. To apply the ActiveSync policy without using PowerShell, you can do the following:
|
||||
|
||||
- In the EAC, click **Recipients** > **Mailboxes** and select a mailbox.
|
||||
|
||||
|
||||
|
||||
|
||||
- In the **Details** pane, scroll to **Phone and Voice Features** and click **View details** to display the **Mobile Device Details** screen.
|
||||
|
||||
|
||||
|
||||
|
||||
- The mobile device mailbox policy that’s currently assigned is displayed. To change the mobile device mailbox policy, click **Browse**.
|
||||
|
||||
|
||||
|
||||
|
||||
- Choose the appropriate mobile device mailbox policy from the list, click **OK** and then click **Save**.
|
||||
|
||||
|
||||
|
||||
|
||||
### <a href="" id="create-device-acct-exch-powershell-conf"></a>Use PowerShell to configure the account
|
||||
|
||||
|
||||
@ -116,7 +116,7 @@ You can check online for updated versions at [Surface Hub device account scripts
|
||||
|
||||
Your infrastructure will likely fall into one of three configurations. Which configuration you have will affect how you prepare for device setup.
|
||||
|
||||
|
||||
|
||||
|
||||
- [Online deployment (Office 365)](online-deployment-surface-hub-device-accounts.md): Your organization’s environment is deployed entirely on Office 365.
|
||||
- [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md): Your organization has servers that it controls, where Active Directory, Exchange, and Skype for Business (or Lync) are hosted.
|
||||
|
||||
@ -46,7 +46,7 @@ This is the first screen you'll see when you power up the Surface Hub for the fi
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -72,7 +72,7 @@ If no wired connection can be found, then the device will attempt to set up a wi
|
||||
|
||||
If your device does not detect a wired connection that it can use to connect to a network or the Internet, you will see this page. Here you can either connect to a wireless network, or skip making the network connection.
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -97,7 +97,7 @@ If you want to connect to a secured wireless network from this page, click on th
|
||||
|
||||
This page will be shown when you've selected a secured wireless network.
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -121,11 +121,11 @@ This page will be shown when the device detects a wired connection with limited
|
||||
|
||||
- You can select **Enter proxy settings** which will allow you to specify how to use the network proxy. You'll be taken to the next screen.
|
||||
|
||||
|
||||
|
||||
|
||||
This is the screen you'll see if you clicked **Enter proxy settings** on the previous screen.
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -149,7 +149,7 @@ You can skip connecting to a network by selecting **Skip this step**. You'll be
|
||||
|
||||
This screen is purely informational, and shows which recommended settings have been enabled by default.
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -170,7 +170,7 @@ On this page, the Surface Hub will ask for credentials for the device account th
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -192,7 +192,7 @@ If you skip setting it up now, you can add a device account later by using the S
|
||||
|
||||
If you click **Skip setting up a device account**, the device will display a dialog box showing what will happen if the device doesn't have a device account. If you choose **Yes, skip this**, you will be sent to the [Name this device page](#name-this-device).
|
||||
|
||||
|
||||
|
||||
|
||||
### What happens?
|
||||
|
||||
@ -211,7 +211,7 @@ The device will use the UPN or DOMAIN\\User name and password for the device acc
|
||||
|
||||
This page will only be shown if there's a problem. Typically, it means that the device account that you provided was found in Active Directory (AD) or Azure Active Directory (Azure AD), but the Exchange server for the account was not discovered.
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -230,7 +230,7 @@ You can enable Exchange services for a device account later by using the Setting
|
||||
|
||||
If you click **Skip setting up Exchange services**, the device will display a dialog showing what will happen. If you choose **Yes, skip this**, then Exchange services will not be set up.
|
||||
|
||||
|
||||
|
||||
|
||||
### What happens?
|
||||
|
||||
@ -249,7 +249,7 @@ This page will be shown when:
|
||||
- Exchange supported protocols are not supported by the Surface Hub.
|
||||
- Exchange returns incorrect XML.
