deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #386 from CoveMiner/surface-2s-update-vjokai

Browse Source 
Update TOC.md
This commit is contained in:
Robert Mazzoli 2019-06-10 07:18:24 -07:00 committed by GitHub
commit 6a371be086
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 222 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
devices/surface-hub/TOC.md
View File

@ -4,6 +4,7 @@
## Overview
### [What's new in Surface Hub 2S](surface-hub-2s-whats-new.md)
### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md)
## Plan
### Surface Hub 2S Site Readiness Guide
@ -12,23 +13,23 @@
### [Physically installing and mounting Surface Hub 2S](surface-hub-2s-install-mount.md)
### [Connecting to Surface Hub 2S](surface-hub-2s-connect.md)
### [Prepare your environment for Microsoft Surface Hub 2S](surface-hub-2s-prepare-environment.md)
### [Configure phone authentication for Surface Hub 2S](surface-hub-2s-phone-authenticate.md)
### [Surface Hub 2S deployment checklist](surface-hub-2s-deploy-checklist.md)
## Deploy
### Create Surface Hub 2S device account
### [Deploying Surface Hub 2S](surface-hub-2s-deploy.md)
### [Deploying Surface Hub 2S with PowerShell](surface-hub-2s-configure-with-powershell.md)
### [Configure Skype for Business on Surface Hub 2S](surface-hub-2s-configure-skype.md)
### [Configure Microsoft Teams on Surface Hub 2S](surface-hub-2s-configure-teams.md)
### [Create Surface Hub 2S device account](surface-hub-2s-account.md)
### [Deploy Surface Hub 2S](surface-hub-2s-deploy.md)
### [Configure Surface Hub 2S with PowerShell](surface-hub-2s-configure-with-powershell.md)
### [Configure Surface Hub 2S on-premises accounts with PowerShell](surface-hub-2s-onprem-powershell.md)
## Manage
### [Managing Surface Hub 2S with Microsoft Intune](surface-hub-2s-manage-intune.md)
### [Managing Surface Hub 2S with Surface app](surface-hub-2s-manage-surface-app.md)
### [Servicing and updating for Surface Hub 2S](surface-hub-2s-service-update.md)
### [Updating pen firmware for Surface Hub 2S](surface-hub-2s-pen-firmware.md)
### [Managing settings on Surface Hub 2S via the on screen display](surface-hub-2s-manage-settings.md)
## Secure
### [Conditional access for Surface Hub 2S](surface-hub-2s-conditional-access.md)
### [Securing Surface Hub 2S with SEMM](surface-hub-2s-secure-with-semm.md)
### [Securing Surface Hub 2S with UEFI](surface-hub-2s-secure-with-uefi.md)

BIN
devices/surface-hub/images/h2gen-platemount.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 43 KiB

After

Width:  |  Height:  |  Size: 52 KiB

BIN
devices/surface-hub/images/h2gen-railmount.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 46 KiB

After

Width:  |  Height:  |  Size: 45 KiB

BIN
devices/surface-hub/images/sh2-add-room.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
devices/surface-hub/images/sh2-mount-config.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 58 KiB

After

Width:  |  Height:  |  Size: 55 KiB

BIN
devices/surface-hub/images/sh2-set-intune1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
devices/surface-hub/images/sh2-set-intune3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 55 KiB

BIN
devices/surface-hub/images/sh2-set-intune5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

BIN
devices/surface-hub/images/sh2-set-intune6.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
devices/surface-hub/images/sh2-set-intune8.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 49 KiB

BIN
devices/surface-hub/images/sh2-wall-front.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 103 KiB

After

Width:  |  Height:  |  Size: 132 KiB

BIN
devices/surface-hub/images/sh2-wall-side.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 57 KiB

After

Width:  |  Height:  |  Size: 24 KiB

34
devices/surface-hub/surface-hub-2s-deploy-apps-intune.md Normal file
View File

