deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into dh-new-alerts

Browse Source
This commit is contained in:
Dani Halfin 2020-06-15 10:17:11 -07:00
commit 958631d4b4
807 changed files with 18277 additions and 8834 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.acrolinx-config.edn
View File

@ -1,5 +1,8 @@
{:allowed-branchname-matches ["master"]
:allowed-filename-matches ["windows/"]
:guidance-profile "d2b6c2c8-00ee-47f1-8d10-b280cc3434c1" ;; Profile ID for "M365-specific"
:acrolinx-check-settings
{
"languageId" "en"
@ -33,6 +36,6 @@ Click the scorecard links for each article to review the Acrolinx feedback on gr
"
**More info about Acrolinx**
You are helping M365 test Acrolinx while we merge to the Microsoft instance. We have set the minimum score to 20 to test that the minimum score script works. This is effectively *not* setting a minimum score. If you need to bypass this score, please contact krowley or go directly to the marveldocs-admins. Thanks for your patience while we continue with roll out!
We have set the minimum score to 20. This is effectively *not* setting a minimum score. If you need to bypass this score, please contact MARVEL PubOps.
"
}

BIN
.openpublishing.redirection.json
View File

Binary file not shown.

1
browsers/internet-explorer/TOC.md
View File

@ -188,5 +188,4 @@
### [Internet Explorer Setup command-line options and return codes](ie11-ieak/ie-setup-command-line-options-and-return-codes.md)
## KB Troubleshoot
### [Clear the Internet Explorer cache from a command line](kb-support/clear-ie-cache-from-command-line.md)
### [Internet Explorer and Microsoft Edge FAQ for IT Pros](kb-support/ie-edge-faqs.md)

123
browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md
View File

@ -1,123 +0,0 @@
---
title: Clear the Internet Explorer cache from a command line
description: Introduces command-line commands and a sample batch file for clearing the IE cache.
audience: ITPro
manager: msmets
author: ramakoni1
ms.author: ramakoni
ms.reviewer: ramakoni, DEV_Triage
ms.prod: internet-explorer
ms.technology:
ms.topic: kb-support
ms.custom: CI=111026
ms.localizationpriority: Normal
# localization_priority: medium
# ms.translationtype: MT
ms.date: 01/23/2020
---
# How to clear Internet Explorer cache by using the command line
This article outlines the procedure to clear the Internet Explorer cache by using the command line.
## Command line commands to clear browser cache
1. Delete history from the Low folder
`del /s /q C:\Users\\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah`
2. Delete history
`RunDll32.exe InetCpl.cpl, ClearMyTracksByProcess 1`
3. Delete cookies
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2`
4. Delete temporary internet files
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8`
5. Delete form data
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16`
6. Delete stored passwords
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32`
7. Delete all
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255`
8. Delete files and settings stored by add-ons
`InetCpl.cpl,ClearMyTracksByProcess 4351`
If you upgraded from a previous version of Internet Explorer, you have to use the following commands to delete the files from older versions:
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9`
Command to reset Internet Explorer settings:
`Rundll32.exe inetcpl.cpl ResetIEtoDefaults`
## Sample batch file to clear Internet Explorer cache files
A sample batch file is available that you can use to clear Internet Explorer cache files and other items. You can download the file from [https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip](https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip).
The batch file offers the following options:
- Delete Non-trusted web History (low-level hidden cleanup)
- Delete History
- Delete Cookies
- Delete Temporary Internet Files
- Delete Form Data
- Delete Stored Passwords
- Delete All
- Delete All "Also delete files and settings stored by add-ons"
- Delete IE10 and IE9 Temporary Internet Files
- Resets IE Settings
- EXIT
**Contents of the batch file**
```dos
@echo off
# This sample script is not supported under any Microsoft standard support program or service.
# The sample script is provided AS IS without warranty of any kind. Microsoft further disclaims
# all implied warranties including, without limitation, any implied warranties of merchantability
# or of fitness for a particular purpose. The entire risk arising out of the use or performance of
# the sample scripts and documentation remains with you. In no event shall Microsoft, its authors,
# or anyone else involved in the creation, production, or delivery of the scripts be liable for any
# damages whatsoever (including, without limitation, damages for loss of business profits, business
# interruption, loss of business information, or other pecuniary loss) arising out of the use of or
# inability to use the sample scripts or documentation, even if Microsoft has been advised of the
# possibility of such damages
:home
cls
COLOR 00
echo Delete IE History
echo Please select the task you wish to run.
echo Pick one:
echo.
echo 1. Delete History
echo 2. Delete Cookies
echo 3. Delete Temporary Internet Files
echo 4. Delete Form Data
echo 5. Delete Stored Passwords
echo 6. Delete All
echo 7. Delete All "Also delete files and settings stored by add-ons"
echo 8. Delete IE10 and 9 Temporary Internet Files
echo 9. Reset IE Settings
echo 00. EXIT
:choice
Echo Hit a number [1-10] and press enter.
set /P CH=[1-10]
if "%CH%"=="1" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1
if "%CH%"=="2" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
if "%CH%"=="3" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
if "%CH%"=="4" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16
if "%CH%"=="5" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32
if "%CH%"=="6" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255
if "%CH%"=="7" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351
if "%CH%"=="8" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9
if "%CH%"=="9" set x=rundll32.exe inetcpl.cpl ResetIEtoDefaults
if "%CH%"=="00" goto quit
%x%
goto Home
:quit
```

2
browsers/internet-explorer/kb-support/ie-edge-faqs.md
View File

@ -1,6 +1,6 @@
---
title: IE and Microsoft Edge FAQ for IT Pros
description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals.
description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals.
audience: ITPro
manager: msmets
author: ramakoni1

15
devices/hololens/TOC.md
View File

@ -16,8 +16,9 @@
## [HoloLens (1st gen) fit and comfort FAQ](hololens1-fit-comfort-faq.md)
## [Install localized version of HoloLens (1st gen)](hololens1-install-localized.md)
## [Getting around HoloLens (1st gen)](hololens1-basic-usage.md)
## [HoloLens (1st Gen) release notes](hololens1-release-notes.md)
# Deploy HoloLens and mixed-reality apps in commercial environments
# Deploy HoloLens and mixed reality apps in commercial environments
## [Commercial features](hololens-commercial-features.md)
## [Deploy HoloLens in a commercial environment](hololens-requirements.md)
## [Determine what licenses you need](hololens-licenses-requirements.md)
@ -28,19 +29,18 @@
## [Manage HoloLens updates](hololens-updates.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
# Navigating Windows Holographic
## [Start menu and mixed reality home](holographic-home.md)
## [Use your voice with HoloLens](hololens-cortana.md)
# Navigate the Windows Holographic environment
## [Use the Start menu and mixed reality home](holographic-home.md)
## [Use your voice to operate HoloLens](hololens-cortana.md)
## [Find, open, and save files](holographic-data.md)
## [Create mixed reality photos and videos](holographic-photos-and-videos.md)
# User management and access management
# Manage users and access
## [Manage user identity and sign-in for HoloLens](hololens-identity.md)
## [Share your HoloLens with multiple people](hololens-multiple-users.md)
## [Set up HoloLens as a kiosk](hololens-kiosk.md)
# Holographic applications
## [Use 3D Viewer on HoloLens](holographic-3d-viewer-beta.md)
## [Find, install, and uninstall applications](holographic-store-apps.md)
## [Manage custom apps for HoloLens](holographic-custom-apps.md)
@ -67,9 +67,10 @@
## [Get support](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f)
# Resources
## [Use 3D Viewer on HoloLens (1st gen)](holographic-3d-viewer-beta.md)
## [Windows Autopilot for HoloLens 2 evaluation guide](hololens2-autopilot.md)
# [HoloLens release notes](hololens-release-notes.md)
# [HoloLens 2 release notes](hololens-release-notes.md)
# [Give us feedback](hololens-feedback.md)
# [Insider preview for Microsoft HoloLens](hololens-insider.md)
# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

8
devices/hololens/change-history-hololens.md
View File

@ -17,6 +17,14 @@ ms.localizationpriority: medium
This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
## Windows 10 Holographic, version 2004
The topics in this library have been updated for Windows 10 Holographic, version 2004.
## HoloLens 2
The topics in this library have been updated for HoloLens 2 and Windows 10 Holographic, version 1903.
## April 2019
New or changed topic | Description

