deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 11:23:45 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #2023 from MicrosoftDocs/pawinfie-mrdocs

Browse Source 
Pawinfie mrdocs
This commit is contained in:
Gary Moore
2020-02-11 14:21:16 -08:00
committed by GitHub
parent 81655f2627 77d42e765e
commit 5a3f80d456
7 changed files with 251 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

159
devices/hololens/hololens-commercial-infrastructure.md
View File

@ -16,98 +16,171 @@ appliesto:
- HoloLens 2
---
# Configure Your Network
# Configure Your Network for HoloLens
This portion of the document will require the following people:
1. Network Admin with permissions to make changes to the proxy/firewall
2. Azure Active Directory Admin
3. Mobile Device Manager Admin
4. Teams admin for Remote Assist only
1. Network Admin with permissions to make changes to the proxy/firewall
2. Azure Active Directory Admin
3. Mobile Device Manager Admin
## Infrastructure Requirements
HoloLens is, at its core, a Windows mobile device integrated with Azure. It works best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services.
Critical cloud services include:
- Azure active directory (AAD)
- Windows Update (WU)
Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/enterprise-mobility-security/microsoft-intune) as an example, though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2.
HoloLens does support a limited set of cloud disconnected experiences.
### Wireless network EAP support
- PEAP-MS-CHAPv2
- PEAP-TLS
- TLS
- TTLS-CHAP
- TTLS-CHAPv2
- TTLS-MS-CHAPv2
- TTLS-PAP
- TTLS-TLS
### HoloLens Specific Network Requirements
Make sure that these ports and URLs are allowed on your network firewall. This will enable HoloLens to function properly. The latest list can be found [here](hololens-offline.md).
### Remote Assist Specific Network Requirements
1. The recommended bandwidth for optimal performance of Remote Assist is 1.5Mbps. Detailed network requirements and additional information can be found [here](https://docs.microsoft.com/MicrosoftTeams/prepare-network).
1. The recommended bandwidth for optimal performance of Remote Assist is 1.5Mbps. Detailed network requirements and additional information can be found [here](https://docs.microsoft.com/MicrosoftTeams/prepare-network).
**Please note, if you dont network have network speeds of at least 1.5Mbps, Remote Assist will still work. However, quality may suffer.**
1. Make sure that these ports and URLs are allowed on your network firewall. This will enable Microsoft Teams to function. The latest list can be found [here](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams).
### Guides Specific Network Requirements
Guides only require network access to download and use the app.
## Azure Active Directory Guidance
This step is only necessary if your company plans on managing the HoloLens and mixed reality apps.
### 1. Ensure that you have an Azure AD License.
>[!NOTE]
>This step is only necessary if your company plans on managing the HoloLens and mixed reality apps.
1. Ensure that you have an Azure AD License.
Please [HoloLens Licenses Requirements](hololens-licenses-requirements.md)for additional information.
### 2. Ensure that your companys users are in Azure Active Directory (Azure AD).
1. If you plan on using Auto Enrollment, you will have to [Configure Azure AD enrollment.](https://docs.microsoft.com/intune/deploy-use/.set-up-windows-device-management-with-microsoft-intune#azure-active-directory-enrollment)
1. Ensure that your companys users are in Azure Active Directory (Azure AD).
Instructions for adding users can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/add-users-azure-active-directory).
### 3. We suggest that users who will be need similar licenses are added to a group.
1. [Create a Group](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal)
1. We suggest that users who will be need similar licenses are added to a group.
1. [Create a Group](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal)
1. [Add users to groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal)
2. [Add users to groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal)
### 4. Ensure that your companys users (or group of users) are assigned the necessary licenses.
1. Ensure that your companys users (or group of users) are assigned the necessary licenses.
Directions for assigning licenses can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/license-users-groups).
### 5. **IMPORTANT:** Only do this step if users are expected to enroll their HoloLens/Mobile device onto the network.
1. Only do this step if users are expected to enroll their HoloLens/Mobile device into you (There are three options)
These steps ensure that your companys users (or a group of users) can add devices.
