From 71a26ee85287973957dafa549d290765d584aeb1 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Wed, 21 Dec 2022 11:12:18 -0800 Subject: [PATCH] add mixedreality csp --- .../mdm/policy-csp-mixedreality.md | 1375 ++++++++++------- 1 file changed, 843 insertions(+), 532 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index dc083daf3c..a998ae7b42 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -1,782 +1,1093 @@ --- -title: Policy CSP - MixedReality -description: Policy CSP - MixedReality +title: MixedReality Policy CSP +description: Learn more about the MixedReality Area in Policy CSP +author: vinaypamnani-msft +manager: aaroncz ms.author: vinpa +ms.date: 12/21/2022 ms.localizationpriority: medium -ms.topic: article ms.prod: windows-client ms.technology: itpro-manage -author: vinaypamnani-msft -ms.reviewer: -manager: aaroncz -ms.date: 12/31/2017 +ms.topic: reference --- + + + # Policy CSP - MixedReality -
+> [!TIP] +> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - -## MixedReality policies + + -
-
- MixedReality/AADGroupMembershipCacheValidityInDays -
-
- MixedReality/AllowCaptivePortalBeforeLogon -
-
- MixedReality/AllowLaunchUriInSingleAppKiosk -
-
- MixedReality/AutoLogonUser -
-
- MixedReality/BrightnessButtonDisabled -
-
- MixedReality/ConfigureMovingPlatform -
-
- MixedReality/ConfigureNtpClient -
-
- MixedReality/DisallowNetworkConnectivityPassivePolling -
-
- MixedReality/FallbackDiagnostics -
-
- MixedReality/HeadTrackingMode -
-
- MixedReality/ManualDownDirectionDisabled -
-
- MixedReality/MicrophoneDisabled -
-
- MixedReality/NtpClientEnabled -
-
- MixedReality/SkipCalibrationDuringSetup -
-
- MixedReality/SkipTrainingDuringSetup -
-
- MixedReality/VisitorAutoLogon -
-
- MixedReality/VolumeButtonDisabled -
-
+These policies are only supported on [Microsoft HoloLens 2](/hololens/hololens2-hardware). They're not supported on HoloLens (first gen) Development Edition or HoloLens (first gen) Commercial Suite devices. -
+ - -**MixedReality/AADGroupMembershipCacheValidityInDays** + +## AADGroupMembershipCacheValidityInDays - + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | + -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays +``` + + + + +This policy controls for how many days, AAD group membership cache is allowed to be used for Assigned Access configurations targeting AAD groups for signed in user. Once this policy is set only then cache is used otherwise not. In order for this policy to take effect, user must sign-out and sign-in with Internet available at least once before the cache can be used for subsequent 'disconnected' sessions. + + + + Steps to use this policy correctly: -1. Create a device configuration profile for kiosk targeting Azure AD groups and assign it to HoloLens device(s). -1. Create a custom OMA URI-based device configuration that sets this policy value to chosen number of days (> 0) and assign it to HoloLens devices. - 1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays - 1. The value can be between min / max allowed. -1. Enroll HoloLens devices and verify both configurations get applied to the device. -1. Let Azure AD user 1 sign-in, when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created. -1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days. -1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they're a member of Azure AD group to which Kiosk configuration is targeted. +1. Create a device configuration profile for kiosk, which targets Azure AD groups. Assign it to the HoloLens devices. +1. Create a custom OMA URI-based device configuration. Set this policy value to the chosen number of days greater than zero (`0`). Then assign the configuration to the HoloLens devices. + - The URI value should be entered in OMA-URI text box as `./Device/Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays` + - The value can be any integer in the allowed range. +1. Enroll the HoloLens devices. Verify that both configurations apply to the device. +1. When internet is available, sign in as an Azure AD user. Once the user signs-in, and Azure AD group membership is confirmed successfully, the cache will be created. +1. You can now take the HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days. +1. Steps 4 and 5 can be repeated for any other Azure AD user. The key point is that any Azure AD user must sign-in at least once to a device while on the internet. Then we can determine that they're a member of an Azure AD group to which the kiosk configuration is targeted. > [!NOTE] -> Until step 4 is performed for a Azure AD, user will experience failure behavior mentioned similar to “disconnected” environments. +> Until you do step 4 for an Azure AD user, the user will experience failure behavior similar to a disconnected environment. - -
+ - -**MixedReality/AllowCaptivePortalBeforeLogon** + +**Description framework properties**: - +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Allowed Values | Range: `[0-60]` | +| Default Value | 0 | + -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + + + + + +## AllowCaptivePortalBeforeLogon - -[Scope](./policy-configuration-service-provider.md#policy-scope): + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | + -> [!div class = "checklist"] -> * Device + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowCaptivePortalBeforeLogon +``` + -
+ + +This policy controls whether the device will display the captive portal flow on the HoloLens sign in screen's network selection page when a captive portal network is detected. Displaying the captive portal flow is disabled by default to reduce the potential of gaining unauthorized access to the device through the browser. + - -This new feature is an opt-in policy that IT Admins can enable to help with the setup of new devices in new areas or new users. When this policy is turned on it allows a captive portal on the sign-in screen, which allows a user to enter credentials to connect to the Wi-Fi access point. If enabled, sign in will implement similar logic as OOBE to display captive portal if necessary. + + -MixedReality/AllowCaptivePortalBeforeLogon +This opt-in policy can help with the setup of new devices in new areas or new users. The captive portal allows a user to enter credentials to connect to the Wi-Fi access point. If enabled, sign in will implement similar logic as OOBE to display captive portal if necessary. -The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowCaptivePortalBeforeLogon` + -Int value + +**Description framework properties**: -- 0: (Default) Off -- 1: On +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + - + +**Allowed values**: - +| Value | Description | +|:--|:--| +| 0 (Default) | Displaying captive portal is not allowed. | +| 1 | Displaying captive portal is allowed. | + - -**MixedReality/AllowLaunchUriInSingleAppKiosk** + + + - + -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +## AllowLaunchUriInSingleAppKiosk - -[Scope](./policy-configuration-service-provider.md#policy-scope): + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | + -> [!div class = "checklist"] -> * Device + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowLaunchUriInSingleAppKiosk +``` + -
+ + +By default, launching applications via Launcher API (Launcher Class (Windows.System) - Windows UWP applications | Microsoft Docs) is disabled in single app kiosk mode. To enable applications to launch in single app kiosk mode on HoloLens devices, set the policy value to true. + - -This can be enabled to allow for other apps to be launched with in a single app Kiosk, which may be useful, for example, if you want to launch the Settings app to calibrate your device or change your Wi-Fi. + + -By default, launching applications via Launcher API (Launcher Class (Windows.System) - Windows UWP applications) is disabled in single app kiosk mode. To enable applications to launch in single app kiosk mode on HoloLens devices, set the policy value to true. +Enable this policy to allow for other apps to be launched within a single app kiosk. This behavior may be useful if you want to launch the Settings app to calibrate your device or change your Wi-Fi. -The OMA-URI of policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowLaunchUriInSingleAppKiosk` +For more information on the Launcher API, see [Launcher Class (Windows.System) - Windows UWP applications](/uwp/api/windows.system.launcher). -Bool value + - + +**Description framework properties**: - +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + - -**MixedReality/AutoLogonUser** + +**Allowed values**: - +| Value | Description | +|:--|:--| +| 0 (Default) | Applications are not allowed to be launched with Launcher API, when in single app kiosk mode. | +| 1 | Applications are allowed to be launched with Launcher API, when in single app kiosk mode. | + -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + + + - -This new AutoLogonUser policy controls whether a user will be automatically signed in. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up sign-in. + -When the policy is set to a non-empty value, it specifies the email address of the auto log-on user. The specified user must sign in to the device at least once to enable autologon. + +## AutoLogonUser -The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser` + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | + - -Supported value is String. + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser +``` + -- User with the same email address will have autologon enabled. + + +This policy controls whether a user will be automatically logged on. When the policy is set to a non-empty value, it specifies the email address of the auto-logon user. The specified user must logon to the device at least once to enable auto-logon. + -On a device where this policy is configured, the user specified in the policy will need to sign in at least once. Subsequent reboots of the device after the first sign-in will have the specified user automatically signed in. Only a single autologon user is supported. Once enabled, the automatically signed-in user won't be able to sign out manually. To sign in as a different user, the policy must first be disabled. + + + +Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. In this case, you can pick up a device and immediately use remote assist. It also allows you to rapidly distribute HoloLens devices and have users speed up sign-in. + +The string value is the email address of the user to automatically sign in. + +On a device where you configure this policy, the user specified in the policy needs to sign in at least once. Subsequent reboots of the device after the first sign-in will have the specified user automatically signed in. Only a single auto-logon user is supported. Once enabled, the automatically signed-in user can't manually sign out. To sign in as a different user, first disable this policy. > [!NOTE] > -> - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior. -> - Auto-logon is only supported for Microsoft account and Azure Active Directory users. +> - Some events such as major OS updates may require the specified user to sign in to the device again to resume auto-logon behavior. +> - Auto-logon is only supported for Microsoft accounts and Azure Active Directory (Azure AD) users. - -