70
devices/hololens/holographic-3d-viewer-beta.md
View File

@ -1,6 +1,6 @@
---
title: Using 3D Viewer Beta on HoloLens
description: Describes the types of files and features that 3D Viewer Beta on HoloLens (1st gen) supports, and how to use and troubleshoot the app.
title: Using 3D Viewer on HoloLens (1st gen)
description: Describes the types of files and features that 3D Viewer on HoloLens (1st gen) supports, and how to use and troubleshoot the app.
ms.prod: hololens
ms.sitesec: library
author: Teresa-Motiv
@ -15,16 +15,16 @@ appliesto:
- HoloLens (1st gen)
---
# Using 3D Viewer Beta on HoloLens
# Using 3D Viewer on HoloLens (1st gen)
3D Viewer Beta lets you view 3D models on HoloLens (1st gen). You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
3D Viewer lets you view 3D models on HoloLens (1st gen). You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
>[!NOTE]
>This article applies to the immersive Unity **3D Viewer Beta** app, which supports .fbx files and is only available on HoloLens (1st gen). The pre-installed **3D Viewer** app on HoloLens 2 supports opening custom .glb 3D models in the mixed reality home (see [Asset requirements overview](https://docs.microsoft.com/windows/mixed-reality/creating-3d-models-for-use-in-the-windows-mixed-reality-home#asset-requirements-overview) for more details.
>This article applies to the immersive Unity **3D Viewer** app, which supports .fbx files and is only available on HoloLens (1st gen). The pre-installed **3D Viewer** app on HoloLens 2 supports opening custom .glb 3D models in the mixed reality home (see [Asset requirements overview](https://docs.microsoft.com/windows/mixed-reality/creating-3d-models-for-use-in-the-windows-mixed-reality-home#asset-requirements-overview) for more details.
If you're having trouble opening a 3D model in 3D Viewer Beta, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
If you're having trouble opening a 3D model in 3D Viewer, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
To build or optimize 3D models for use with 3D Viewer Beta, see [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
To build or optimize 3D models for use with 3D Viewer, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer).
There are two ways to open a 3D model on HoloLens. See [Viewing FBX files on HoloLens](#viewing-fbx-files-on-hololens) to learn more.
@ -86,14 +86,14 @@ If you're having trouble after reading these topics, see [Troubleshooting](#trou
### File and model limitations
There are hard limits on the size of files, as well as the number of models, vertices, and meshes that can be open simultaneously in 3D Viewer Beta:
There are hard limits on the size of files, as well as the number of models, vertices, and meshes that can be open simultaneously in 3D Viewer:
- 500 MB maximum file size per model
- Vertices: 600,000 combined on all open models
- Meshes: 1,600 combined on all open models
- Maximum of 40 models open at one time
## Optimizing 3D models for 3D Viewer Beta
## Optimizing 3D models for 3D Viewer
### Special considerations
@ -103,9 +103,9 @@ There are hard limits on the size of files, as well as the number of models, ver
### Performance optimization
Keep performance in mind while authoring content and validate in the 3D Viewer Beta app on HoloLens during the authoring process for best results. 3D Viewer Beta renders content real-time and performance is subject to HoloLens hardware capabilities.
Keep performance in mind while authoring content and validate in the 3D Viewer app on HoloLens during the authoring process for best results. 3D Viewer renders content real-time and performance is subject to HoloLens hardware capabilities.
There are many variables in a 3D model that can impact performance. 3D Viewer Beta will show a warning on load if there are more than 150,000 vertices or more than 400 meshes. Animations can have an impact on the performance of other open models. There are also hard limits on the total number models, vertices, and meshes that can be open simultaneously in 3D Viewer Beta (see [File and model limitations](#file-and-model-limitations)).
There are many variables in a 3D model that can impact performance. 3D Viewer will show a warning on load if there are more than 150,000 vertices or more than 400 meshes. Animations can have an impact on the performance of other open models. There are also hard limits on the total number models, vertices, and meshes that can be open simultaneously in 3D Viewer (see [File and model limitations](#file-and-model-limitations)).
If the 3D model isn't running well due to model complexity, consider:
@ -113,17 +113,17 @@ If the 3D model isn't running well due to model complexity, consider:
- Reducing number of bones in rigged animation
- Avoiding self-occlusion
Double-sided rendering is supported in 3D Viewer Beta, although it is turned off by default for performance reasons. This can be turned on via the **Double Sided** button on the **Details** page. For best performance, avoid the need for double-sided rendering in your content.
Double-sided rendering is supported in 3D Viewer, although it is turned off by default for performance reasons. This can be turned on via the **Double Sided** button on the **Details** page. For best performance, avoid the need for double-sided rendering in your content.
### Validating your 3D model
Validate your model by opening it in 3D Viewer Beta on HoloLens. Select the **Details** button to view your model's characteristics and warnings of unsupported content (if present).
Validate your model by opening it in 3D Viewer on HoloLens. Select the **Details** button to view your model's characteristics and warnings of unsupported content (if present).
### Rendering 3D models with true-to-life dimensions
By default, 3D Viewer Beta displays 3D models at a comfortable size and position relative to the user. However, if rendering a 3D model with true-to-life measurements is important (for example, when evaluating furniture models in a room), the content creator can set a flag within the file's metadata to prevent resizing of that model by both the application and the user.
By default, 3D Viewer displays 3D models at a comfortable size and position relative to the user. However, if rendering a 3D model with true-to-life measurements is important (for example, when evaluating furniture models in a room), the content creator can set a flag within the file's metadata to prevent resizing of that model by both the application and the user.
To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer Beta will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer Beta is 1 meter per FBX unit.
To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer is 1 meter per FBX unit.
## Viewing FBX files on HoloLens
@ -133,71 +133,71 @@ FBX files can be opened directly from a website using Microsoft Edge on HoloLens
1. In Microsoft Edge, navigate to the webpage containing the FBX file you want to view.
1. Select the file to download it.
1. When the download is complete, select the **Open** button in Microsoft Edge to open the file in 3D Viewer Beta.
1. When the download is complete, select the **Open** button in Microsoft Edge to open the file in 3D Viewer.
The downloaded file can be accessed and opened again later by using Downloads in Microsoft Edge. To save a 3D model and ensure continued access, download the file on your PC and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens.
> [!NOTE]
> Some websites with downloadable FBX models provide them in compressed ZIP format. 3D Viewer Beta cannot open ZIP files directly. Instead, use your PC to extract the FBX file and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens.
> Some websites with downloadable FBX models provide them in compressed ZIP format. 3D Viewer cannot open ZIP files directly. Instead, use your PC to extract the FBX file and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens.
### Open an FBX file from OneDrive
FBX files can be opened from OneDrive by using the OneDrive app on HoloLens. Be sure you've installed OneDrive using Microsoft Store app on HoloLens and that you've already uploaded the FBX file to OneDrive on your PC.
Once in OneDrive, FBX files can be opened on HoloLens using 3D Viewer Beta in one of two ways:
Once in OneDrive, FBX files can be opened on HoloLens using 3D Viewer in one of two ways:
- Launch OneDrive on HoloLens and select the FBX file to open it in 3D Viewer Beta.
- Launch 3D Viewer Beta, air tap to show the toolbar, and select **Open File**. OneDrive will launch, allowing you to select an FBX file.
- Launch OneDrive on HoloLens and select the FBX file to open it in 3D Viewer.
- Launch 3D Viewer, air tap to show the toolbar, and select **Open File**. OneDrive will launch, allowing you to select an FBX file.
## Troubleshooting
### I see a warning when I open a 3D model
You will see a warning if you attempt to open a 3D model that contains features that are not supported by 3D Viewer Beta, or if the model is too complex and performance may be affected. 3D Viewer Beta will still load the 3D model, but performance or visual fidelity may be compromised.
You will see a warning if you attempt to open a 3D model that contains features that are not supported by 3D Viewer, or if the model is too complex and performance may be affected. 3D Viewer will still load the 3D model, but performance or visual fidelity may be compromised.
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer).
### I see a warning and the 3D model doesn't load
You will see an error message when 3D Viewer Beta cannot load a 3D model due to complexity or file size, or if the FBX file is corrupt or invalid. You will also see an error message if you have reached the limit on the total number of models, vertices, or meshes that can be open simultaneously.
You will see an error message when 3D Viewer cannot load a 3D model due to complexity or file size, or if the FBX file is corrupt or invalid. You will also see an error message if you have reached the limit on the total number of models, vertices, or meshes that can be open simultaneously.
For more info, see [Supported content specifications](#supported-content-specifications) and [File and model limitations](#file-and-model-limitations).
If you feel your model meets the supported content specifications and has not exceeded the file or model limitations, you may send your FBX file to the 3D Viewer Beta team at holoapps@microsoft.com. We are not able to respond personally, but having examples of files that do not load properly will help our team improve on future versions of the app.
If you feel your model meets the supported content specifications and has not exceeded the file or model limitations, you may send your FBX file to the 3D Viewer team at holoapps@microsoft.com. We are not able to respond personally, but having examples of files that do not load properly will help our team improve on future versions of the app.
### My 3D model loads, but does not appear as expected
If your 3D model does not look as expected in 3D Viewer Beta, air tap to show the toolbar, then select **Details**. Aspects of the file which are not supported by 3D Viewer Beta will be highlighted as warnings.
If your 3D model does not look as expected in 3D Viewer, air tap to show the toolbar, then select **Details**. Aspects of the file which are not supported by 3D Viewer will be highlighted as warnings.
The most common issue you might see is missing textures, likely because they are not embedded in the FBX file. In this case, the model will appear white. This issue can be addressed in the creation process by exporting from your creation tool to FBX with the embed textures option selected.
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer).
### I experience performance drops while viewing my 3D model
Performance when loading and viewing a 3D model can be affected by the complexity of the model, number of models open simultaneously, or number of models with active animations.
For more info, see [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta) and [File and model limitations](#file-and-model-limitations).
For more info, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer) and [File and model limitations](#file-and-model-limitations).
### When I open an FBX file on HoloLens, it doesn't open in 3D Viewer Beta
### When I open an FBX file on HoloLens, it doesn't open in 3D Viewer
3D Viewer Beta is automatically associated with the .fbx file extension when it is installed.
3D Viewer is automatically associated with the .fbx file extension when it is installed.
If you try to open an FBX file and see a dialog box that directs you to Microsoft Store, you do not currently have an app associated with the .fbx file extension on HoloLens.
Verify that 3D Viewer Beta is installed. If it is not installed, download it from Microsoft Store on HoloLens.
Verify that 3D Viewer is installed. If it is not installed, download it from Microsoft Store on HoloLens.
If 3D Viewer Beta is already installed, launch 3D Viewer Beta, then try opening the file again. If the issue persists, uninstall and reinstall 3D Viewer Beta. This will re-associate the .fbx file extension with 3D Viewer Beta.
If 3D Viewer is already installed, launch 3D Viewer, then try opening the file again. If the issue persists, uninstall and reinstall 3D Viewer. This will re-associate the .fbx file extension with 3D Viewer.
If attempting to open an FBX file opens an app other than 3D Viewer Beta, that app was likely installed after 3D Viewer Beta and has taken over association with the .fbx file extension. If you prefer 3D Viewer Beta to be associated with the .fbx file extension, uninstall and reinstall 3D Viewer Beta.
If attempting to open an FBX file opens an app other than 3D Viewer, that app was likely installed after 3D Viewer and has taken over association with the .fbx file extension. If you prefer 3D Viewer to be associated with the .fbx file extension, uninstall and reinstall 3D Viewer.
### The Open File button in 3D Viewer Beta doesn't launch an app
### The Open File button in 3D Viewer doesn't launch an app
The **Open File** button will open the app associated with the file picker function on HoloLens. If OneDrive is installed, the **Open File** button should launch OneDrive. However, if there is currently no app associated with the file picker function installed on HoloLens, you will be directed to Microsoft Store.
If the **Open File** button launches an app other than OneDrive, that app was likely installed after OneDrive and has taken over association with the file picker function. If you prefer OneDrive to launch when selecting the **Open File** button in 3D Viewer Beta, uninstall and reinstall OneDrive.
If the **Open File** button launches an app other than OneDrive, that app was likely installed after OneDrive and has taken over association with the file picker function. If you prefer OneDrive to launch when selecting the **Open File** button in 3D Viewer, uninstall and reinstall OneDrive.
If the **Open File** button is not active, it's possible that you have reached the limit of models that can be open in 3D Viewer Beta at one time. If you have 40 models open in 3D Viewer Beta, you will need to close some before you will be able to open additional models.
If the **Open File** button is not active, it's possible that you have reached the limit of models that can be open in 3D Viewer at one time. If you have 40 models open in 3D Viewer, you will need to close some before you will be able to open additional models.
## Additional resources

4
devices/hololens/holographic-home.md
View File

@ -1,5 +1,5 @@
---
title: Start menu and mixed reality home
title: Use the Start menu and mixed reality home
description: Navigate the mixed reality home in Windows Holographic.
ms.assetid: 742bc126-7996-4f3a-abb2-cf345dff730c
ms.date: 08/07/2019
@ -15,7 +15,7 @@ appliesto:
- HoloLens 2
---
# Start menu and mixed reality home
# Use the Start menu and mixed reality home
Just like the Windows PC experience starts with the desktop, Windows Holographic starts with mixed reality home. Using the Start menu you can open and place app windows, immersive app launchers, and 3D content in mixed reality home, and their placement in your physical space will be remembered.

8
devices/hololens/holographic-photos-and-videos.md
View File

@ -44,7 +44,9 @@ To take a quick photo of your current view, press the volume up and volume down
### Voice commands to take photos
Cortana can also take a picture. Say: "Hey Cortana, take a picture."
On HoloLens 2, version 2004 (and later), say: "Take a picture."
On HoloLens (1st gen) or HoloLens 2, version 1903, say: "Hey Cortana, take a picture."
### Start menu to take photos
@ -67,7 +69,9 @@ The quickest way to record a video is to press and hold the **volume up** and **
### Voice to record videos
Cortana can also record a video. Say: "Hey Cortana, start recording." To stop a video, say "Hey Cortana, stop recording."
On HoloLens 2, version 2004 (and later), say: "Start recording." To stop recording, say "Stop recording."
On HoloLens (1st gen) or HoloLens 2, version 1903, say: "Hey Cortana, start recording." To stop recording, say "Hey Cortana, stop recording."
### Start menu to record videos

18
devices/hololens/holographic-store-apps.md
View File

@ -33,12 +33,18 @@ Open the Microsoft Store from the **Start** menu. Then browse for apps and games
## Install apps
To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](https://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
To download apps, you'll need to be signed in with a Microsoft account. Some apps are free and can be downloaded right away. Apps that require a purchase require you to be signed in to the Store with your Microsoft account and have a valid payment method.
> [!NOTE]
> The account you use on Microsoft Store does not have to be the same as the account you are signed in with. If you are using a Work or School account on your HoloLens then you'll need to sign in with your personal account in the Store App to make a purchase.
1. To open the [**Start** menu](holographic-home.md), perform a [bloom](hololens1-basic-usage.md) gesture or tap your wrist.
2. Select the Store app and then tap to place this tile into your world.
3. Once the Store app opens, use the search bar to look for any desired application.
4. Select **Get** or **Install** on the application's page (a purchase may be required).
To set up a payment method, go to [account.microsoft.com](https://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
1. To open the [**Start** menu](holographic-home.md), perform a [Start gesture](https://docs.microsoft.com/hololens/hololens2-basic-usage#start-gesture) or [bloom](hololens1-basic-usage.md) gesture on HoloLens 1.
1. Select the Store app. Once the Store app opens:
1. Use the search bar to look for any desired applications.
1. Select essential apps or apps made specifically for HoloLens from one of the curated categories.
1. On the top right of the Store app, select the **...** button and then select **My Library** to view any previously purchased apps.
1. Select **Get** or **Install** on the application's page (a purchase may be required).
## Uninstall apps
@ -46,7 +52,7 @@ There are two ways to uninstall applications. You can uninstall applications th
### Uninstall from the Start menu
On the **Start** menu or in the **All apps** list, gaze at the app. Tap and hold until the menu appears, then select **Uninstall**.
On the **Start** menu or in the **All apps** list, browse to the app. Air tap and hold until the menu appears, then select **Uninstall**.
### Uninstall from the Microsoft Store