1. Option 1: Give all users permission to join devices to Azure AD.
1. **Option 1:** Give all users permission to join devices to Azure AD.
**Sign in to the Azure portal as an administrator** > **Azure Active Directory** > **Devices** > **Device Settings** >
**Set Users may join devices to Azure AD to *All***
1. Option 2: Give selected users/groups permission to join devices to Azure AD
1. **Option 2:** Give selected users/groups permission to join devices to Azure AD
**Sign in to the Azure portal as an administrator** > **Azure Active Directory** > **Devices** > **Device Settings** >
**Set Users may join devices to Azure AD to *Selected***
![Image that shows Configuration of Azure AD Joined Devices](images/azure-ad-image.png)
1. Option 3: You can block all users from joining their devices to the domain. This means that all devices will need to be manually enrolled by your IT department.
1. **Option 3:** You can block all users from joining their devices to the domain. This means that all devices will need to be manually enrolled.
## Mobile Device Manager Admin Steps
## Mobile Device Manager Guidance
### Scenario 1: Kiosk Mode
As a note, auto-launching an app does not currently work for HoloLens.
### Ongoing device management
How to Set Up Kiosk Mode Using Microsoft Intune.
#### 1. Sync Microsoft Store to Intune ([Here](https://docs.microsoft.com/intune/apps/windows-store-for-business))
>[!NOTE]
>This step is only necessary if your company plans on managing the HoloLens and mixed reality apps.
Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely.
#### 2. Check your app settings
1. [CSPs (Configuration Service Providers)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices) allows you to create and deploy management settings for the devices on your network. Some CSPs are supported by HoloLens devices. (See the list of CSPs for HoloLens [here](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices)).
1. Log into your Microsoft Store Business account
1. **Manage** > **Products and Services** > **Apps and Software** > **Select the app you want to sync** > **Private Store Availability** > **Select “Everyone” or “Specific Groups”**
1. If you do not see your apps in **Intune** > **Client Apps** > **Apps** , you may have to [sync your apps](https://docs.microsoft.com/intune/apps/windows-store-for-business#synchronize-apps) again.
1. [Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are non-compliant. For example, you can create a policy that requires Bitlocker be enabled.
#### 3. Configuring Kiosk Mode using MDM
1. [Create Compliance Policy](https://docs.microsoft.com/intune/protect/compliance-policy-create-windows).
Information on configuring Kiosk Mode in Intune can be found [here](https://docs.microsoft.com/hololens/hololens-kiosk#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)
1. Conditional Access allows/denies mobile devices and mobile applications from accessing company resources. Two documents you may find helpful are [Plan your CA Deployment](https://docs.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access) and [Best Practices](https://docs.microsoft.com/azure/active-directory/conditional-access/best-practices).
>[!NOTE]
>You can configure different users to have different Kiosk Mode experiences by using “Azure AD” as the “User logon type”. However, this option is only available in Multi-App kiosk mode. Multi-App kiosk mode will work with only one app as well as multiple apps.
1. [This article](https://docs.microsoft.com/intune/fundamentals/windows-holographic-for-business) talks about Intune's management tools for HoloLens.
![Image that shows Configuration of Kiosk Mode in Intune](images/aad-kioskmode.png)
1. [Create a device profile](https://docs.microsoft.com/intune/configuration/device-profile-create)
If you are configuring Kiosk Mode on an MDM other than Intune, please check your MDM provider's documentation.
### Manage updates
## Additional Intune Quick Links
Intune includes a feature called Update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed.
1. [Create Profiles:](https://docs.microsoft.com/intune/configuration/device-profile-create) Profiles allow you to add and configure settings that will be pushed to the devices in your organization.
For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update.
1. [CSPs (Configuration Service Providers)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices) allows you to create and deploy management settings for the devices on your network. Some CSPs are supported by HoloLens devices. (See the list of CSPs for HoloLens [here](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices).
Read more about [configuring update rings with Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure).