+ - -[Scope](./policy-configuration-service-provider.md#policy-scope): + +**Description framework properties**: -> [!div class = "checklist"] -> * Device +| Property name | Property value | +|:--|:--| +| Format | chr (string) | +| Access Type | Add, Delete, Get, Replace | + -
+ + + - - -This policy setting controls, for how many days Azure AD group membership cache is allowed to be used for the Assigned Access configurations, targeting Azure AD groups for signed in user. Once this policy setting is set, only then cache is used, otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions. + - + +## AutomaticDisplayAdjustment - - + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | + - -Supported value is Integer. + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/AutomaticDisplayAdjustment +``` + -Supported values are 0-60. The default value is 0 (day) and maximum value is 60 (days). + + +This policy controls if the HoloLens displays will be automatically adjusted for your eyes to improve hologram visual quality when an user wears the device. When this feature is enabled, a new user upon wearing the device will not be prompted to calibrate and yet the displays will be adjusted to suite them automatically. However if an immersive application is launched that depends on eye tracking interactions, the user will be prompted to perform the calibration. + - - -
+ + + - -**MixedReality/BrightnessButtonDisabled** + +**Description framework properties**: - +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1 | + -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +**Allowed values**: - -
+| Value | Description | +|:--|:--| +| 0 | Disabled. | +| 1 (Default) | Enabled. | + - -[Scope](./policy-configuration-service-provider.md#policy-scope): + + + -> [!div class = "checklist"] -> * Device + -
+ +## BrightnessButtonDisabled - - + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/BrightnessButtonDisabled +``` + + + + This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it's used with other buttons as combination for other purposes. + - + + + - - + +**Description framework properties**: - -Supported values is Boolean. +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + -The following list shows the supported values: + +**Allowed values**: -- 0 - False (Default) -- 1 - True +| Value | Description | +|:--|:--| +| 0 (Default) | Brightness can be changed with press of brightness button. | +| 1 | Brightness cannot be changed with press of brightness button. | + - - -
+ + + - -**MixedReality/ConfigureMovingPlatform** + - + +## ConfigureMovingPlatform -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | + - -
+ +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureMovingPlatform +``` + - -[Scope](./policy-configuration-service-provider.md#policy-scope): + + +This policy controls the behavior of moving platform feature on HoloLens 2, that is, whether it’s turned off / on or it can be toggled by a user. It should only be used by customers who intend to use HoloLens 2 in moving environments with low dynamic motion. Please refer to HoloLens 2 Moving Platform Mode for background information. + -> [!div class = "checklist"] -> * Device + + -
+For more information, see [Moving platform mode on low dynamic motion moving platforms](/hololens/hololens2-moving-platform). - - -This policy controls the behavior of moving platform feature on HoloLens 2, that is, whether it's turned off / on, or it can be toggled by a user. It should only be used by customers who intend to use HoloLens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:). + - + +**Description framework properties**: - - +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + - -Supported value is Integer. + +**Allowed values**: -- 0 (Default) - Last set user's preference. Initial state is OFF and after that user's preference is persisted across reboots and is used to initialize the system. -- 1 Force off - Moving platform is disabled and can't be changed by user. -- 2 Force on - Moving platform is enabled and can't be changed by user. +| Value | Description | +|:--|:--| +| 0 (Default) | Last set user's preference. Initial state is OFF and after that user's preference is persisted across reboots and is used to initialize the system. | +| 1 | Moving platform is disabled and cannot be changed by user. | +| 2 | Moving platform is enabled and cannot be changed by user. | + - - -
+ + + - -**MixedReality/ConfigureNtpClient** + - + +## ConfigureNtpClient -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | + - -
+ +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureNtpClient +``` + - -[Scope](./policy-configuration-service-provider.md#policy-scope): + + +This policy setting specifies a set of parameters for controlling the Windows NTP Client. -> [!div class = "checklist"] -> * Device +If you enable this policy setting, you can specify the following parameters for the Windows NTP Client. -