@ -0,0 +1,34 @@
---
title: "Manage Surface Hub 2S with Intune"
description: "Learn how you can deploy apps to Surface Hub 2S using Intune."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
author: robmazz
ms.author: robmazz
audience: Admin
ms.topic: article
ms.localizationpriority: Normal
---
# Deploy apps to Surface Hub 2S using Intune
You can deploy Universal Windows Platform (UWP) apps to Surface Hub 2S using Intune, easing app deployment to devices.
1. To deploy apps, enable MDM for your organization. In the Intune portal, select **Intune** as your MDM Authority (recommended).
![Choose MDM authority](images/sh2-set-intune5.png)<br>
2. Enable the Microsoft Store for Business in Intune.
![Enable Store for Business](images/sh2-set-intune6.png)<br>
3. Open the store from the Intune portal and click **Settings** > **Distribute** > **Management tools**. Choose **Microsoft Intune** as your management tool.
![Add Intune as your management tool](images/sh2-set-intune8.png)<br>
4. In **Settings** > **Shop** > **Shopping Experience**, turn on **Show offline apps**.
Offline apps refer to apps that can be synced to Intune and centrally deployed to a device.
5. After enabling Offline shopping, acquire offline licenses for apps, which you can sync to Intune and deploy as Device licensing.

73
devices/surface-hub/surface-hub-2s-deploy-checklist.md Normal file
View File

@ -0,0 +1,73 @@
---
title: "Surface Hub 2S deployment checklist"
description: "Verify your deployment of Surface Hub 2S using pre- and post-deployment checklists."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
author: robmazz
ms.author: robmazz
audience: Admin
ms.topic: article
ms.localizationpriority: Normal
---
# Surface Hub 2S deployment checklist
#
## Surface Hub 2S pre-deployment checklist
| **Item** | **Response** | **Learn more** |
| ----------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Device account name** | | |
| **Device account UPN** | | |
| **ActiveSync Policy** | | |
| **Calendar processing configuration completed** | - Yes<br>- No | |
| **Device friendly name** | | |
| **Device host name** | | |
| **Affiliation** | - None<br>- Active Directory affiliation<br>- Azure Active Directory | |
| **Microsoft Teams Mode** | - Mode 0<br>- Mode 1<br>- Mode 2 | |
| **Device Management** | - Yes, Microsoft Intune<br>- Yes, other mobile device manager [MDM]<br>- None | |
| **Proxy** | - Automatic configuration<br>- Proxy server<br>- Proxy auto-config (PAC) file | |
| **Proxy authentication** | - Device account credentials<br>- Prompt for credentials | |
| **Password rotation** | - On<br>- Off | |
| **Skype for Business additional domain names (on-premises only)** | | |
| **Session timeout time** | | |
| **Session timeout action** | - End session<br>- Allow resume | |
| **My meetings and files** | - Enabled<br>- Disabled | |
| **Lock screen timeout** | | |
| **Sleep idle timeout** | | |
| **Bluetooth** | - On<br>- Off | |
| **Use only BitLocker USB drives** | - On<br>- Off | |
| **Install additional certificates (on-premises only)** | | [Using certificates for AADJ on-premises single-sign on](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert) |
| **Windows update** | - Windows Update for Business<br>- Windows Server Update Services [WSUS] | [Deploy updates using Windows Update for Business](https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb)<br> <br> <br> <br>[Get Started with Windows Server Update Services (WSUS)](https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) |
| **Surface app speaker setting** | - Rolling stand<br>- Wall-mounted | |
| **IP Address** | - Wired - DHCP<br>- Wired - DHCP reservation<br>- Wireless DHCP<br>- Wireless DHCP reservation | |
## Surface Hub 2S post-deployment checklist
| **Item** | **Response** | **Learn more** |
| ------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- |
| **Device account syncing** | - Yes<br>- No | |
| **Bitlocker key** | - Saved to file (no affiliation)<br>- Saved in Active Directory (AD affiliation)<br>- Saved in Azure AD ( Azure AD affiliation) | |
| **Device OS updates** | - Completed | |
| **Windows Store updates** | - Automatic<br>- Manual | |
| **Microsoft Teams scheduled meeting** | - Confirmation email received<br>- Meeting appears on start screen<br>- One-touch join functions<br>- Able to join audio<br>- Able to join video<br>- Able to share screen | |
| **Skype for Business scheduled meeting** | - Confirmation email received<br>- Meeting appears on start screen<br>- One-touch join functions correctly<br>- Able to join audio<br>- Able to join video<br>- Able to share screen<br>- Able to send/receive IM | |
| **Scheduled meeting when already invited** | - Meeting declined | |
| **Microsoft Teams ad-hoc meeting** | - Invite other users work<br>- Able to join audio<br>- Able to join Video<br>- Able to share screen | |
| **Skype for Business scheduled meeting** | - Invite other users work<br>- Able to join audio<br>- Able to join video<br>- Able to share screen<br>- Able to send/receive IM | |
| **Microsoft Whiteboard** | - Launch from start / welcome screen<br>- Launch from Microsoft Teams | [Microsoft Whiteboard](https://whiteboard.microsoft.com/) |
| **Incoming Skype/Teams call** | - Able to join audio<br>- Able to join video<br>- Able to share screen<br>- Able to send/receive IM (Skype for Business only) | |
| **Incoming live video streams** | - Maximum 2 (Skype for Business)<br>- Maximum 4 (Microsoft Teams) | |
| **Microsoft Teams Mode 0 behavior** | - Skype for Business tile on Welcome/Start screen<br>- Can join scheduled Skype for Business meetings (Skype UI)<br>- Can join scheduled Teams meetings (Teams UI) | |
| **Microsoft Teams Mode 1 behavior** | - Teams tile on Welcome/Start screen<br>- Can join scheduled Skype for Business meetings (Skype UI)<br>- Can join scheduled Teams meetings (Teams UI) | |
| **Microsoft Teams Mode 2 behavior** | - Teams tile on welcome / start screen<br>- Can join scheduled Teams meetings<br>- Fail to join Skype for Business meetings | |