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -273,7 +273,7 @@ If you choose to skip this check, the Surface Hub will stop looking for the Exch
|
||||
|
||||
This page asks you to provide two names that will be used for identifying the Surface Hub.
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -307,7 +307,7 @@ Because every Surface Hub can be used by any number of authenticated employees,
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -348,7 +348,7 @@ Joining Azure AD has two primary benefits:
|
||||
1. Some employees from your organization will be able to access the device as admins, and will be able to start the Settings app and configure the device. People that have admin permissions will be defined in your Azure AD subscription.
|
||||
2. If your Azure AD is connected to a mobile device management (MDM) solution, the device will enroll with that MDM solution so you can apply policies and configuration.
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -357,11 +357,11 @@ The following input is required:
|
||||
- **User's UPN:** The user principal name (UPN) of an account that can join Azure AD.
|
||||
- **Password:** The password of the account you’re using to join Azure AD.
|
||||
|
||||
|
||||
|
||||
|
||||
If you get to this point and don't have valid credentials for an Azure AD account, the device will allow you to continue by creating a local admin account. Click **Set up Windows with a local account instead**.
|
||||
|
||||
|
||||
|
||||
|
||||
### What happens?
|
||||
|
||||
@ -373,7 +373,7 @@ This page will ask for credentials to join a domain so that the Surface Hub can
|
||||
|
||||
Once the device has been domain joined, you must specify a security group from the domain you joined. This security group will be provisioned as administrators on the Surface Hub, and anyone from the security group can enter their domain credentials to access Settings.
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
@ -385,7 +385,7 @@ The following input is required:
|
||||
|
||||
After the credentials are verified, you will be asked to type a security group name. This input is required.
|
||||
|
||||
|
||||
|
||||
|
||||
### What happens?
|
||||
|
||||
@ -401,7 +401,7 @@ If the join is successful, you'll see the **Enter a security group** page. When
|
||||
|
||||
If you decide not to use Azure Active Directory (Azure AD) or Active Directory (AD) to manage the Surface Hub, you'll need to create a local admin account.
|
||||
|
||||
|
||||
|
||||
|
||||
### Details
|
||||
|
||||
|
||||
@ -21,17 +21,17 @@ Use this procedure if you use Exchange on-prem.
|
||||
- In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
|
||||
- Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.<p>
|
||||
|
||||
|
||||
|
||||
|
||||
- Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
|
||||
|
||||
>**Important** Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
|
||||
|
||||
|
||||
|
||||
|
||||
- Click **Finish** to create the account.
|
||||
|
||||
|
||||
|
||||
|
||||
2. After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Office 365 admin center and verify that the account created in the previous steps has merged to online.
|
||||
|
||||
@ -223,17 +223,17 @@ Use this procedure if you use Exchange online.
|
||||
- In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
|
||||
- Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
- Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
|
||||
|
||||
>**Important** Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
|
||||
|
||||
|
||||
|
||||
|
||||
- Click **Finish** to create the account.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Directory synchronization.
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@ If you joined your Surface Hub to an Azure Active Directory (Azure AD) subscript
|
||||
|
||||
Alternatively, the device can be enrolled like any other Windows device by going to **Settings** > **Accounts** > **Work access**.
|
||||
|
||||
|
||||
|
||||
|
||||
### Manage a device through MDM
|
||||
|
||||
|
||||
@ -58,9 +58,7 @@ In order to create and deploy provisioning packages, all of the following are re
|
||||
### <a href="" id="installing-wicd-prov-pkg"></a>Install the Windows Imaging and Configuration Designer
|
||||
|
||||
1. The Windows Imaging and Configuration Designer (ICD) is installed as part of the Windows 10 ADK. The installer for the ADK can be downloaded from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718147).
|
||||
>**Note** The ADK must be installed on a separate PC, not on the Surface Hub.