1. [Create Compliance Policy](https://docs.microsoft.com/intune/protect/create-compliance-policy)
### Application management
1. Conditional Access allows/denies mobile devices and mobile applications from accessing company resources. Two documents you may find helpful are [Plan your CA Deployment](https://docs.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access) and [Best Practices](https://docs.microsoft.com/azure/active-directory/conditional-access/best-practices).
Manage HoloLens applications through:
## Certificates and Authentication
### MDM Certificate Distribution
If your company requires certificates, Intune supports PKCS, PFX, and SCEP. It is important to understand which certificate is right for your company. Please visit [here](https://docs.microsoft.com/intune/protect/certificates-configure) to determine which cert is best for you. If you plan to use certs for HoloLens Authentication, PFX or SCEP may be right for you.
1. Microsoft Store
The Microsoft Store is the best way to distribute and consume applications on HoloLens. There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/windows/uwp/publish/).
All applications in the store are available publicly to everyone, but if it isn't acceptable, checkout the Microsoft Store for Business.
1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/)
Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It also lets you deploy apps that are specific to your commercial environment but not to the world.
1. Application deployment and management via Intune or another mobile device management solution
Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy).
1. _not recommended_ Device Portal
Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use the device portal.
Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps).
### Certificates
You can distribute certifcates through your MDM provider. If your company requires certificates, Intune supports PKCS, PFX, and SCEP. It is important to understand which certificate is right for your company. Please visit [here](https://docs.microsoft.com/intune/protect/certificates-configure) to determine which cert is best for you. If you plan to use certs for HoloLens Authentication, PFX or SCEP may be right for you.
Steps for SCEP can be found [here](https://docs.microsoft.com/intune/protect/certificates-profile-scep).
### Device Certificates
Certificates can also be added to the HoloLens through package provisioning. Please see [HoloLens Provisioning](hololens-provisioning.md) for additional information.
### How to Upgrade to Holographics for Business Commercial Suite
>[!NOTE]
>Windows Holographics for Business (commercial suite) is only intended for HoloLens 1st gen devices. The profile will not be applied to HoloLens 2 devices.
Directions for upgrading to the commercial suite can be found [here](https://docs.microsoft.com/intune/configuration/holographic-upgrade).
### How to Configure Kiosk Mode Using Microsoft Intune
1. Sync Microsoft Store to Intune ([Here](https://docs.microsoft.com/intune/apps/windows-store-for-business)).
1. Check your app settings
1. Log into your Microsoft Store Business account
1. **Manage** > **Products and Services** > **Apps and Software** > **Select the app you want to sync** > **Private Store Availability** > **Select “Everyone” or “Specific Groups”*
1. If you do not see your apps in **Intune** > **Client Apps** > **Apps** , you may have to [sync your apps](https://docs.microsoft.com/intune/apps/windows-store-for-business#synchronize-apps) again.
1. [Create a device profile for Kiosk mode](https://docs.microsoft.com/intune/configuration/kiosk-settings#create-the-profile)
> [!NOTE]
> You can configure different users to have different Kiosk Mode experiences by using “Azure AD” as the “User logon type”. However, this option is only available in Multi-App kiosk mode. Multi-App kiosk mode will work with only one app as well as multiple apps.
![Image that shows Configuration of Kiosk Mode in Intune](images/aad-kioskmode.png)
For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, additional directions can be found [here](hololens-kiosk.md#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)
## Certificates and Authentication
Certificates can be deployed via you MDM (see "certificates" in the [MDM Section](hololens-commercial-infrastructure.md#mobile-device-manager-guidance)). Certificates can also be deployed to the HoloLens through package provisioning. Please see [HoloLens Provisioning](hololens-provisioning.md) for additional information.
### Additional Intune Quick Links
1. [Create Profiles:](https://docs.microsoft.com/intune/configuration/device-profile-create) Profiles allow you to add and configure settings that will be pushed to the devices in your organization.