+If you disable or do not configure this policy setting, the WIndows NTP Client uses the defaults of each of the following parameters. - - +NtpServer +The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"". -You may want to configure a different time server for your device fleet. IT admins can use this policy to configure certain aspects of NTP client with following policies. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. E.g. `time.windows.com` or another if another value is configured via MDM policy. +Type +This value controls the authentication that W32time uses. The default value is NT5DS. -This policy setting specifies a set of parameters for controlling the Windows NTP Client. Refer to [Policy CSP - ADMX_W32Time - Windows Client Management](/windows/client-management/mdm/policy-csp-admx-w32time#admx-w32time-policy-configure-ntpclient) for supported configuration parameters. +CrossSiteSyncFlags +This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal). + +ResolvePeerBackoffMinutes +This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes. + +ResolvePeerBackoffMaxTimes +This value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts. + +SpecialPollInterval +This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds. + +EventLogFlags +This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged. + + + + + +**More information**: + +You may want to configure a different time server for your device fleet. You can use this policy to configure certain aspects of the NTP client. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. + +For more information, see [ADMX_W32Time Policy CSP - W32Time_Policy_Configure_NTPClient](policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient). > [!NOTE] -> This feature requires enabling[NtpClientEnabled](#mixedreality-ntpclientenabled) as well. +> This policy also requires enabling [NtpClientEnabled](#ntpclientenabled). +> +> After you enable this policy, restart the device for the changes to apply. -- OMA-URI: `./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureNtpClient` + -> [!NOTE] -> Reboot is required for these policies to take effect. + +**Description framework properties**: - +| Property name | Property value | +|:--|:--| +| Format | chr (string) | +| Access Type | Add, Delete, Get, Replace | + - - + +> [!TIP] +> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - +**ADMX mapping**: -- Data Type: String -- Value: +| Name | Value | +|:--|:--| +| Name | W32TIME_POLICY_CONFIGURE_NTPCLIENT | +| Friendly Name | Configure Windows NTP Client | +| Location | Computer Configuration | +| Path | System > Windows Time Service > Time Providers | +| Registry Key Name | Software\Policies\Microsoft\W32time\TimeProviders\NtpClient | +| ADMX File Name | W32Time.admx | + -``` - + +\ + +**Example**: + +The following XML string is an example of the value for this policy: + +```xml + + + + + + + + ``` - - -
+ - -**MixedReality/DisallowNetworkConnectivityPassivePolling** + - + +## DisallowNetworkConnectivityPassivePolling -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | + - + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/DisallowNetworkConnectivityPassivePolling +``` + - -[Scope](./policy-configuration-service-provider.md#policy-scope): + + +Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. This policy allows IT admins to disable NCSI passive polling. Value type is integer. + -> [!div class = "checklist"] -> * Device + + -
+Windows Network Connectivity Status Indicator may get a false positive internet-capable signal from passive polling. That behavior may result in the Wi-Fi adapter unexpectedly resetting when the device connects to an intranet-only access point. When you enable this policy, you can avoid unexpected network interruptions caused by false positive NCSI passive polling. - -Windows Network Connectivity Status Indicator may get false positive Internet capable signal from passive polling. That may result in unexpected Wi-Fi adapter reset when device connects to an intranet only access point. Enabling this policy would avoid unexpected network interruptions caused by false positive NCSI passive polling. + -The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/DisallowNetworkConnectivityPassivePolling` + +**Description framework properties**: -- Bool value +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + - + +**Allowed values**: - -
+| Value | Description | +|:--|:--| +| 0 (Default) | Allowed. | +| 1 | Not allowed. | + - -**MixedReality/FallbackDiagnostics** + + + - + -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +## EyeTrackingCalibrationPrompt - -
+ +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | + - -[Scope](./policy-configuration-service-provider.md#policy-scope): + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/EyeTrackingCalibrationPrompt +``` + -> [!div class = "checklist"] -> * Device + + +This policy controls when a new person uses Hololens device, if Hololens should automatically ask to run eye calibration. + -
+ + + - - + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Disabled. | +| 1 (Default) | Enabled. | + + + + + + + + + +## FallbackDiagnostics + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/FallbackDiagnostics +``` + + + + This policy setting controls, when and if diagnostic logs can be collected using specific button combination on HoloLens. + - + + + - - + +**Description framework properties**: - -Supporting value is Integer. +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 2 | + -The following list shows the supported values: + +**Allowed values**: -- 0 - Disabled. -- 1 - Enabled for device owners. -- 2 - Enabled for all (Default). +| Value | Description | +|:--|:--| +| 0 | Not allowed. Diagnostic logs cannot be collected by pressing the button combination. | +| 1 | Allowed for device owners only. Diagnostics logs can be collected by pressing the button combination only if signed-in user is considered as device owner. | +| 2 (Default) | Allowed for all users. Diagnostic logs can be collected by pressing the button combination. | + - - -
+ + + - -**MixedReality/HeadTrackingMode** + - + +## HeadTrackingMode -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | + - -
+ +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/HeadTrackingMode +``` + - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - + + This policy configures behavior of HUP to determine, which algorithm to use for head tracking. It requires a reboot for the policy to take effect. + - + + - - +**Allowed values**: - -Supporting value is Boolean. +| Value | Description | +|:--|:--| +| `0` (Default) | Feature - Default feature based / SLAM-based tracker. | +| `1` | Constellation - LR constellation based tracker. | -The following list shows the supported values: + -- 0 - Feature – Default feature based / SLAM-based tracker (Default). -- 1 - Constellation – LR constellation based tracker. + +**Description framework properties**: - - -
+| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Allowed Values | Range: `[0-1]` | +| Default Value | 0 | + - -**MixedReality/ManualDownDirectionDisabled** + + + - + -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +## ManualDownDirectionDisabled - -
+ +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | + - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/ManualDownDirectionDisabled +``` + + + This policy controls whether the user can change down direction manually or not. If no down direction is set by the user, then an automatically calculated down direction is used by the system. This policy has no dependency on ConfigureMovingPlatform policy and they can be set independently. + -The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/ManualDownDirectionDisabled` + + - +When the system automatically determines the down direction, it's using the measured gravity vector. - + -Supported values: + +**Description framework properties**: -- **False (Default)** - User can manually change down direction if they desire, otherwise down direction will be determined automatically based on the measured gravity vector. -- **True** - User can’t manually change down direction and down direction will be always determined automatically based on the measured gravity vector. +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + - + +**Allowed values**: - -**MixedReality/MicrophoneDisabled** +| Value | Description | +|:--|:--| +| 0 (Default) | User is allowed to manually change down direction. | +| 1 | User is not allowed to manually change down direction. | + - + + + -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + - -
+ +## MicrophoneDisabled - -[Scope](./policy-configuration-service-provider.md#policy-scope): + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | + -> [!div class = "checklist"] -> * Device + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/MicrophoneDisabled +``` + -
- - - + + This policy setting controls whether microphone on HoloLens 2 is disabled or not. + - + + + - - + +**Description framework properties**: - -Supporting value is Boolean. +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + -The following list shows the supported values: + +**Allowed values**: -- 0 - False (Default) -- 1 - True +| Value | Description | +|:--|:--| +| 0 (Default) | Microphone can be used for voice. | +| 1 | Microphone cannot be used for voice. | + - + + + - -**MixedReality/NtpClientEnabled** + - + +## NtpClientEnabled -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | + - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/NtpClientEnabled +``` + + + This policy setting specifies whether the Windows NTP Client is enabled. -- OMA-URI: `./Device/Vendor/MSFT/Policy/Config/MixedReality/NtpClientEnabled` - +Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider. - - +If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers. - -- Data Type: String -- Value `` +If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers. + - + + - -
+For more information, see the [ConfigureNtpClient](#configurentpclient) policy. - -**MixedReality/SkipCalibrationDuringSetup** + - + +**Description framework properties**: -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| +| Property name | Property value | +|:--|:--| +| Format | chr (string) | +| Access Type | Add, Delete, Get, Replace | + - + +> [!TIP] +> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - -[Scope](./policy-configuration-service-provider.md#policy-scope): +**ADMX mapping**: -> [!div class = "checklist"] -> * Device +| Name | Value | +|:--|:--| +| Name | W32TIME_POLICY_ENABLE_NTPCLIENT | +| Friendly Name | Enable Windows NTP Client | +| Location | Computer Configuration | +| Path | System > Windows Time Service > Time Providers | +| Registry Key Name | Software\Policies\Microsoft\W32time\TimeProviders\NtpClient | +| Registry Value Name | Enabled | +| ADMX File Name | W32Time.admx | + -