8
devices/hololens/hololens-calibration.md
View File

@ -38,7 +38,7 @@ HoloLens 2 prompts a user to calibrate the device under the following circumstan
![Calibration prompt](./images/07-et-adjust-for-your-eyes.png)
During this process, you'll look at a set of targets (gems). It's fine if you blink or close your eyes during calibration but try not to stare at other objects in the room. This allows HoloLens to learn about your eye position to render your holographic world.
During this process, you'll look at a set of targets (gems). It's fine if you blink during calibration, but try to stay focused on the gems instead of other objects in the room. This allows HoloLens to learn about your eye position to render your holographic world.
![Calibration prompt](./images/07-et-hold-head-still.png)
@ -52,7 +52,7 @@ If calibration was successful, you'll see a success screen. If not, read more a
### Calibration when sharing a device or session
Multiple users can share a HoloLens 2 device, without a need for each person to go through device setup. When a new user puts the device on their head for th first time, HoloLens 2 automatically prompts the user to calibrate visuals. When a user that has previously calibrated visuals puts the device on their head, the display seamlessly adjusts for quality and a comfortable viewing experience.
Multiple users can share a HoloLens 2 device, without a need for each person to go through device setup. When a new user puts the device on their head for the first time, HoloLens 2 automatically prompts the user to calibrate visuals. When a user that has previously calibrated visuals puts the device on their head, the display seamlessly adjusts for quality and a comfortable viewing experience.
### Manually starting the calibration process
@ -84,7 +84,7 @@ If calibration is unsuccessful try:
- Moving objects in your visor out of the way (such as hair)
- Turning on a light in your room or moving out of direct sunlight
If you followed all guidelines and calibration is still failing, please let us know by filing feedback in [Feedback Hub](hololens-feedback.md).
If you followed all guidelines and calibration is still failing, you can disable the calibration prompt in Settings. Please also let us know by filing feedback in [Feedback Hub](hololens-feedback.md).
Note that setting IPD is not applicable for Hololens 2, since eye positions are computed by the system.
@ -92,6 +92,8 @@ Note that setting IPD is not applicable for Hololens 2, since eye positions are
Calibration information is stored locally on the device and is not associated with any account information. There is no record of who has used the device without calibration. This mean new users will get prompted to calibrate visuals when they use the device for the first time, as well as users who opted out of calibration previously or if calibration was unsuccessful.
The device can locally store up to 50 calibration profiles. After this number is reached, the device automatically deletes the oldest unused profile.
Calibration information can always be deleted from the device in **Settings** > **Privacy** > **Eye tracker**.
### Disable calibration

15
devices/hololens/hololens-connect-devices.md
View File

@ -45,10 +45,15 @@ HoloLens (1st gen) supports the following classes of Bluetooth devices:
### HoloLens (1st gen): Pair the clicker
1. Use the bloom gesture to go to **Start**, and then select **Settings**.
1. Select **Devices**, and make sure that Bluetooth is on.
1. Use the tip of a pen to press and hold the clicker pairing button until the clicker status light blinks white. Make sure to hold down the button until the light starts blinking.
The pairing button is on the underside of the clicker, next to the finger loop.
![The pairing button is beside the finger loop](images/use-hololens-clicker-1.png)
1. On the pairing screen, select **Clicker** > **Pair**.
## HoloLens 2: Connect USB-C devices
@ -63,6 +68,9 @@ HoloLens 2 supports the following classes of USB-C devices:
- Wired keyboard
- Combination PD hubs (USB A plus PD charging)
> [!NOTE]
> Some mobile devices with USB-C connections present themselves to the HoloLens as ethernet adaptors, and therefore could be used in a tethering configuration, starting with Windows Holographic, version 2004. USB LTE modems that require a separate driver, and/or application installed for configuration are not supported
## Connect to Miracast
To use Miracast, follow these steps:
@ -74,3 +82,10 @@ To use Miracast, follow these steps:
1. On the list of devices that appears, select an available device.
1. Complete the pairing to begin projecting.
## Disable Bluetooth
This procedure turns off the RF components of the Bluetooth radio and disables all Bluetooth functionality on Microsoft HoloLens.
1. Use the bloom gesture (HoloLens (1st gen)) or the start gesture (HoloLens 2) to go to **Start**, and then select **Settings** > **Devices**.
1. Move the slider switch for **Bluetooth** to the **Off** position.

8
devices/hololens/hololens-cortana.md
View File

@ -1,5 +1,5 @@
---
title: Use your voice with HoloLens
title: Use your voice to operate HoloLens
description: Cortana can help you do all kinds of things on your HoloLens
ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed
ms.date: 03/10/2020
@ -17,7 +17,7 @@ appliesto:
- HoloLens 2
---
# Use your voice with HoloLens
# Use your voice to operate HoloLens
You can use your voice to do almost anything on HoloLens, such as taking a quick photo or opening an app. Many voice commands are built into HoloLens, while others are available through Cortana.
@ -34,14 +34,14 @@ Get around HoloLens faster with these basic commands. In order to use these, you
### General speech commands
Use these commands throughout Windows Mixed Reality to get around faster. Some commands use the gaze cursor, which you bring up by saying “select.”
Use these commands throughout Windows Mixed Reality to get around faster. Some commands use the gaze cursor, which you bring up by saying "select."
> [!NOTE]
> Hand rays are not supported on HoloLens (1st Gen).
| Say this | To do this |
| - | - |
| "Select" | Say "select" to bring up the gaze cursor. Then, turn your head to position the cursor on the thing you want to select, and say “select” again. |
| "Select" | Say "select" to bring up the gaze cursor. Then, turn your head to position the cursor on the thing you want to select, and say "select" again. |
|Open the Start menu | "Go to Start" |
|Close the Start menu | "Close" |
|Leave an immersive app | Say "Go to Start" to bring up the quick actions menu, then say "Mixed reality home." |

165
devices/hololens/hololens-diagnostic-logs.md
View File

@ -27,19 +27,20 @@ HoloLens users and administrators can choose from among four different methods t
- Feedback Hub app
- DiagnosticLog CSP
- Settings app
- Fallback diagnostics
> [!IMPORTANT]
> Device diagnostic logs contain personally identifiable information (PII), such as about what processes or applications the user starts during typical operations. When multiple users share a HoloLens device (for example, users sign in to the same device by using different Microsoft Azure Active Directory (AAD) accounts) the diagnostic logs may contain PII information that applies to multiple users. For more information, see [Microsoft Privacy statement](https://privacy.microsoft.com/privacystatement).
The following table compares the four collection methods. The method names link to more detailed information in the sections that follow the table.
The following table compares the three collection methods. The method names link to more detailed information in the sections that follow the table.
|Method |Prerequisites |Data locations |Data access and use |Data retention |
| --- | --- | --- | --- | --- |
|[Feedback Hub](#feedback-hub) |Network and internet connection<br /><br />Feedback Hub app<br /><br />Permission to upload files to the Microsoft cloud |Microsoft cloud<br /><br />HoloLens device (optional) |User requests assistance, agrees to the terms of use, and uploads the data<br /><br />Microsoft employees view the data, as consistent with the terms of use |Data in the cloud is retained for the period that is defined by Next Generation Privacy (NGP). Then the data is deleted automatically.<br /><br />Data on the device can be deleted at any time by a user who has **Device owner** or **Admin** permissions. |
|[Settings Troubleshooter](#settings-troubleshooter) |Settings app |HoloLens device<br /><br />Connected computer (optional) |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it. |
|[Settings Troubleshooter](#settings-troubleshooter) |Settings app |HoloLens device<br /><br />Connected computer (optional) |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it.* |
|[DiagnosticLog CSP](#diagnosticlog-csp) |Network connection<br /><br />MDM environment that supports the DiagnosticLog CSP |Administrator configures storage locations |In the managed environment, the user implicitly consents to administrator access to the data.<br /><br />Administrator configures access roles and permissions. | Administrator configures retention policy. |
|[Fallback diagnostics](#fallback-diagnostics) |Device configuration:<ul><li>Powered on and connected to computer</li><li>Power and Volume buttons functioning</li></ul> |HoloLens device<br /><br />Connected computer |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it. |
- End-user is responsible for sharing the logs responsibly with someone else. These files are primarily useful when contacting customer service and support.
## Feedback Hub
@ -110,160 +111,4 @@ The IT administrator uses the DiagnosticLog CSP to configure the data storage, r
- The retention period for the diagnostic information.
- Permissions that control access to the diagnostic information.
## Fallback diagnostics
While device telemetry usually provides an initial understanding of a problem report, some issues require a broader and deeper understanding of the device state. When you (as a user or an administrator) investigate such issues, diagnostic logs that reside on the device are more useful than the basic device telemetry.
The fallback diagnostics process provides a way for you to gather diagnostic information if no other methods are available. Such scenarios include the following:
- The network or network-based resources (such as the Feedback Hub, MDM, and so on) are not available.
- The device is "stuck" or locked in a state in which usual troubleshooting capabilities (such as the Settings app) are not available. Such scenarios include the Out-of-Box-Experience (OOBE), kiosk mode, and a locked or "hung" user interface.
> [!IMPORTANT]
> - On HoloLens 2 devices, you can use fallback diagnostics under the following conditions only:
> - During the Out-of-the-Box-Experience (OOBE) and when you select **Send Full Diagnostics Data**.
> - If the environment's Group Policy enforces the **System\AllowTelemetry** policy value of **Full**.
> - On HoloLens (1st gen) devices, you can use fallback diagnostics on HoloLens version 17763.316 or a later version. This version is the version that the Windows Device Recovery Tool restores when it resets the device.
### How to use fallback diagnostics
Before you start the fallback diagnostics process, make sure of the following:
- The device is connected to a computer by using a USB cable.
- The device is powered on.
- The Power and Volume buttons on the device are functioning correctly.
To collect fallback diagnostic information, follow these steps:
1. On the device, press the Power and Volume Down buttons at the same time and then release them.
1. Wait for few seconds while the device collects the data.
### Data locations
The device stores the data locally. You can access that information from the connected desktop computer at the following location:
> This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents
For more information about the files that the fallback diagnostics process collects, see [What diagnostics files does the fallback diagnostics process collect?](#what-diagnostics-files-does-the-fallback-diagnostics-process-collect).
### Data access, use, and retention
Because you store the data yourself, only you have access to the data. If you choose to share the data with another user, you implicitly grant permission for that user to access or store the data.
The data remains until you delete it.
### Frequently asked questions about fallback diagnostics on HoloLens
#### Does the device have to be enrolled with an MDM system?
No.
#### How can I use fallback diagnostics on HoloLens?
Before you start the fallback diagnostics process, make sure of the following:
- The device is connected to a computer by using a USB cable.
- The device is powered on.
- The Power and Volume buttons on the device are functioning correctly.
To collect fallback diagnostic information, follow these steps:
1. On the device, press the Power and Volume Down buttons at the same time and then release them.
1. Wait for few seconds while the device collects the data.
#### How would I know that data collection finished?
The fallback diagnostics process does not have a user interface. On HoloLens 2, when the process starts to collect data, it creates a file that is named HololensDiagnostics.temp. When the process finishes, it removes the file.
#### What diagnostics files does the fallback diagnostics process collect?
The fallback diagnostics process collects one or more .zip files, depending on the version of HoloLens. The following table lists each of the possible .zip files, and the applicable versions of HoloLens.
|File |Contents |HoloLens (1st gen) |HoloLens 2 10.0.18362+ |HoloLens 2 10.0.19041+ |
| --- | --- | --- | --- | --- |
|HololensDiagnostics.zip |Files&nbsp;for&nbsp;tracing sessions that ran on the device.<br /><br />Diagnostic information that's specific to Hololens. |✔️ |✔️ |✔️ |
|DeviceEnrollmentDiagnostics.zip |Information that's related to MDM, device enrollment, CSPs, and policies. | |✔️ |✔️ |
|AutoPilotDiagnostics.zip |Information that's related to autopilot and licensing.| | |✔️ |
|TPMDiagnostics.zip |Information that's related to the trusted platform module (TPM) on the device | | |✔️ |
> [!NOTE]
> Starting on May 2, 2019, the fallback diagnostics process collects EventLog*.etl files only if the signed-in user is the device owner. This is because these files may contain PII data. Such data is accessible to device owners only. This behavior matches the behavior of Windows desktop computers, where administrators have access to event log files but other users do not.
**Sample diagnostic content for HoloLens (1st gen)**
HololensDiagnostics.zip contains files such as the following:
- AuthLogon.etl
- EventLog-HupRe.etl.001
- FirstExperience.etl.001
- HetLog.etl
- HoloInput.etl.001
- HoloShell.etl.001
- WiFi.etl.001
**Sample diagnostic content for HoloLens 2 10.0.18362+**
HololensDiagnostics.zip contains files such as the following:
- EventLog-Application.etl.001*
- EventLog-System.etl.001*
- AuthLogon.etl
- EventLog-HupRe.etl.001
- FirstExperience.etl.001
- HetLog.etl
- HoloInput.etl.001
- HoloShell.etl.001
- WiFi.etl.001
- CSPsAndPolicies.etl.001
- RadioMgr.etl
- WiFiDriverIHVSession.etl
DeviceEnrollmentDiagnostics.zip contains files such as the following:
- MDMDiagHtmlReport.html
- MdmDiagLogMetadata.json
- MDMDiagReport.xml
- MdmDiagReport_RegistryDump.reg
- MdmLogCollectorFootPrint.txt
**Sample diagnostic content for HoloLens 2 10.0.19041+**
HololensDiagnostics.zip contains files such as the following:
- EventLog-Application.etl.001*
- EventLog-System.etl.001*
- AuthLogon.etl
- EventLog-HupRe.etl.001
- FirstExperience.etl.001
- HetLog.etl
- HoloInput.etl.001
- HoloShell.etl.001
- WiFi.etl.001
- CSPsAndPolicies.etl.001
- RadioMgr.etl
- WiFiDriverIHVSession.etl
- DisplayDiagnosticData.json
- HUP dumps
DeviceEnrollmentDiagnostics.zip contains files such as the following:
- MDMDiagHtmlReport.html
- MdmDiagLogMetadata.json
- MDMDiagReport.xml
- MdmDiagReport_RegistryDump.reg
- MdmLogCollectorFootPrint.txt
AutoPilotDiagnostics.zip contains files such as the following:
- DeviceHash_HoloLens-U5603.csv
- LicensingDiag.cab
- LicensingDiag_Output.txt
- TpmHliInfo_Output.txt
- DiagnosticLogCSP_Collector_DeviceEnrollment_\*.etl
- DiagnosticLogCSP_Collector_Autopilot_*.etl
TPMDiagnostics.zip contains files such as the following:
- CertReq_enrollaik_Output.txt
- CertUtil_tpminfo_Output.txt
- TPM\*.etl