## Next (Optional) Step: [Configure HoloLens using a provisioning package](hololens-provisioning.md)
## Next Step: [Enroll your device](hololens-enroll-mdm.md)

17
devices/hololens/hololens-kiosk.md
View File

@ -14,8 +14,6 @@ manager: dansimp
# Set up HoloLens in kiosk mode
In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#add-guest-access-to-the-kiosk-configuration-optional)
When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they dont need to access.
@ -41,14 +39,14 @@ The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft
For HoloLens devices running Windows 10, version 1803, there are three methods that you can use to configure the device as a kiosk:
- You can use [Microsoft Intune or other mobile device management (MDM) service](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803) to configure single-app and multi-app kiosks.
- You can [use a provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure single-app and multi-app kiosks.
- You can [use a provisioning package](#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure single-app and multi-app kiosks.
- You can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device.
For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks.
## Start layout for HoloLens
If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803), or a [provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout.
If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803), or a [provisioning package](#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout.
>[!NOTE]
>Because a single-app kiosk launches the kiosk app when a user signs in, there is no Start screen displayed.
@ -78,7 +76,7 @@ Save the following sample as an XML file. You can use this file when you configu
### Start layout for a provisioning package
You will [create an XML file](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
You will [create an XML file](#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
```xml
<!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
@ -102,11 +100,11 @@ You will [create an XML file](#setup-kiosk-mode-using-a-provisioning-package-win
## Set up kiosk mode using Microsoft Intune or MDM (Windows 10, version 1803)
For HoloLens devices that are managed by Microsoft Intune, you [create a device profile](https://docs.microsoft.com/intune/device-profile-create) and configure the [Kiosk settings](https://docs.microsoft.com/intune/kiosk-settings).
For HoloLens devices that are managed by Microsoft Intune, directions can be found [here](hololens-commercial-infrastructure.md#how-to-configure-kiosk-mode-using-microsoft-intune).
For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-a-kiosk-configuration-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file.
## Setup kiosk mode using a provisioning package (Windows 10, version 1803)
## Set up kiosk mode using a provisioning package (Windows 10, version 1803)
Process:
1. [Create an XML file that defines the kiosk configuration.](#create-a-kiosk-configuration-xml-file)
@ -155,7 +153,7 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
13. On the **Provisioning package security** page, do not select **Enable package encryption** or provisioning will fail on HoloLens. You can choose to enable package signing.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
14. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location.
@ -202,7 +200,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
5. Select **Enable Kiosk Mode**, choose an app to run when the device starts, and click **Save**.
## Kiosk app recommendations
- You cannot select Microsoft Edge, Microsoft Store, or the Shell app as a kiosk app.
@ -212,7 +209,5 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
## More information
Watch how to configure a kiosk in a provisioning package.
>[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]

49
devices/hololens/hololens-licenses-requirements.md
View File

@ -16,35 +16,56 @@ appliesto:
- HoloLens 2
---
# Licenses Required for Mixed Reality Deployment
If you plan on using a Mobile Device Management system (MDM) to manage your HoloLens, please review the MDM License Guidance section.
# Determine what licenses you need
## Mobile Device Management (MDM) Licenses Guidance
If you plan on managing your HoloLens devices, you will need Azure AD and an MDM. Active Director (AD) cannot be used to manage HoloLens devices.
If you plan on using an MDM other than Intune, an [Azure Active Directory Licenses](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) is required.
If you plan on using Intune as your MDM, you can acquire an [Enterprise Mobility + Security (EMS) suite (E3 or E5) licenses](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing). **Please note that Azure AD is included in both suites.**
## Identify the licenses needed for your scenario and products
### HoloLens Licenses Requirements
You may need to upgrade your HoloLens 1st Gen Device to Windows Holographic for Business. (See [HoloLens commercial features](holoLens-commercial-features.md#feature-comparison-between-editions) to determine if you need to upgrade).