60
devices/surface-hub/surface-hub-2s-manage-intune.md
View File

@ -11,4 +11,62 @@ ms.topic: article
ms.localizationpriority: Normal
---
# Manage Surface Hub 2S with Intune
# Manage Surface Hub 2S with Intune
## Register Surface Hub 2S with Intune
Surface Hub 2S allows IT administrators to manage settings and policies using a mobile device management (MDM) provider. Surface Hub 2S has a built-in management component to communicate with the management server, so there is no need to install additional clients on the device.
**Manual registration**
1. Sign in as a local administrator on Surface Hub 2S and open the **Settings** app. Click **Surface Hub** > **Device management** and then click **+** to add.
2. After authenticating, the device will automatically register with Intune.
![Register Surface Hub 2S with Intune](images/sh2-set-intune1.png)<br>
*Figure 1. Register Surface Hub 2S with Intune*<br> <br>
**Auto registration — Azure Active Directory Affiliated**
When affiliating Surface Hub 2S with a tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune.
## Windows 10 Team Edition settings
Select Windows 10 Team for preset device restriction settings for Surface Hub and Surface Hub 2S.
![Set device restrictions for Surface Hub 2S.](images/sh2-set-intune3.png) <br>
*Figure 2. Set device restrictions for Surface Hub 2S* <br> <br>
These settings include user experience and app behavior, Azure Log Analytics registration, Maintenance windows configuration, Session settings and Miracast settings.
## Additional supported configuration service providers
For a list of all available configuration service providers (CSPs), see [SurfaceHub CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/surfacehub-csp).
**Quality of Service (QoS) settings**
To ensure optimal video and audio quality on Surface Hub 2S, add the following QoS settings to the device. The settings are identical for Skype for Business and Teams.
| Name | Description | OMA-URI | Type | Value |
| ----------- | ------------------- | ----------------------------------------------------------------------- | ------- | ----------- |
| Audio Ports | Audio Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition | String | 50000-50019 |
| Audio DSCP | Audio ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DSCPAction | Integer | 46 |
| Video Ports | Video Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/SourcePortMatchCondition | String | 50020-50039 |
| Video DSCP | Video ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DSCPAction | Integer | 34 |
> [!NOTE]
> These are the default port ranges. Administrators may change the port ranges in the Skype for Business and Teams control panel.
**Microsoft Teams Mode settings**
You can set the Microsoft Teams app mode using Intune. Surface Hub 2S comes installed with Microsoft Teams in mode 0, which supports both Microsoft Teams and Skype for Business. You can adjust the modes as shown below.
Modes:
- Mode 0 Skype for Business with Microsoft Teams functionality for scheduled meetings.
- Mode 1 Microsoft Teams with Skype for Business functionality for scheduled meetings.
- Mode 2 Microsoft Teams only.
To set modes, add the following settings to a custom Device Configuration Profile.
| Name | Description | OMA-URI | Type | Value |
| -------------- | ----------- | --------------------------------------------------------- | ------- | ----------------------------------------------------------- |
| Teams App ID | App name | ./Vendor/MSFT/SurfaceHub/Properties/VtcAppPackageId | String | Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe!Teams­­ |
| Teams App Mode | Teams mode | ./Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode | Integer | 0 or 1 or 2 |
#