+ + - -Skips the calibration experience on HoloLens 2 devices when setting up a new user in the Out of Box Experience (OOBE) or when adding a new user to the device. The user will still be able to calibrate their device from the Settings app. +**Example**: -The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/SkipCalibrationDuringSetup` +The following example XML string shows the value to enable this policy: -- Bool value +```xml + +``` - + - -
+ - -**MixedReality/SkipTrainingDuringSetup** + +## SkipCalibrationDuringSetup - + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | + -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/SkipCalibrationDuringSetup +``` + - + + +This policy configures whether the device will take the user through the eye tracking calibration process during device setup and first time user setup. If this policy is enabled, the device will not show the eye tracking calibration process during device setup and first time user setup. +**Note** that until the user goes through the calibration process, eye tracking will not work on the device. If an app requires eye tracking and the user has not gone through the calibration process, the user will be prompted to do so. + + + - -[Scope](./policy-configuration-service-provider.md#policy-scope): +> [!NOTE] +> The user will still be able to calibrate their device from the Settings app. -> [!div class = "checklist"] -> * Device + -
+ +**Description framework properties**: - -On HoloLens 2 devices, skips the training experience of interactions with the humming bird and start menu training when setting up a new user in the Out of Box Experience (OOBE) or when adding a new user to the device. The user will still be able to learn these movement controls from the Tips app. +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + -The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/SkipTrainingDuringSetup` + +**Allowed values**: -- Bool value +| Value | Description | +|:--|:--| +| 0 (Default) | Eye tracking calibration process will be shown during device setup and first time user setup. | +| 1 | Eye tracking calibration process will not be shown during device setup and first time user setup. | + - + + + - -
+ - -**MixedReality/VolumeButtonDisabled** + +## SkipTrainingDuringSetup - + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | + -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/SkipTrainingDuringSetup +``` + - -
+ + +This policy configures whether the device will take the user through a training process during device setup and first time user setup. If this policy is enabled, the device will not show the training process during device setup and first time user setup. If the user wishes to go through that training process, the user can launch the Tips app. + - -[Scope](./policy-configuration-service-provider.md#policy-scope): + + -> [!div class = "checklist"] -> * Device +It skips the training experience of interactions with the hummingbird and Start menu training. The user will still be able to learn these movement controls from the Tips app. -
+ - - -This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it's used with other buttons as combination for other purposes. + +**Description framework properties**: - +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + - - + +**Allowed values**: - -Supporting value is Boolean. +| Value | Description | +|:--|:--| +| 0 (Default) | Training process will be shown during device setup and first time user setup. | +| 1 | Training process will not be shown during device setup and first time user setup. | + -The following list shows the supported values: + + + -- 0 - False (Default) -- 1 - True + - - -
+ +## VisitorAutoLogon - -**MixedReality/VisitorAutoLogon** + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | + - + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/VisitorAutoLogon +``` + -|Windows Edition|Supported| -|--- |--- | -|HoloLens (first gen) Development Edition|No| -|HoloLens (first gen) Commercial Suite|No| -|HoloLens 2|Yes| - - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - + + This policy controls whether a visitor user will be automatically logged in. Visitor users can only be created and logged in, if an Assigned Access profile has been created targeting visitor users. A visitor user will only be automatically logged in, if no other user has logged in on the device before. + - + + + - - + +**Description framework properties**: - -Supported value is Boolean. +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + -The following list shows the supported values: + +**Allowed values**: -- 0 Disabled (Default) -- 1 Enabled +| Value | Description | +|:--|:--| +| 0 (Default) | Visitor user will not be signed in automatically. | +| 1 | Visitor user will be signed in automatically. | + - - -
+ + + - + -## Related topics + +## VolumeButtonDisabled + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041] and later | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/VolumeButtonDisabled +``` + + + + +This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it's used with other buttons as combination for other purposes. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | int | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Volume can be changed with press of the volume button. | +| 1 | Volume cannot be changed with press of the volume button. | + + + + + + + + + + + + + + +## Related articles [Policy configuration service provider](policy-configuration-service-provider.md)