2
devices/hololens/hololens-enroll-mdm.md
View File

@ -41,7 +41,7 @@ When auto-enrollment is enabled, no additional manual enrollment is needed. When
1. Select **Enroll into device management** and enter your organizational account. You will be redirected to your organization's sign in page.
1. Upon successful authentication to the MDM server, a success message is shown.
Your device is now enrolled with your MDM server. The device will need to restart to acquire policies, certificates, and apps. The Settings app will now reflect that the device is enrolled in device management.
Your device is now enrolled with your MDM server. The Settings app will now reflect that the device is enrolled in device management.
## Unenroll HoloLens from Intune

110
devices/hololens/hololens-feedback.md
View File

@ -4,7 +4,11 @@ description: Create actionable feedback for HoloLens and Windows Mixed Reality d
ms.assetid: b9b24c72-ff86-44a9-b30d-dd76c49479a9
author: mattzmsft
ms.author: mazeller
ms.date: 09/13/2019
ms.date: 05/14/2020
ms.custom:
- CI 116157
- CSSTroubleshooting
audience: ITPro
ms.prod: hololens
ms.topic: article
keywords: feedback, bug, issue, error, troubleshoot, help
@ -15,68 +19,66 @@ appliesto:
- HoloLens 2
---
# Give us feedback
# Feedback for HoloLens
Use the Feedback Hub to tell us which features you love, which features you could do without, or when something could be better.
Use the Feedback Hub to tell us which features you love, which features you could do without, and how something could be better. The engineering team uses the same mechanism internally to track and fix bugs, so please use Feedback Hub to report any bugs that you see. We are listening!
## Feedback for Windows Mixed Reality immersive headset on PC
Feedback Hub is an excellent way to alert the engineering team to bugs and to make sure that future updates are healthier and more consistently free of bugs. However, Feedback Hub does not provide a response. If you need immediate help, please file feedback, take note of the summary that you provided for your feedback, and then follow up with [HoloLens support](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f).
> [!IMPORTANT]
> Before you report an issue, make sure that your environment meets the following requirements so that you can successfully upload logs and other information:
>
> - Have a minimum of 3GB free disk space available on the main drive of the device.
> - To upload cabs or other large files, connect to a non-metered network.
> [!NOTE]
>
> - Make sure you that you have the current version of Feedback Hub. To do this, select **Start** > **Microsoft Store**, and then select the ellipses (**...**). Then, select **Downloads and updates** > **Get updates**.
>
> - To provide the best possible data for fixing issues, we highly recommended that you set your device telemetry to **Full**. You can set this value during the Out-of-Box-Experience (OOBE), or by using the Settings app. To do this by using Settings, select **Start** > **Settings** > **Privacy** > **App Diagnostics** > **On**.
1. Make sure that you have the immersive headset connected to your PC, and then on the desktop, select **Feedback Hub**.
1. In the left pane, select **Feedback**.
![Feedback tab](images/feedback1-600px.png)
1. To enter new feedback, select **Add new feedback**.
![Add new feedback](images/feedback2-600px.png)
1. To make feedback actionable, in **What kind of feedback is this?** select **Problem**.
1. In **Summarize your issue**, enter a meaningful title for your feedback.
1. In **Give us more detail**, provide details and repro steps.
![Details and repro steps](images/feedback3-600px.png)
## Use the Feedback Hub
As the top category, select **Mixed Reality**. Then select an applicable subcategory, as explained in the following table:
|Subcategory |Description |
|----------|----------|
| Apps | Issues about a specific application. |
| Developer | Issues about authoring or running an app for Mixed Reality. |
| Device | Issues about the head-mounted device (HMD) itself. |
| Home experience | Issues about your VR environment and your interactions with the your mixed reality home. |
| Input | Issues about input methods, such as motion controllers, speech, gamepad, or mouse and keyboard. |
| Set up | Anything that is preventing you from setting up the device. |
| All other issues | Anything else. |
1. If possible, add traces or video to your feedback to help us identify and fix the issue more quickly. To do this, follow these steps:
1. To start collecting traces, select **Start capture**. The app starts collecting traces and a video capture of your mixed reality scenario.
![Start Capture](images/feedback4-600px.png)
1. Do not close the Feedback Hub app, but switch to the scenario that produces the issue. Run through the scenario to produce the circumstances that you have described.
1. After you finish your scenario, go back to the Feedback Hub app and select **Stop capture**. The app stops collecting information, stores the information in a file, and attaches the file to your feedback.
1. Select **Submit**.
![Submit](images/feedback5-600px.png)
The Thank You page indicates that your feedback has been successfully submitted.
![Thank You](images/feedback6-600px.png)
1. Use the **Start** gesture to open the **Start** menu, and then select **Feedback Hub**. The app opens in your environment.
To easily direct other people (such as co-workers, Microsoft staff, [forum](https://forums.hololens.com/) readers et al) to the issue, go to **Feedback** > **My Feedback**, select the issue, select **Share**. This action provides a shortened URL that you can give to others so that they can upvote or escalate your issue.
![Feedback app on HoloLens Start menu](./images/hololens2-feedbackhub-tile.png)
> [!NOTE]
> If you don't see **Feedback Hub**, select **All Apps** to see the complete list of apps on the device.
## Feedback for HoloLens
1. To see whether someone else has given similar feedback, enter a few keywords about the topic in the **Feedback** search box.
1. If you find similar feedback, select it, add any additional information that you have in the **Write a comment** box, and then select **Upvote**.
1. If you don't find any similar feedback, select **Add new feedback**.
1. Use the **bloom** gesture to open the **Start** menu, and then select **Feedback Hub**.
![Add new feedback](./images/hololens-feedback-1.png)
![Start menu on Microsoft HoloLens](images/startmenu.jpg)
1. Place the app in your environment and then select the app to launch it.
1. To see if someone else has given similar feedback, in the Feedback search box, enter a few keywords about the topic.
1. In **Summarize your feedback**, enter a short summary of your feedback. Then add details in the **Explain in more detail** box. The more details that you provide, such as how to reproduce this problem and the effect that it has, the more useful your feedback is. When you're finished, select **Next**.
![Search Feedback](images/searchfeedback-500px.jpg)
1. If you find similar feedback, select it, add any details, then select **Upvote**.
1. Select a topic from **Choose a category**, and then select a subcategory from **Select a subcategory**. The following table describes the categories that are available in the Windows Holographic category.
![Upvote existing Feedback](images/upvotefeedback-500px.jpg)
1. If you dont find any similar feedback, select **Add new feedback**, select a topic from **Select a category**, and then select a subcategory from **Select a subcategory**.
> [!NOTE]
> **Commercial customers**: To report a bug that is related to MDM, provisioning, or any other device management aspect, select the **Enterprise Management** category, and the **Device** subcategory.
![Add new Feedback](images/addnewfeedback-500px.jpg)
1. Enter your feedback.
1. If you are reporting a reproducible issue, you can select **Reproduce**. Without closing Feedback Hub, reproduce the issue. After you finish, come back to Feedback Hub and select **Im done**. The app adds a mixed reality capture of your repro and relevant diagnostic logs to your feedback.
1. Select **Post feedback**, and youre done.
|Category |Description |
| --- | --- |
|Eye tracking |Feedback about eye tracking, iris sign-in, or calibration. |
|Hologram accuracy, stability, and reliability |Feedback about how holograms appear in space. |
|Launching, placing, adjusting, and exiting apps |Feedback about starting or stopping 2D or 3D apps. |
|Miracast |Feedback about Miracast. |
|Spaces and persistence |Feedback about how HoloLens recognizes spaces and retains holograms in space. |
|Start menu and all apps list |Feedback about the **Start** menu and the all apps list. |
|Surface mapping |Feedback about surface mapping. |
|Taking pictures and videos |Feedback about mixed reality captures. |
|Video hologram playback |Feedback about video hologram playback. |
|All other issues |All other issues. |
1. You may be prompted to search for similar feedback. If your problem resembles feedback from other users, select that feedback. Otherwise, select **New feedback** and then select **Next**.
1. If you are prompted, select the best description of the problem.
1. Attach any relevant data to your feedback, or reproduce the problem. You can select any of the following options:
- **Attach a screenshot**. Select this option to attach a screenshot that illustrates the situation that you're describing.
- **Attach a file**. Select this option to attach data files. If you have files that are relevant to your problem or that could help us to reproduce your problem, attach them.
- **Recreate my problem**. Select this option if you can reproduce the problem yourself. After you select **Recreate my problem**, follow these steps:
1. Select **Include data about** and make sure that the most relevant types of data are listed. In most cases, the default selections are based on the category and subcategory that you selected for your feedback.
1. Select **Start Recording**.
1. Reproduce your problem. Dont worry if this means that you have to enter an immersive app. You will return to the feedback page when you're done.
1. Select **Stop recording**. After recording stops, you can see the data that is attached to your feedback for the engineering team.
1. Make sure that you have an active internet connection so that we can receive your feedback. Select **Submit**, and youre done.