|
||||
|
||||
|
||||
>**Note** The ADK must be installed on a separate PC, not on the Surface Hub.
|
||||
|
||||
2. Run the installer, and set your preferences for installation. When asked what features you want to install, you will see a checklist like the one in the following figure. Note that **Windows Performance Toolkit** and **Windows Assessment Toolkit** should be unchecked, as they are not needed to run the ICD.
|
||||
|
||||
@ -73,7 +71,7 @@ In order to create and deploy provisioning packages, all of the following are re
|
||||
|
||||
All four of these features are required to run the ICD and create a package for the Surfact Hub.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Continue with the installer until the ADK is installed. This may take a while, because the installer downloads remote content.
|
||||
|
||||
@ -83,29 +81,29 @@ This example will demonstrate how to create a provisioning package to install a
|
||||
|
||||
1. On the PC that had the Windows 10 ADK installed, open ICD and choose the **New provisioning package** tile from the main menu.
|
||||
|
||||
|
||||
|
||||
|
||||
2. When the **New project** dialog box opens, type whatever name you like in the **Name** box. The **Location** and **Description** boxes can also be filled at your discretion, though we recommend using the **Description** box to help you distinguish among multiple packages. Click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
Select the settings that are **Common to all Windows editions**, and click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
When asked to import a provisioning package, just click **Finish.**
|
||||
|
||||
|
||||
|
||||
|
||||
3. ICD's main screen will be displayed. This is where you create the provisioning package. In the **Available customizations** pane, expand **Runtime settings** and then expand **Certificates**. Click **Root certificates**.
|
||||
|
||||
|
||||
|
||||
|
||||
In the center pane, you’ll be asked to specify a **CertificateName** for the Root certificate. You can set this to whatever you want. For the example, we've used the same name as the project. Click **Add**, and an entry will be added in the left pane.
|
||||
|
||||
4. In the **Available customizations** pane on the left, a new category has appeared for **CertificatePath** underneath the **CertificateName** you provided. There’s also a red exclamation icon indicating that there is a required field that needs to be set. Click **CeritficatePath**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. In the center pane, you’ll be asked to specify the path for the certificate. Enter the name of the .cer file that you want to deploy, either by typing or clicking **Browse**. It must be a root certificate. The provisioning package created will copy the .cer file into the package it creates.
|
||||
|
||||
|
||||
@ -68,7 +68,7 @@ You can use a standard RJ-11 (6P6C) connector to connect the Surface Hub serial
|
||||
|
||||
This diagram shows the correct pinout used for an RJ-11 (6P6C) to DB9 cable.
|
||||
|
||||
|
||||
|
||||
|
||||
## Command sets
|
||||
|
||||
|
||||
@ -25,33 +25,33 @@ If a wired network connection is not available, the Surface Hub can use a wirele
|
||||
1. On the Surface Hub, open **Settings** and enter your admin credentials.
|
||||
2. Click **System**, and then click **Network & Internet**. Under **Wi-Fi**, choose an access point. If you want Surface Hub to automatically connect to this access point, click **Connect automatically**. Click **Connect**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. If the network is secured, you'll be asked to enter the security key. Click **Next** to connect.
|
||||
|
||||
|
||||
|
||||
|
||||
### Review wireless settings
|
||||
|
||||
1. On the Surface Hub, open **Settings** and enter your admin credentials.
|
||||
2. Click **System**, click **Network & Internet**, then **Wi-Fi**, and then click **Advanced options**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. The system will show you the properties for the wireless network connection.
|
||||
|
||||
|
||||
|
||||
|
||||
### Review wired settings
|
||||
|
||||
1. On the Surface Hub, open **Settings** and enter your admin credentials.
|
||||
2. Click **System**, click **Network & Internet**, then click on the network under Ethernet.
|
||||
|
||||
|
||||
|
||||
|
||||
3. The system will show you the properties for the wired network connection.
|
||||
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
|
||||
Reference in New Issue
Block a user