If so, you will need to do the following:
- Acquire a HoloLens Enterprise license XML file
- Apply the XML file to the HoloLens. You can do this through a [Provisioning package](hololens-provisioning.md) or through your [Mobile Device Manager](https://docs.microsoft.com/intune/configuration/holographic-upgrade)
Some of the HoloLens configurations you can apply in a provisioning package:
- Apply certificates to the device
- Set up a Wi-Fi connection
- Pre-configure out of box questions like language and locale
- (HoloLens 2) bulk enroll in mobile device management
- (HoloLens v1) Apply key to enable Windows Holographic for Business
Follow [this guide](hololens-provisioning.md) to create and apply a provisioning package to HoloLens.
### Remote Assist License Requirements
Make sure you have the required licensing and device. Updated licensing and product requirements can be found [here](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/requirements).
1. [Remote Assist License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
1. [Teams Freemium/Teams](https://products.office.com/microsoft-teams/free)
1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
1. [Remote Assist License](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/buy-and-deploy-remote-assist)
1. [Teams Freemium/Teams](https://products.office.com/microsoft-teams/free)
1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
### Guides License Requirements
Updated licensing and device requirements can be found [here](https://docs.microsoft.com/dynamics365/mixed-reality/guides/requirements).
1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
1. [Power BI](https://powerbi.microsoft.com/desktop/)
1. [Guides](https://docs.microsoft.com/dynamics365/mixed-reality/guides/setup)
1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
1. [Power BI](https://powerbi.microsoft.com/desktop/)
1. [Guides](https://docs.microsoft.com/dynamics365/mixed-reality/guides/setup)
### Scenario 1: Kiosk Mode
If you are not planning to use an MDM to manage your device and you are planning to use a local account or an MSA as the login identity, you will not need any additional licenses. Kiosk mode can be accomplished using a provisioning packages.
1. If you are **not** planning to use an MDM to manage your device and you are planning to use a local account or an MSA as the login identity, you will not need any additional licenses. Kiosk mode can be accomplished using a provisioning packages.
1. If you are planning to use an MDM other than Intune, your MDM provider will have steps on configuring Kiosk mode.
1. If you are planning to use **Intune** as your MDM, implementation directions can be found in [Configuring your Network for HoloLens]().
1. If you are **not** planning to manage your device and you are planning to use a local account or an MSA as the login identity, you will not need any additional licenses. Kiosk mode can be accomplished using a provisioning packages.
1. If you are planning to use an MDM to implement Kiosk mode, you will need an [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis).
Additional information regarding kiosk mode will be covered in [Configuring your Network for HoloLens](hololens-commercial-infrastructure.md#how-to-configure-kiosk-mode-using-microsoft-intune).
## Next Step: [Configure your network for HoloLens](hololens-commercial-infrastructure.md)

41
devices/hololens/hololens-provisioning.md
View File

@ -14,35 +14,32 @@ manager: dansimp
# Configure HoloLens using a provisioning package
[Windows provisioning](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) makes it easy for IT administrators to configure end-user devices without imaging. Windows Configuration Designer is a tool for configuring images and runtime settings which are then built into provisioning packages.
Some of the HoloLens configurations that you can apply in a provisioning package:
- Upgrade to Windows Holographic for Business
- Upgrade to Windows Holographic for Business [here](hololens1-upgrade-enterprise.md)
- Set up a local account
- Set up a Wi-Fi connection
- Apply certificates to the device
- Enable Developer Mode
- Configure Kiosk mode (Detailed instructions for configuring kiosk mode can be found [here](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803).
To create provisioning packages, you must install Windows Configuration Designer [from Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22) or [from the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). If you install Windows Configurations Designer from the Windows ADK, select **Configuration Designer** from the **Select the features you want to install** dialog box.
<span id="wizard" />
## Create a provisioning package for HoloLens using the HoloLens wizard
## Provisioning package HoloLens wizard
The HoloLens wizard helps you configure the following settings in a provisioning package:
- Upgrade to the enterprise edition
>[!NOTE]
>Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
> This should only be used for HoloLens 1st Gen devices. Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
- Configure the HoloLens first experience (OOBE)
- Configure Wi-Fi network
- Enroll device in Azure Active Directory or create a local account
- Add certificates
- Enable Developer Mode
- Configure kiosk mode. (Detailed instructions for configuring kiosk mode can be found [here](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803)).