2
devices/hololens/hololens-identity.md
View File

@ -32,7 +32,7 @@ HoloLens supports several kinds of user identities. You can use one or more user
| Identity type | Accounts per device | Authentication options |
| --- | --- | --- |
| [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 32 (see details) | <ul><li>Azure web credential provider</li><li>Azure Authenticator App</li><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
| [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 64 | <ul><li>Azure web credential provider</li><li>Azure Authenticator App</li><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
| [Microsoft Account (MSA)](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts) | 1 | <ul><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
| [Local account](https://docs.microsoft.com/windows/security/identity-protection/access-control/local-accounts) | 1 | Password |

75
devices/hololens/hololens-insider.md
View File

@ -63,80 +63,9 @@ You are welcome and encouraged to try developing your applications using Insider
## Windows Insider Release Notes
HoloLens 2 Windows Insider builds are full of new features and improvements. Sign up for Windows Insider Fast or Slow flights to test them out!
Here's a quick summary of what's new:
As of our [Windows Holographic May 2020 Update](hololens-release-notes.md) release all of our release preview feautres are now generally avalible! Make sure to [update your HoloLens](hololens-update-hololens.md) to get all the latest features.
- Support for FIDO2 Security Keys to enable secure and easy authentication for shared devices
- Seamlessly apply a provisioning package from a USB drive to your HoloLens
- Use a provisioning packages to enroll your HoloLens to your Mobile Device Management system
- Use Windows Autopilot to set up and pre-configure new devices, quickly getting them ready for productive use. To participate in the program you'll need to meet a few requirements. While the program is in preview mode you'll need to be using Microsoft Intune. You'll need to use a tenant that is flighted for HoloLens. Lastly you'll need to have installed an insider preview buildon your HoloLens 2. To praticipate in the preview of this new program send a note to hlappreview@microsoft.com to join the preview.
- Dark Mode - HoloLens customers can now choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time.
- Support for additional system voice commands
- An updated Cortana app with a focus on productivity
- Hand Tracking improvements to reduce the tendency to close the index finger when pointing. This should make button pressing and 2D slate usage feel more accurate
- Performance and stability improvements across the product
- More information in settings on HoloLens about the policy pushed to the device
Once you've had a chance to explore these new capabilities, use the Feedback Hub app to let us know what you think. Feedback you provide in the Feedback Hub goes directly to our engineers.
### FIDO 2 support
Many of you share a HoloLens with lots of people in a work or school environment. Whether devices are shared between students in a classroom or they're checked out from a device locker, it's important to be able to change users quickly and easily without typing long user names and passwords. FIDO lets anyone in your organization (AAD tenant) seamlessly sign in to HoloLens without entering a username or password.
Read the [passwordless security docs](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to get started.
### Provisioning package updates
Provisioning packages let you set HoloLens configuration through a config file rather than going through the HoloLens out of box experience. Previously, provisioning packages had to be copied onto HoloLens' internal memory, now they can be on a USB drive so they're easier to re-use on multiple HoloLens and so more people can provision HoloLens in parallel.
1. To try it out, download the latest version of the Windows Configuration Designer from the Windows store onto your PC.
1. Select **Provision HoloLens Devices** > Select **Provision HoloLens 2 devices**
1. Build your configuration profile and, when you're done, copy all files created to a USB-C storage device.
1. Plug it into any freshly flashed HoloLens and press **Volume down + Power** to apply your provisioning package.
### System voice commands
You can now access these commands with your voice:
- "Restart device"
- "Shutdown device"
- "Brightness up"
- "Brightness down"
- "Volume up"
- "Volume down"
- "What is my IP address?"
- "Take a picture"
- "Take a video" / "Stop recording"
If you're running your system with a different language, please try the appropriate commands in that language.
### Cortana updates
The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
There's currently an issue we're investigating that requires you to launch the app once after booting the device in order to use the "Hey Cortana" keyword activation, and if you updated from a 18362 build, you may see an app tile for the previous version of the Cortana app in Start that no longer works.
### Dark mode
Many Windows apps support both dark and light modes, and now HoloLens customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to **Settings > System > Colors to find "Choose your default app mode."**
Here are some of the in-box apps that support Dark mode!
- Settings
- Microsoft Store
- Mail
- Calendar
- File Explorer
- Feedback Hub
- OneDrive
- Photos
- 3D Viewer
- Movies & TV
### Windows Autopilot for HoloLens 2
This Autopilot program supports Autopilot self-deploying mode to provision HoloLens 2 devices as shared devices under your tenant. Self-deploying mode leverages the device's preinstalled OEM image and drivers during the provisioning process. A user can provision the device without putting the device on and going through the Out-of-the-box Experience (OOBE).
When a user starts the Autopilot self-deploying process, the process completes the following steps:
1. Join the device to Azure Active Directory (Azure AD).
2. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service).
3. Download the device-targeted policies, certificates, and networking profiles.
4. Provision the device.
5. Present the sign-in screen to the user.
For full information about Autopilot, see [Windows Autopilot for HoloLens 2 evaluation guide](hololens2-autopilot.md).
We'll be updating this page again with new features again as we release them to Windows Insider builds.
### FFU download and flash directions
To test with a flight signed ffu, you first have to flight unlock your device prior to flashing the flight signed ffu.

4
devices/hololens/hololens-kiosk.md
View File

@ -98,7 +98,9 @@ If you use a Mobile Device Management (MDM) system or a provisioning package to
|Dynamics 365 Guides |Microsoft.Dynamics365.Guides\_8wekyb3d8bbwe\!MicrosoftGuides |
|Dynamics 365 Remote Assist |Microsoft.MicrosoftRemoteAssist\_8wekyb3d8bbwe\!Microsoft.RemoteAssist |
|Feedback&nbsp;Hub |Microsoft.WindowsFeedbackHub\_8wekyb3d8bbwe\!App |
|Mail |c5e2524a-ea46-4f67-841f-6a9465d9d515\_cw5n1h2txyewy\!App |
|File Explorer |c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App |
|Mail |microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail |
|Microsoft Store |Microsoft.WindowsStore_8wekyb3d8bbwe!App |
|Miracast<sup>4</sup> |&nbsp; |
|Movies & TV |Microsoft.ZuneVideo\_8wekyb3d8bbwe\!Microsoft.ZuneVideo |
|OneDrive |microsoft.microsoftskydrive\_8wekyb3d8bbwe\!App |

2
devices/hololens/hololens-multiple-users.md
View File

@ -37,7 +37,7 @@ To use HoloLens, each user follows these steps:
1. If another user has been using the device, do one of the following:
- Press the power button once to go to standby, and then press the power button again to return to the lock screen
- HoloLens 2 users may select the user tile on the top of the Pins panel to sign out the current user.
- HoloLens 2 users may select the user tile from the Start menu to sign out the current user.
1. Use your Azure AD account credentials to sign in to the device.
If this is the first time that you have used the device, you have to [calibrate](hololens-calibration.md) HoloLens to your own eyes.