17
devices/surface-hub/surface-hub-2s-onprem-powershell.md
View File

@ -17,7 +17,14 @@ ms.localizationpriority: Normal
> [!NOTE]
> It is important that you know the FQDN of the Client Access service of the on-premises Exchange server.
```PowerShell
$ExchServer = Read-Host "Please Enter the FQDN of your Exchange Server"
$ExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchServer/PowerShell/ -Authentication Kerberos -Credential (Get-Credential)
Import-PSSession $ExchSession
```
```PowerShell
$ExchServer = Read-Host "Please Enter the FQDN of your Exchange Server"
$ExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchServer/PowerShell/ -Authentication Kerberos -Credential (Get-Credential)
Import-PSSession $ExchSession
@ -25,13 +32,13 @@ Import-PSSession $ExchSession
## Create the device account
```
```PowerShell
New-Mailbox -UserPrincipalName Hub01@contoso.com -Alias Hub01 -Name "Hub 01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
## Set automatic calendar processing
```
```PowerShell
Set-CalendarProcessing -Identity "HUB01@contoso.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false AllowConflicts $false DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub"
```
@ -40,7 +47,7 @@ Set-CalendarProcessing -Identity "HUB01@contoso.com" -AutomateProcessing AutoAcc
> [!NOTE]
> It is important that you know the FQDN of the Skype for Business Registrar Pool.
```
```PowerShell
Enable-CsMeetingRoom -Identity Contoso\HUB01 -SipAddressType emailaddress -RegistrarPool SfbIEFE01.contoso.local
```
@ -50,7 +57,7 @@ You may need to create a new Mobile Device Mailbox Policy (also known as ActiveS
## Create a Surface Hub mobile device mailbox policy
```
```PowerShell
New-MobileDeviceMailboxPolicy -Name “Surface Hubs” -PasswordEnabled $false
```
@ -58,6 +65,6 @@ New-MobileDeviceMailboxPolicy -Name “Surface Hubs” -PasswordEnabled $false
It is recommended to add a MailTip to Surface Hub rooms so users remember to make the meeting a Skype for Business or Teams meeting:
```
```PowerShell
Set-Mailbox "Surface Hub 2S" -MailTip "This is a Surface Hub room. Please make sure this is a Microsoft Teams meeting."
```

35
devices/surface-hub/surface-hub-2s-phone-authenticate.md Normal file
View File

@ -0,0 +1,35 @@
---
title: "Configure phone authentication for Surface Hub 2S"
description: "Learn how to simplify signing into Surface Hub 2S using phone authentication."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
author: robmazz
ms.author: robmazz
audience: Admin
ms.topic: article
ms.localizationpriority: Normal
---
# Configure phone authentication for Surface Hub
Phone authentication for Surface Hub simplifies signing-in to your meetings and files on Surface Hub.
**To set up phone authentication:**
1. Download the [Microsoft Authenticator](https://www.microsoft.com/en-us/account/authenticator) app for iPhone or Android to your phone.
2. From your PC, go to [https://aka.ms/MFASetup](https://aka.ms/MFASetup) , sign in with your account, and click **Next.**
3. In the Additional security verification screen, select Mobile App and Use verification code, and then click Setup.
**To configure mobile app:**
1. In the Microsoft authenticator app on your phone, add an account, choose **Work or School Account**, and then scan the QR code displayed on your PC
2. Send a notification to your phone and then approve the sign-in request.
3. In the Authenticator app on your phone, use the drop-down menu next to your account and select **Enable phone sign-in**.
4. If required, register your device with your organization and follow the on-screen instructions.
**To sign into Surface Hub:**
1. On Surface Hub, sign into **My meetings and files** and click **Send notification** when prompted.
2. Match the number displayed on your phone with the number displayed on Surface Hub to approve your sign-in request.
3. If prompted, enter the PIN or biometric ID on your phone, to complete sign-in.