>[!WARNING]
>You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.
@ -52,8 +49,14 @@ Provisioning packages can include management instructions and policies, customiz
> [!TIP]
> Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
## Steps for Creating Provisioning Packages
### Create the provisioning package
### 1. Install Windows Configuration Designer on your PC. (There are two ways to do this).
1. **Option 1:** [From Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22)
2. **Option 2:** [From the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). If you install Windows Configurations Designer from the Windows ADK, select **Configuration Designer** from the **Select the features you want to install** dialog box.
### 2. Create the Provisioning Package
Use the Windows Configuration Designer tool to create a provisioning package.
@ -72,7 +75,6 @@ Use the Windows Configuration Designer tool to create a provisioning package.
### Configure settings
<table>
<tr><td style="width:45%" valign="top"><a id="one"></a><img src="images/one.png" alt="step one"/><img src="images/set-up-device.png" alt="set up device"/></br></br>Browse to and select the enterprise license file to upgrade the HoloLens edition.</br></br>You can also toggle <strong>Yes</strong> or <strong>No</strong> to hide parts of the first experience.</br></br>To set up the device without the need to connect to a Wi-Fi network, toggle <strong>Skip Wi-Fi setup</strong> to <strong>On</strong>.</br></br>Select a region and timezone in which the device will be used. </td><td><img src="images/set-up-device-details.png" alt="Select enterprise licence file and configure OOBE"/></td></tr>
<tr><td style="width:45%" valign="top"><a id="two"></a><img src="images/two.png" alt="step two"/> <img src="images/set-up-network.png" alt="set up network"/></br></br>In this section, you can enter the details of the Wi-Fi wireless network that the device should connect to automatically. To do this, select <strong>On</strong>, enter the SSID, the network type (<strong>Open</strong> or <strong>WPA2-Personal</strong>), and (if <strong>WPA2-Personal</strong>) the password for the wireless network.</td><td><img src="images/set-up-network-details-desktop.png" alt="Enter network SSID and type"/></td></tr>
@ -84,10 +86,7 @@ Use the Windows Configuration Designer tool to create a provisioning package.
After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
**Next step**: [How to apply a provisioning package](#apply)
## Create a provisioning package for HoloLens using advanced provisioning
### 3. Create a provisioning package for HoloLens using advanced provisioning
>[!NOTE]
>Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
@ -138,6 +137,7 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
10. When the build completes, click **Finish**.
<span id="apply" />
## Apply a provisioning package to HoloLens during setup
1. Connect the device via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box).
@ -157,7 +157,7 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
>[!NOTE]
>If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
## Apply a provisioning package to HoloLens after setup
### 4. Apply a provisioning package to HoloLens after setup
>[!NOTE]
>Windows 10, version 1809 only
@ -192,9 +192,4 @@ In Windows Configuration Designer, when you create a provisioning package for Wi
>[!NOTE]
>App installation (**UniversalAppInstall**) using a provisioning package is not currently supported for HoloLens.
## Next Step: [Enroll your device](hololens-enroll-mdm.md)

3
devices/hololens/hololens-release-notes.md
View File

@ -19,6 +19,7 @@ appliesto:
# HoloLens Release Notes
## HoloLens 2
> [!Note]
> HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
@ -85,7 +86,7 @@ Windows 10, version 1803, is the first feature update to Windows Holographic for
- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#wizard).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard).
![Provisioning HoloLens devices](images/provision-hololens-devices.png)

134
devices/hololens/hololens-requirements.md
View File

@ -13,62 +13,67 @@ ms.date: 07/15/2019
# Deploy HoloLens in a commercial environment
You can deploy and configure HoloLens at scale in a commercial setting.