288
devices/hololens/hololens-release-notes.md
View File

@ -1,5 +1,5 @@
---
title: HoloLens release notes
title: HoloLens 2 release notes
description: Learn about updates in each new HoloLens release.
author: scooley
ms.author: scooley
@ -8,25 +8,211 @@ ms.prod: hololens
ms.sitesec: library
ms.topic: article
ms.localizationpriority: medium
ms.date: 12/02/2019
ms.date: 06/9/2020
ms.custom:
- CI 111456
- CSSTroubleshooting
audience: ITPro
appliesto:
- HoloLens 1
- HoloLens 2
---
# HoloLens release notes
# HoloLens 2 release notes
## HoloLens 2
## Windows Holographic, version 2004 - June 2020 Update
- Build 19041.1106
Improvements and fixes in the update:
- Custom MRC recorders have new default values for certain properties if they aren't specified.
- On the MRC Video Effect:
- PreferredHologramPerspective (1 PhotoVideoCamera)
- GlobalOpacityCoefficient (0.9 (HoloLens) 1.0 (Immersive headset))
- On the MRC Audio Effect:
- LoopbackGain (the current "App Audio Gain" value on the Mixed Reality Capture page in Windows Device Portal)
- MicrophoneGain (the current "Mic Audio Gain" value on the Mixed Reality Capture page in Windows Device Portal)
- This update contains a bug fix that improves audio quality in Mixed Reality Capture scenarios. Specifically, it should eliminate any audio glitching in the recording when the Start Menu is displayed.
- Improved hologram stability in recorded videos.
- Resolves an issue where mixed reality capture couldn't record video after device is left in standby state for multiple days.
- The HolographicSpace.UserPresence API is generally disabled for Unity applications to avoid an issue which causes some apps to pause when the visor is flipped up, even if the setting to run in the background is enabled. The API is now enabled for Unity versions 2018.4.18 and higher, and 2019.3.4 and higher.
- When accessing Device Portal over a WiFi connection, a web browser might prevent access to due to an invalid certificate, reporting an error such as "ERR_SSL_PROTOCOL_ERROR," even if the device certificate has previously been trusted. In this case, you would be unable to progress to Device Portal as options to ignore security warnings are not available. This update resolves the issue. If the device certificate was previously downloaded and trusted on a PC to remove browser security warnings and the SSL error has been encountered, the new certificate will need to be downloaded and trusted to address browser security warnings.
- Enabled ability to create a runtime provisioning package which can install an app using MSIX packages.
- New setting that users can find under Settings > System > Holograms, that allows users to automatically remove all holograms from the mixed reality home when the device shuts down.
- Fixed an issue that caused HoloLens apps that change their pixel format to render black in the HoloLens emulator.
- Fixed bug that caused a crash during Iris Login.
- Fixes an issue around repeated store downloads for already current apps.
- Fixed a bug to preventing immersive apps from launching Edge multiple times.
- Fixes an issue around launches of the Photos app in initial boots after updating from the 1903 release.
- Improved performance and reliability.
## Windows Holographic, version 1903 - June 2020 Update
- Build 18362.1064
Improvements and fixes in the update:
- Custom MRC recorders have new default values for certain properties if they aren't specified.
- On the MRC Video Effect:
- PreferredHologramPerspective (1 PhotoVideoCamera)
- GlobalOpacityCoefficient (0.9 (HoloLens) 1.0 (Immersive headset))
- On the MRC Audio Effect:
- LoopbackGain (the current "App Audio Gain" value on the Mixed Reality Capture page in Windows Device Portal)
- MicrophoneGain (the current "Mic Audio Gain" value on the Mixed Reality Capture page in Windows Device Portal)
- The HolographicSpace.UserPresence API is generally disabled for Unity applications to avoid an issue which causes some apps to pause when the visor is flipped up, even if the setting to run in the background is enabled. The API is now enabled for Unity versions 2018.4.18 and higher, and 2019.3.4 and higher.
- Fixed an issue that caused HoloLens apps that change their pixel format to render black in the HoloLens emulator.
- Fixes an issue around launches of the Photos app in initial boots after updating from the 1903 release.
## Windows Holographic, version 2004
Build - 19041.1103
We are excited to announce our May 2020 major software update for HoloLens 2, **Windows Holographic, version 2004**. This release includes a host of exciting new capabilities, such as support for Windows Autopilot, app dark mode, USB Ethernet support for 5G/LTE hotspots, and much more. To update to the latest release, open the**Settingsapp**, go to**Update & Security**, then select the**Check for Updates**button.
| Feature | Description |
|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------|
| Windows Autopilot | Pre-configure and seamlessly set up new devices for production, with Windows AutoPilot |
| FIDO 2 support | Support for FIDO2 Security Keys to enable fast and secure authentication for shared devices |
| Improved provisioning | Seamlessly apply a provisioning package from a USB drive to your HoloLens |
| Application install status | Check install status for apps have been pushed to HoloLens 2 via MDM, in the Settings app |
| Configuration Service Providers (CSPs) | Added new Configuration Service Providers (CSPs) enhancing admin control capabilities. |
| USB 5G/LTE support | Expanded USB Ethernet capability enables support for 5G/LTE |
| Dark App Mode | Dark App Mode for apps that support both dark and light modes, improving the viewing experience |
| Voice Commands | Support for additional system voice commands to control HoloLens, hands-free |
| Hand Tracking improvements | Hand Tracking improvements make buttons and 2D slate interactions more accurate |
| Quality improvements and fixes | Various system performance and reliability improvements across the platform |
> [!Note]
> HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
### April Update - build 18362.1059
### Support for Windows Autopilot
Windows Autopilot for HoloLens 2 lets the device sales channel pre-enroll HoloLens into your Intune tenant. When devices arrive, theyre ready to self-deploy as shared devices under your tenant. To take advantage of self-deployment, devices will need to connect to a network during the first screen in setup using either a USB-C to ethernet dongle or USB-C to LTE dongle.
When a user starts the Autopilot self-deploying process, the process completes the following steps:
1. Join the device to Azure Active Directory (Azure AD).
1. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service).
1. Download the device-targeted policies, certificates, and networking profiles.
1. Provision the device.
1. Present the sign-in screen to the user.
Learn more from the [Windows Autopilot for HoloLens 2 evaluation guide](https://docs.microsoft.com/hololens/hololens2-autopilot).
**Contact your Account Manager to join the AutoPilot preview now. Autopilot-ready devices will begin shipping soon.**
### FIDO2 Security Key support
Many of you share a HoloLens device with lots of people in a work or school environment. Whether devices are shared between students in a classroom or they're checked out from a device locker, it's important to be able to change users quickly and easily without typing long usernames and passwords.
FIDO lets anyone in your organization (AAD tenant) seamlessly sign into HoloLens without entering a username or password.
FIDO2 security keys are an unphishable standards-based passwordless authentication method that can come in any form factor. Fast Identity Online (FIDO) is an open standard for passwordless authentication. FIDO allows users and organizations to leverage the standard to sign-in to their resources without a username or password using an external security key or a platform key built into a device.
Read the [passwordless security docs](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to get started.
### Improved MDM enrollment via provisioning package
Provisioning packages let you set HoloLens configuration through a config file rather than going through the HoloLens out of box experience. Previously, provisioning packages had to be copied onto HoloLens' internal memory, now they can be on a USB drive so they're easier to re-use on multiple HoloLens and so more people can provision HoloLens in parallel. In addition, provisioning packages support a new field to enroll in device management so there is no manual set up post-provisioning.
1. To try it out, download the latest version of the Windows Configuration Designer from the Windows store onto your PC.
1. Select **Provision HoloLens Devices** > Select **Provision HoloLens 2 devices**
1. Build your configuration profile and, when you're done, copy all files created to a USB-C storage device.
1. Plug it into any freshly flashed HoloLens and press **Volume down + Power** to apply your provisioning package.
### Line of Business application install status
MDM app deployment and management for Line of Business (LOB) apps is critical for our customers. Admins and users need to be able to view app install status, for auditing and diagnosis purposes. In this release we are adding more details in **Settings > Accounts > Access work or school > Click on your account > Info.**
### Additional CSPs and Policies
A [configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference?redirectedfrom=MSDN) is an interface to read, set, modify, or delete configuration settings on a device. In this release, we are adding support for more policies, increasing the control administrators have over deployed HoloLens devices. For the list of CSPs supported by HoloLens, visit this [link](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp). New in this release:
**Policy CSP**
The Policy configuration service provider enables the enterprise to configure policies on Windows devices. In this release, we are adding new policies for HoloLens, listed below. You can learn more about supported policies [here](https://docs.microsoft.com/windows/client-management/mdm/policies-supported-by-hololens2).
- LetAppsAccessCamera_ForceAllowTheseApps
- LetAppsAccessCamera_ForceDenyTheseApps
- LetAppsAccessCamera_UserInControlOfTheseApps
- LetAppsAccessGazeInput
- LetAppsAccessGazeInput_ForceAllowTheseApps
- LetAppsAccessGazeInput_ForceDenyTheseApps
- LetAppsAccessGazeInput_UserInControlOfTheseApps
- LetAppsAccessMicrophone_ForceAllowTheseApps
- LetAppsAccessMicrophone_ForceDenyTheseApps
- LetAppsAccessMicrophone_UserInControlOfTheseApps
- AllowWiFi
**NetworkQoSPolicy CSP**
The NetworkQoSPolicy configuration service provider creates network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions. You can learn more about this policy [here](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp).
### Expanded USB Ethernet support for 5G/LTE tethered devices
Support has been added to enable certain mobile broadband devices, such as 5G/LTE phones and WiFi hotpots when tethered to the HoloLens 2 via USB. These devices will be displayed in network settings as another ethernet connection. Mobile broadband devices that require an external driver are not supported. This enables high bandwidth connections in scenarios where WiFi is not available, and WiFi tethering isnt performant enough. You can learn more about supported USB devices [here](https://docs.microsoft.com/hololens/hololens-connect-devices).
### Hand Tracking Improvements
Hand tracking has received several improvements in this release.
- **Pointing pose stability:** The system will now resist bending the index finger when it becomes occluded by the palm. This improves accuracy when pushing buttons, typing, scrolling content, and more!
- **Reduced accidental AirTaps:** Weve improved detection of the AirTap gesture. Now there are fewer accidental activations in several common cases, such as dropping your hands to your side.
- **User switch reliability:** The system is now faster and more reliable at updating the hand size when sharing a device back and forth.
- **Reduced hand stealing:** Weve improved handling of cases where there are more than 2 hands in view of the sensors. If multiple people are working close together, there is now a much lower chance that the tracked hand will jump from the user to the hand of someone else in the scene.
- **System reliability:** Fixed an issue that would cause hand tracking to stop working for a period if the device is under high load.
### Dark mode
Many Windows apps now support both dark and light modes, and HoloLens 2 customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to Settings > System > Colors to find "Choose your default app mode." Here are some of the in-box apps that support Dark mode:
- Settings
- Microsoft Store
- Mail
- Calendar
- File Explorer
- Feedback Hub
- OneDrive
- Photos
- 3D Viewer
- Movies & TV
![Dark mode windows tiled](images/DarkMode.jpg)
### System voice commands
You can now quickly access and use commands with your voice while using any app on the device. If you're running your system with a different language, please try the appropriate commands in that language. For more details on the commands and how to use them, see our documentation [here](https://docs.microsoft.com/hololens/hololens-cortana).
### Cortana updates
The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands mentioned above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
### Quality improvements and fixes
Improvements and Fixes also in the update:
- The update introduces an active display calibration system. This improves the stability and alignment of holograms, which helps them stay in place when moving your head side-to-side.
- Fixed a bug where Wi-Fi streaming to HoloLens gets disrupted periodically. If an application indicates that it needs low latency streaming this fix is can be accomplished by calling [this function](https://docs.microsoft.com/windows/win32/api/socketapi/nf-socketapi-setsocketmediastreamingmode).
- Fixed an issue where the device could hang during streaming in research mode.
- Fixed bug where in some cases the right user would not be displayed on sign-in screen when resuming session.
- Fixed an issue where users could not export MDM logs through settings.
- Fixed an issue where the accuracy of eye tracking immediately following out-of-box-setup could be lower than specification.
- Fixed an issue where eye tracking subsystem would fail to initialize and/or perform calibration under certain conditions.
- Fixed an issue where eye calibration would be prompted for an already calibrated user.
- Fixed an issue where a driver would crash during eye calibration.
- Fixed an issue where repeated power button presses can cause a 60 second system time-out and shell crash.
- Improved stability for depth buffers.
- Added Share button in Feedback Hub so users can more easily share feedback.
- Fixed a bug where RoboRaid did not install correctly.
### Known issues
- We are investigating an issue surrounding the use of the zh-CN system language that prevents the voice commands for taking a mixed reality capture or displaying the device IP address from working.
- We're investigating an issue that requires you to launch the Cortana app after booting the device in order to use the "Hey Cortana" voice activation, and if you updated from a 18362 build, you may see a second app tile for the previous version of the Cortana app in Start that no longer works.
## Windows Holographic, version 1903 - May 2020 Update
- Build 18362.1061
This monthly quality update does not contain any changes of note because the team has been focused on providing you with the highest quality Feature Update now available in the Windows Holographic, version 2004 May Update detailed above. Please take this opportunity to move to the latest feature update to get a ton of exciting new changes.
## Windows Holographic, version 1903 - April 2020 Update
- Build 18362.1059
**Dark mode for supported apps**
@ -51,100 +237,50 @@ Here are some of the in-box apps that support dark mode:
- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod DepthReprojection algorithm is used.
- Fixed WinRT IStreamSocketListener API Class Not Registered error on 32-bit ARM app.
### March Update - build 18362.1056
## Windows Holographic, version 1903 - March 2020 Update
- Build 18362.1056
Improvements and fixes in the update:
- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod AutoPlanar algorithm is used.
- Ensures the coordinate system attached to a depth MF sample is consistent with public documentation.
- Developers productivity improvement by enabling customers to paste large amount of text through device portal.
### February Update - build 18362.1053
## Windows Holographic, version 1903 - February 2020 Update
- Build 18362.1053
Improvements and fixes in the update:
- Temporarily disabled the HolographicSpace.UserPresence API for Unity applications to avoid an issue which causes some apps to pause when the visor is flipped up, even if the setting to run in the background is enabled.
- Fixed a random HUP crash cased by hand tracking, in which user will notice an UI freeze then back to shell after several seconds.
- We made an improvement in hand tracking so that while poking using index finger, the upper part of that finger will be less likely to curl unexpectedly.
- Improved reliability of head tracking, spatial mapping, and other runtimes.
### January Update - build 18362.1043
## Windows Holographic, version 1903 - January 2020 Update
- Build 18362.1043
Improvement in the update:
- Stability improvements for exclusive apps when working with the HoloLens 2 emulator.
### December Update - build 18362.1042
## Windows Holographic, version 1903 - December 2019 Update
- Build 18362.1042
Improvements and fixes in the update:
- Introduces LSR (Last Stage Reproduction) fixes. Improves visual rendering of holograms to appear more stable and crisp by more accurately accounting for their depth. This will be more noticeable if apps do not set the depth of holograms correctly, after this update.
- Fixes stability of exclusive apps and navigation between exclusive apps.
- Resolves an issue where Mixed Reality Capture couldn't record video after device is left in standby state for multiple days.
- Improves hologram stability.
### November Update - build 18362.1039
## Windows Holographic, version 1903 - November 2019 Update
- Build 18362.1039
Improvements and fixes in the update:
- Fixes for **"Select"** voice commands during initial set-up for en-CA and en-AU.
- Improvements in visual quality of objects placed far away in latest Unity and MRTK versions.
- Fixes addressing issues with holographic applications being stuck in a paused state on launch until the pins panel is brought up and dismissed again.
- OpenXR runtime conformance fixes and improvements for HoloLens 2 and the emulator.
## HoloLens (1st gen)
### Windows 10 Holographic, version 1809
> **Applies to:** Hololens (1st gen)
| Feature | Details |
|---|---|
| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. <br> See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.<br><br>![sample of the Quick actions menu](images/minimenu.png) |
| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you'll be able to stop recording from the same place. (Don't forget, you can always do this with voice commands too.) |
| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you're in an immersive experience, use the bloom gesture). |
| **HoloLens overlays**<br>(file picker, keyboard, dialogs, etc.) | You'll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you'll see a visual display of the volume level. |
| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it's between the "Hello" message and the Windows boot logo. |
| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |
#### For international customers
| Feature | Details |
| --- | --- |
| Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.<br>[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md) |
| Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. |
#### For administrators
| Feature | Details |
|---|----|
| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with yourpassword. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when promptedduring web sign-in. |
| Read device hardware info through MDM so devices can be tracked by serial number | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
| Set HoloLens device name through MDM (rename) |IT administrators can see and rename HoloLens devices in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
### Windows 10, version 1803 for Microsoft HoloLens
> **Applies to:** Hololens (1st gen)
Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard).
![Provisioning HoloLens devices](images/provision-hololens-devices.png)
- When you create a local account in a provisioning package, the password no longer expires every 42 days.
- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes.
- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
- When setup or sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting.
- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.