You can deploy and configure HoloLens at scale in a commercial setting. This article provides instructions for deploying HoloLens devices in a commercial environment. This guide assumes basic familiarity with HoloLens. Follow the [get started guide](hololens1-setup.md) to set up HoloLens for the first time.
This article includes:
## Overview of Deployment Steps
- Infrastructure requirements and recommendations for HoloLens management
- Tools for provisioning HoloLens
- Instructions for remote device management
- Options for application deployment
1. [Determine what features you need](hololens-requirements.md#step-1-determine-what-you-need)
1. [Determine what licenses you need](hololens-licenses-requirements.md)
1. [Configure your network for HoloLens](hololens-commercial-infrastructure.md).
1. This section includes bandwidth requirements, URL and Ports that need to be whitelisted on your firewall, Azure AD guidance, Mobile Device Management Guidance, app deployment/management guidance, and certificate guidance.
1. (Optional) [Configure HoloLens using a provisioning package](hololens-provisioning.md)
1. [Enroll Device](hololens-enroll-mdm.md)
1. [Set up ring based updates for HoloLens](hololens-updates.md)
1. [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
This guide assumes basic familiarity with HoloLens. Follow the [get started guide](hololens1-setup.md) to set up HoloLens for the first time.
## Step 1. Determine what you need
## Infrastructure for managing HoloLens
Before deploying the HoloLens in your environment, it is important to first determine what features, apps, and type of identities are needed.
HoloLens is, at its core, a Windows mobile device integrated with Azure. It works best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services.
### Type of Features
Critical cloud services include:
Your feature requirements will determine which HoloLens you need. One popular feature that we see deployed in customer environments frequently is Kiosk Mode. A list of HoloLens key features, and the editions of HoloLens that support them, can be found [here](hololens-commercial-features.md).
- Azure active directory (AAD)
- Windows Update (WU)
**What is Kiosk Mode?**
Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/enterprise-mobility-security/microsoft-intune) as an example, though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2.
Kiosk mode is a way to restrict the apps that a user has access to. This means that users will only be allowed to access certain apps.
HoloLens does support a limited set of cloud disconnected experiences.
**What Kiosk Mode do I require?**
## Initial set up at scale
There are two types of Kiosk Modes: Single app and multi-app. Single app kiosk mode allows user to only access one app while multi-app kiosk mode allows users to access multiple specified apps. To determine which kiosk mode is right for your corporation, the following two questions need to be answered:
The HoloLens out of box experience is great for setting up one or two devices or for experiencing HoloLens for the first time. If you're provisioning many HoloLens devices, however, selecting your language and settings manually for each device gets tedious and limits scale.
1. **Do different users who are require different experiences/restrictions?** Example, User A is a field service engineer who only needs access to Remote Assist. User B is a trainee who only needs access to guides… etc.
1. If yes, you will require the following:
1. Azure AD Accounts as the method of signing into the devices.
1. Multi-app kiosk mode.
1. If no, continue to question two
1. **Do you require a multi-app experience?**
1. If yes, Multi-app kiosk is mode is needed
1. If your answer to question 1 and 2 are both no, Single-app kiosk mode can be used
This section:
**How to set up Kiosk Mode**
- Introduces Windows provisioning using provisioning packages
- Walks through applying a provisioning package during first setup
There are two main ways ([provisioning packages](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) and [MDM](hololens-kiosk.md#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)) to deploy kiosk mode for HoloLens. These options will be discussed later in the document; however, you can use the links above to jump to the respective sections in this doc.
### Create and apply a provisioning package
### Apps
The best way to configure many new HoloLens device is with Windows provisioning. You can use it to specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in minutes.
This deployment guide will cover the following types of apps:
A [provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) (.ppkg) is a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device.
1. Remote Assist
2. Guides
3. Customer Apps
### Upgrade to Windows Holographic for Business
Each step in this document will include instructions for each specific app.
- HoloLens Enterprise license XML file
### Type of identity
Some of the HoloLens configurations you can apply in a provisioning package:
Determine the type of identity that will be used to sign into the device.