84
devices/hololens/hololens1-release-notes.md Normal file
View File

@ -0,0 +1,84 @@
---
title: HoloLens 1st (Gen) release notes
description: Learn about updates in each new HoloLens release.
author: evmill
ms.author: v-evmill
manager: yannisle
ms.prod: hololens
ms.sitesec: library
ms.topic: article
ms.localizationpriority: medium
ms.date: 05/12/2020
ms.custom:
- CI 111456
- CSSTroubleshooting
audience: ITPro
appliesto:
- HoloLens 1
---
# HoloLens 1st (Gen) release notes
### Windows 10 Holographic, version 1809
> **Applies to:** Hololens (1st gen)
| Feature | Details |
|---|---|
| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. <br> See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.<br><br> |
| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you'll be able to stop recording from the same place. (Don't forget, you can always do this with voice commands too.) |
| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you're in an immersive experience, use the bloom gesture). |
| **HoloLens overlays**<br>(file picker, keyboard, dialogs, etc.) | You'll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you'll see a visual display of the volume level. |
| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it's between the "Hello" message and the Windows boot logo. |
| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |
#### For international customers
| Feature | Details |
| --- | --- |
| Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.<br>[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md) |
| Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. |
#### For administrators
| Feature | Details |
|---|----|
| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with yourpassword. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when promptedduring web sign-in. |
| Read device hardware info through MDM so devices can be tracked by serial number | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
| Set HoloLens device name through MDM (rename) |IT administrators can see and rename HoloLens devices in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
### Windows 10, version 1803 for Microsoft HoloLens
> **Applies to:** Hololens (1st gen)
Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard).
- When you create a local account in a provisioning package, the password no longer expires every 42 days.
- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes.
- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
- When setup or sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting.
- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.

3
devices/hololens/hololens1-upgrade-enterprise.md
View File

@ -16,6 +16,9 @@ appliesto:
# Unlock Windows Holographic for Business features
> [!IMPORTANT]
> This page only applies to HoloLens 1st Gen.
Microsoft HoloLens is available in the *Development Edition*, which runs Windows Holographic (an edition of Windows 10 that is designed for HoloLens), and in the [Commercial Suite](hololens-commercial-features.md), which provides extra features designed for business.
When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic for Business. You can apply this license to the device either by using the organization's [mobile device management (MDM) provider](#edition-upgrade-by-using-mdm) or a [provisioning package](#edition-upgrade-by-using-a-provisioning-package).

28
devices/hololens/hololens2-autopilot.md
View File

@ -71,10 +71,9 @@ Review the "[Requirements](https://docs.microsoft.com/windows/deployment/windows
Before you start the OOBE and provisioning process, make sure that the HoloLens devices meet the following requirements:
- The devices are not already members of Azure AD, and are not enrolled in Intune (or another MDM system). The Autopilot self-deploying process completes these steps. To make sure that all the device-related information is cleaned up, check the **Devices** pages in both Azure AD and Intune.
- Every device can connect to the internet. You can use a wired or wireless connection.
- Every device can connect to a computer by using a USB-C cable, and that computer has the following available:
- Advanced Recovery Companion (ARC)
- The latest Windows update: Windows 10, version 19041.1002.200107-0909 or a later version)
- Every device can connect to the internet. You can use "USB C to Ethernet" adapters for wired internet connectivity or "USB C to Wifi" adapters for wireless internet connectivity.
- Every device can connect to a computer by using a USB-C cable, and that computer has [Advanced Recovery Companion (ARC)](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?rtc=1&activetab=pivot:overviewtab) installed
- Every device has the latest Windows update: Windows 10, version 19041.1002.200107-0909 or a later version.
To configure and manage the Autopilot self-deploying mode profiles, make sure that you have access to [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
@ -185,24 +184,7 @@ The Enrollment Status Page (ESP) displays the status of the complete device conf
![ESP configuration](./images/hololens-ap-profile-settings.png)
### 8. Configure a custom configuration profile for HoloLens devices (known issue)
1. In [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), select **Devices** > **Configuration profiles** > **Create profile**.
1. For **Platform**, specify **Windows 10 and later**, and for **Profile**, select **Custom**.
1. Select **Create**.
1. Enter a name for the profile, and then select **Settings** > **Configure**.
![Settings for the custom configuration profile.](./images/hololens-ap-profile-settings-oma.png)
1. Select **Add**, and then specify the following information:
- **Name**: SidecarPath
- **OMA-URI**: ./images/Device/Vendor/MSFT/EnrollmentStatusTracking/DevicePreparation/PolicyProviders/Sidecar/InstallationState
- **Data type**: Integer
- **Value**: 2
1. Select **OK** two times, and then select **Create** to create the profile.
1. After Intune creates the configuration profile, assign the configuration profile to the device group for the HoloLens devices.
### 9. Verify the profile status of the HoloLens devices
### 8. Verify the profile status of the HoloLens devices
1. In Microsoft Endpoint Manager Admin Center, select **Devices** > **Windows** > **Windows enrollment** > **Devices**.
1. Verify that the HoloLens devices are listed, and that their profile status is **Assigned**.
@ -234,7 +216,7 @@ At the end of OOBE, you can sign in to the device by using your user name and pa
## Known Issues
- The list of supported languages for Autopilot deployment profiles includes languages that HoloLens does not support. Select a language that [HoloLens supports](hololens2-language-support.md).
- You cannot install applications that use the device security context.
## Feedback

6
devices/hololens/hololens2-hardware.md
View File

@ -133,7 +133,11 @@ In order to maintain/advance Internal Battery Charge Percentage while the device
### Safety
HoloLens 2 has been tested and conforms to the basic impact protection requirements of ANSI Z87.1, CSA Z94.3 and EN 166.
[Product Safety](https://support.microsoft.com/en-us/help/4023454/safety-information)
Eye safety: HoloLens 2 has been tested and conforms to the basic impact protection requirements of ANSI Z87.1, CSA Z94.3 and EN 166.
### Regulatory Information
[HoloLens Regulatory](https://support.microsoft.com/en-us/help/13761/hololens-regulatory-information)
## Next step

2
devices/hololens/hololens2-language-support.md
View File

@ -62,7 +62,7 @@ The setup process configures your HoloLens for a specific region and language. Y
If the supported language that you're looking for is not in the menu, follow these steps:
1. Under **Preferred languages**, select **Add a language**.
2. Locater and add the language.
2. Locate and add the language.
3. Select the **Windows display language** menu again, and then select the language that you added in the previous step.
### To change the keyboard layout

BIN
devices/hololens/images/DarkMode.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 104 KiB

BIN
devices/hololens/images/MicrosoftHoloLensRecovery.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
devices/hololens/images/hololens-darkmode-tiled-picture.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
devices/hololens/images/hololens-feedback-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 343 KiB

BIN
devices/hololens/images/hololens-start-feedback.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

BIN
devices/hololens/images/hololens2-feedbackhub-tile.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

2
devices/hololens/index.md
View File

@ -53,7 +53,7 @@ appliesto:
| [HoloLens user management](hololens-multiple-users.md) | Multiple users can share a HoloLens device by using their Azure Active Directory accounts. |
| [HoloLens application access management](hololens-kiosk.md) | Manage application access for different user groups. |
| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. |
| [Contact Support](https://support.microsoft.com/supportforbusiness/productselection) | Create a new support request for the business support team. |
| [Contact Support](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f) | Create a new support request for the business support team. |
| [More support options](https://support.microsoft.com/products/hololens) | Connect with Microsoft support resources for HoloLens in the enterprise. |
## Related resources

1
devices/surface-hub/TOC.md
View File

@ -32,6 +32,7 @@
### [Create provisioning packages for Surface Hub 2S](surface-hub-2s-deploy.md)
### [Deploy apps to Surface Hub 2S using Intune](surface-hub-2s-deploy-apps-intune.md)
### [Create Surface Hub 2S on-premises accounts with PowerShell](surface-hub-2s-onprem-powershell.md)
### [Surface Hub Teams app](hub-teams-app.md)
## Manage
### [Manage Surface Hub 2S with Microsoft Intune](surface-hub-2s-manage-intune.md)

23
devices/surface-hub/hub-teams-app.md Normal file
View File

@ -0,0 +1,23 @@
---
title: Microsoft Teams app for Surface Hub
description: Provides a version history of updates for the Microsoft Teams app for Surface Hub
keywords: surface, hub,
ms.prod: surface-hub
ms.sitesec: library
author: greglin
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
---
# Microsoft Teams app for Surface Hub
The Microsoft Teams app for Surface Hub is periodically updated and available via the [Microsoft Store](https://www.microsoft.com/store/apps/windows). If you manage Surface Hub with Automatic Updates enabled (default setting), the app will update automatically.
## Version history
| Store app version | Updates | Published to Microsoft Store |
| --------------------- | --------------------------------------------------------------------------------------------------- | -------------------------------- |
| 0.2020.13201.0 | - 3x3 Gallery view on Surface Hub<br>- Ability to search for External users | June 10, 2020<br> **** |
| 0.2020.13201 | - Quality improvements and Bug fixes | June 1, 2020<br> **** |
| 0.2020.4301.0 | - Accept incoming PSTN calls on Surface Hub<br>- Added controls for Attendee/Presenter role changes | May 21, 2020 |

28
devices/surface-hub/surface-hub-2s-account.md
View File

@ -1,6 +1,6 @@
---
title: "Create Surface Hub 2S device account"
description: "This page describes the procedure for creating the Surface Hub 2S device account."
title: Create Surface Hub 2S device account
description: This page describes the procedure for creating the Surface Hub 2S device account.
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
@ -15,15 +15,18 @@ ms.localizationpriority: Medium
# Create Surface Hub 2S device account
Creating a Surface Hub device account (also known as a Room mailbox) allows Surface Hub 2S to receive, approve, or decline meeting requests and join meetings using Microsoft Teams or Skype for Business. Configure the device account during OOBE setup. If needed you can change it later (without going through OOBE setup).
Creating a Surface Hub device account (also known as a Room mailbox) allows Surface Hub 2S to receive, approve, or decline meeting requests and join meetings using either Microsoft Teams or Skype for Business. Configure the device account during Out-of-Box Experience (OOBE) setup. If needed, you can change it later (without going through OOBE setup).
Unlike standard Room mailboxes that remain disabled by default, you need to enable the Surface Hub 2S device account to sign on to Microsoft Teams and Skype for Business. Surface Hub 2S relies on Exchange ActiveSync, which requires an ActiveSync mailbox policy on the device account. Apply the default ActiveSync mailbox policy that comes with Exchange Online.
Create the account using the Microsoft 365 admin center or by using PowerShell. You can use Exchange Online PowerShell to configure specific features including:
Create the account by using the Microsoft 365 admin center or by using PowerShell. You can use Exchange Online PowerShell to configure specific features including:
- Calendar processing for every Surface Hub device account.
- Custom auto replies to scheduling requests.
- If the default ActiveSync mailbox policy has already been modified by someone else or another process, you will likely have to create and assign a new ActiveSync mailbox policy
- If the default ActiveSync mailbox policy has already been modified by someone else or by another process, you will likely have to create and assign a new ActiveSync mailbox policy.
> [!NOTE]
> The Surface Hub device account doesnt support third-party Federated Identity Providers (FIPs) and must be a standard Active Directory or Azure Active Directory account.
## Create account using Microsoft 365 admin center
@ -31,17 +34,17 @@ Create the account using the Microsoft 365 admin center or by using PowerShell.
2. Provide a name and email address for the device account. Leave remaining settings unchanged in the default state.
![Provide a name and email address](images/sh2-account2.png)
![Provide a name and email address](images/sh2-account2.png)
![Leave remaining settings unchanged in the default state](images/sh2-account3.png)
![Leave remaining settings unchanged in the default state](images/sh2-account3.png)
3. Set the password for the device account. To set the password, choose **Users** and then select **Active Users**. Now search for the newly created user to set the password. Ensure that you **do not** select the option **Make this user change their password when they first sign in.**
![Set the password for the device account](images/sh2-account4.png)
![Set the password for the device account](images/sh2-account4.png)
4. Assign the room with an Office 365 license. Its recommended to assign the Office 365 **Meeting Room** license, a new option that automatically enables the account for Skype for Business Online and Microsoft Teams.
![Assign Office 365 license](images/sh2-account5.png)
![Assign Office 365 license](images/sh2-account5.png)
### Finalize setup via PowerShell
@ -50,6 +53,7 @@ Create the account using the Microsoft 365 admin center or by using PowerShell.
- **Microsoft Teams and Skype for Business Calendar:** Set [**Calendar Auto processing**](https://docs.microsoft.com/surface-hub/surface-hub-2s-account?source=docs#set-calendar-auto-processing) for this account.
## Create account using PowerShell
Instead of using the Microsoft Admin Center portal, you can create the account using PowerShell.
### Connect to Exchange Online PowerShell
@ -59,13 +63,13 @@ $365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
$ImportResults = Import-PSSession $365Session
```
### Create a new Room Mailbox
### Create a new Room mailbox
```powershell
New-Mailbox -MicrosoftOnlineServicesID account@YourDomain.com -Alias SurfaceHub2S -Name SurfaceHub2S -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String "<Enter Strong Password>" -AsPlainText -Force)
```
### Set Calendar Auto processing
### Set Calendar auto-processing
```powershell
Set-CalendarProcessing -Identity "account@YourDomain.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false AllowConflicts $false DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub"
@ -81,7 +85,7 @@ Set-MsolUserLicense -UserPrincipalName "account@YourDomain.com" -AddLicenses "co
## Connect to Skype for Business Online using PowerShell
### Install prerequisites
### Install pre-requisites
- [Visual C++ 2017 Redistributable](https://aka.ms/vs/15/release/vc_redist.x64.exe)
- [Skype for Business Online PowerShell Module](https://www.microsoft.com/download/confirmation.aspx?id=39366)