- Apply certificates to the device
- Set up a Wi-Fi connection
- Pre-configure out of box questions like language and locale
- (HoloLens 2) bulk enroll in mobile device management
- (HoloLens v1) Apply key to enable Windows Holographic for Business
1. **Local Accounts:** This account is local to the device (like a local admin account on a windows PC). This will allow only 1 user to log into the device.
2. **MSA:** This will be a personal account (like outlook, hotmail, gmail, yahoo, etc.) This will allow only 1 user to log into the device.
3. **Azure Active Directory (Azure AD) accounts:** This is an account created in Azure AD. This grants your corporation the ability to manage the HoloLens device. This will allow multiple users to log into the HoloLens 1st Gen Commercial Suite/the HoloLens 2 device.
Follow [this guide](https://docs.microsoft.com/hololens/hololens-provisioning) to create and apply a provisioning package to HoloLens.
### Set up user identity and enroll in device management
The last step in setting up HoloLens for management at scale is to enroll devices with mobile device management infrastructure. There are several ways to enroll:
### Determine your enrollment method
1. Bulk enrollment with a security token in a provisioning package.
Pros: this is the most automated approach
@ -80,66 +85,19 @@ The last step in setting up HoloLens for management at scale is to enroll device
Pros: possible to enroll after set up
Cons: most manual approach and devices aren't centrally manageable until they're manually enrolled.
Learn more about MDM enrollment [here](hololens-enroll-mdm.md).
More information can be found [here](hololens-enroll-mdm.md)
## Ongoing device management
### Determine if you need a provisioning package
Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely.
There are two methods to configure a HoloLens device (Provisioning packages and MDMs). We suggest using your MDM to configure you HoloLens device, however, there are some scenarios where using a provisioning package is the better choice:
This article outlines [policies and capabilities HoloLens supports](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#hololens).
1. You want to skip the Out of Box Experience (OOBE)
1. You are having trouble deploying certificate in a complex network. The majority of the time you can deploy certificates using MDM (even in complex environments). However, some scenarios require certificates to be deployed through the provisioning package.
[This article](https://docs.microsoft.com/intune/windows-holographic-for-business) talks about Intune's management tools for HoloLens.
### Push compliance policy via Intune
[Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are non-compliant.
For example, you can create a policy that requires Bitlocker be enabled.
[Create compliance policies with Intune](https://docs.microsoft.com/intune/compliance-policy-create-windows).
### Manage updates
Intune includes a feature called Update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed.
For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update.
Read more about [configuring update rings with Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure).
## Application management
Manage HoloLens applications through:
1. Microsoft Store
The Microsoft Store is the best way to distribute and consume applications on HoloLens. There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/windows/uwp/publish/).
All applications in the store are available publicly to everyone, but if it isn't acceptable, checkout the Microsoft Store for Business.
1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/)
Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It also lets you deploy apps that are specific to your commercial environment but not to the world.
1. Application deployment and management via Intune or another mobile device management solution
Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy).
1. _not recommended_ Device Portal
Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use the device portal.
Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps).
## Next Step: [Determine what licenses you need](hololens-licenses-requirements.md)
## Get support
Get support through the Microsoft support site.
[File a support request](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f).
## Technical Reference
### Wireless network EAP support
- PEAP-MS-CHAPv2
- PEAP-TLS
- TLS
- TTLS-CHAP
- TTLS-CHAPv2
- TTLS-MS-CHAPv2
- TTLS-PAP
- TTLS-TLS

4
devices/hololens/hololens-whats-new.md
View File

@ -45,7 +45,6 @@ manager: dansimp
### For international customers
Feature | Details
--- | ---
Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.
@ -53,7 +52,6 @@ Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese
[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md)
## Windows 10, version 1803 for Microsoft HoloLens
> **Applies to:** Hololens (1st gen)
@ -64,7 +62,7 @@ Windows 10, version 1803, is the first feature update to Windows Holographic for
- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#wizard).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard).
![Provisioning HoloLens devices](images/provision-hololens-devices.png)