10
devices/surface-hub/surface-hub-2s-recover-reset.md
View File

@ -60,16 +60,6 @@ Using Surface Hub 2S, you can reinstall the device by using a recovery image. By
When the first-time setup screen appears,remove the USB drive.
## Recover a locked Surface Hub
At the end of a session, Surface Hub 2S may occasionally encounter an error during the cleanup of user and app data at the end of a session. If this occurs, the device automatically reboots and resumes the data cleanup. However, if this operation repeatedly fails, the device automatically locks to protect user data.
**To unlock a Surface Hub 2S:** <br>
- Reset or recover the device from the Windows Recovery Environment. For more information, see [What is Windows RE?](https://technet.microsoft.com/library/cc765966.aspx)
> [!NOTE]
> To enter recovery mode, unplug the power cord and plug it in again three times.
## Contact Support
If you have questions or need help, you can [create a support request](https://support.microsoft.com/supportforbusiness/productselection).

2
devices/surface-hub/surface-hub-security.md
View File

@ -5,7 +5,7 @@ keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article

17
devices/surface-hub/surface-hub-update-history.md
View File

@ -24,6 +24,23 @@ Please refer to the “[Surface Hub Important Information](https://support.micro
## Windows 10 Team Creators Update 1703
<details>
<summary>May 4, 2020—update for Surface Hub 2S</summary>
This update is specific to the Surface Hub 2S and provides the driver and firmware updates outlined below:
* Surface USB audio driver - 15.3.6.0
* Improves directional audio performance.
* Intel(R) display audio driver - 10.27.0.5
* Improves screen sharing scenarios.
* Intel(R) graphics driver - 26.20.100.7263
* Improves system stability.
* Surface System driver - 1.7.139.0
* Improves system stability.
* Surface SMC Firmware update - 1.176.139.0
* Improves system stability.
</details>
<details>
<summary>February 28, 2020—update for Surface Hub 2S</summary>

8
devices/surface/TOC.md
View File

@ -29,21 +29,21 @@
### [Deploy Surface devices](deploy.md)
### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
### [Windows Virtual Desktop on Surface](windows-virtual-desktop-surface.md)
### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
### [Surface Pro X app compatibility](surface-pro-arm-app-performance.md)
### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)
### [Enable the Surface Laptop keyboard during MDT deployment](enable-surface-keyboard-for-windows-pe-deployment.md)
### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)
### [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)
### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
### [Surface System SKU reference](surface-system-sku-reference.md)
## Manage
### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
### [Manage Surface driver updates in Configuration Manager](manage-surface-driver-updates-configuration-manager.md)
### [Optimize Wi-Fi connectivity for Surface devices](surface-wireless-connect.md)
### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
### [Surface Dock Firmware Update](surface-dock-firmware-update.md)
@ -51,16 +51,18 @@
### [Surface Brightness Control](microsoft-surface-brightness-control.md)
### [Surface Asset Tag](assettag.md)
## Secure
### [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)
### [Manage Surface UEFI settings](manage-surface-uefi-settings.md)
### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
### [Secure Surface Dock 2 ports with SEMM](secure-surface-dock-ports-semm.md)
### [Use Microsoft Endpoint Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
### [Surface Data Eraser](microsoft-surface-data-eraser.md)
### [Surface DMA Protection](dma-protect.md)
## Troubleshoot
### [Top support solutions for Surface devices](support-solutions-surface.md)

2
devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
View File

@ -11,7 +11,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
---

2
devices/surface/assettag.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer: hachidan
manager: laurawi

2
devices/surface/change-history-for-surface.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro

2
devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro

2
devices/surface/customize-the-oobe-for-surface-deployments.md
View File

@ -11,7 +11,7 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.audience: itpro
---

2
devices/surface/deploy-surface-app-with-windows-store-for-business.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, store
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro

2
devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.pagetype: surface
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro

2
devices/surface/deploy.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
author: coveminer
ms.reviewer:
manager: laurawi
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro

22
devices/surface/dma-protect.md Normal file
View File

@ -0,0 +1,22 @@
---
title: Surface DMA Protection
description: This article describes DMA protection on compatible Surface devices
ms.prod: w10
ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: greglin
ms.topic: article
ms.date: 6/10/2020
ms.reviewer: carlol
manager: laurawi
audience: itpro
---
# DMA Protection on Surface devices
Direct Memory Access (DMA) protection is designed to mitigate potential security vulnerabilities associated with using removable SSDs or external storage devices. Newer Surface devices come with DMA Protection enabled by default. These include Surface Pro 7, Surface Laptop 3, and Surface Pro X. To check the presence of DMA protection feature on your device, open System Information (**Start** > **msinfo32.exe**), as shown in the figure below.
![System information showing DMA Protection enabled](images/systeminfodma.png)
If a Surface removable SSD is tampered with, the device will shutoff power. The resulting reboot causes UEFI to wipe memory, to erase any residual data.

3
devices/surface/documentation/surface-system-sku-reference.md
View File

@ -5,7 +5,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
---
# Surface System SKU Reference
@ -26,6 +26,7 @@ System SKU is a variable (along with System Model and others) stored in System M
| Surface Book 2 15inch | Surface Book 2 | Surface_Book_1793 |
| Surface Go Consumer | Surface Go | Surface_Go_1824_Consumer |
| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial |
| Surface Go 2 | Surface Go 2 | Surface_Go_2_1927 |
| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer |
| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial |
| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer |

2
devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
View File

@ -11,7 +11,7 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
---

23
devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
View File

@ -97,6 +97,29 @@ To support Surface Laptop 3 with Intel Processor, import the following folders:
- SurfaceUpdate\SurfaceSerialHub
- SurfaceUpdate\SurfaceHotPlug
- SurfaceUpdate\Itouch
Importing the following folders will enable full keyboard, trackpad, and touch functionality in PE for Surface Laptop 3.
- IclSerialIOGPIO
- IclSerialIOI2C
- IclSerialIOSPI
- IclSerialIOUART
- itouch
- IclChipset
- IclChipsetLPSS
- IclChipsetNorthpeak
- ManagementEngine
- SurfaceAcpiNotify
- SurfaceBattery
- SurfaceDockIntegration
- SurfaceHidMini
- SurfaceHotPlug
- SurfaceIntegration
- SurfaceSerialHub
- SurfaceService
- SurfaceStorageFwUpdate
> [!NOTE]
> Check the downloaded MSI package to determine the format and directory structure. The directory structure will start with either SurfacePlatformInstaller (older MSI files) or SurfaceUpdate (Newer MSI files) depending on when the MSI was released.

2
devices/surface/enroll-and-configure-surface-devices-with-semm.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro

7
devices/surface/ethernet-adapters-and-surface-device-deployment.md
View File

@ -11,7 +11,7 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.audience: itpro
---
@ -28,7 +28,7 @@ Network deployment to Surface devices can pose some unique challenges for system
Before you can address the concerns of how you will boot to your deployment environment or how devices will be recognized by your deployment solution, you have to use a wired network adapter.
The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using Microsoft Endpoint Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. See the [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) section of this article for more information on potential conflicts with shared adapters.
The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using Microsoft Endpoint Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. For more information on potential conflicts with shared adapters, see [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) later in this article.
Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://www.microsoft.com/surface/accessories/surface-dock) use a chipset that is compatible with the Surface firmware.
@ -67,7 +67,6 @@ For Windows 10, version 1511 and later including the Windows Assessment and
## <a href="" id="manage-mac-addresses"></a>Manage MAC addresses with removable Ethernet adapters
Another consideration for administrators performing Windows deployment over the network is how you will identify computers when you use the same Ethernet adapter to deploy to more than one computer. A common identifier used by deployment technologies is the Media Access Control (MAC) address that is associated with each Ethernet adapter. However, when you use the same Ethernet adapter to deploy to multiple computers, you cannot use a deployment technology that inspects MAC addresses because there is no way to differentiate the MAC address of the removable adapter when used on the different computers.
The simplest solution to avoid MAC address conflicts is to provide a dedicated removable Ethernet adapter for each Surface device. This can make sense in many scenarios where the Ethernet adapter or the additional functionality of the docking station will be used regularly. However, not all scenarios call for the additional connectivity of a docking station or support for wired networks.
@ -85,7 +84,7 @@ To access the firmware of a Surface device, follow these steps:
When deploying with WDS, the MAC address is only used to identify a computer when the deployment server is configured to respond only to known, pre-staged clients. When pre-staging a client, an administrator creates a computer account in Active Directory and defines that computer by the MAC address or the System UUID. To avoid the identity conflicts caused by shared Ethernet adapters, you should use [System UUID to define pre-staged clients](https://technet.microsoft.com/library/cc742034). Alternatively, you can configure WDS to respond to unknown clients that do not require definition by either MAC address or System UUID by selecting the **Respond to all client computers (known and unknown)** option on the [**PXE Response** tab](https://technet.microsoft.com/library/cc732360) in **Windows Deployment Server Properties**.
The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://blogs.technet.microsoft.com/askpfeplat/2014/07/27/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd/) blog post on the Ask Premier Field Engineering (PFE) Platforms TechNet blog.
The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm/ba-p/257374), a blog post on the Core Infrastructure and Security Blog.
 

75
devices/surface/get-started.yml
View File

@ -28,20 +28,9 @@ landingContent:
url: https://www.microsoft.com/surface/business/surface-go-2
- text: Surface Book 3 for Business
url: https://www.microsoft.com/surface/business/surface-book-3
- text: Surface Pro 7 for Business
url: https://www.microsoft.com/surface/business/surface-pro-7
- text: Surface Pro X for Business
url: https://www.microsoft.com/surface/business/surface-pro-x
- text: Surface Laptop 3 for Business
url: https://www.microsoft.com/surface/business/surface-laptop-3
- text: Surface Studio 2 for Business
url: https://www.microsoft.com/surface/business/surface-studio-2
- linkListType: video
links:
- text: Microsoft Mechanics Surface videos
url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ
- text: Explore all Surface family products
url: https://www.microsoft.com/surface/business
# Card (optional)
- title: Get started
linkLists:
@ -52,78 +41,76 @@ landingContent:
- text: Surface Book 3 Quadro RTX 3000 technical overview
url: surface-book-quadro.md
- text: Whats new in Surface Dock 2
url: surface-dock-whats-new.md
- text: Surface and Endpoint Configuration Manager considerations
url: considerations-for-surface-and-system-center-configuration-manager.md
- text: Wake On LAN for Surface devices
url: wake-on-lan-for-surface-devices.md
url: surface-dock-whats-new.md
# Card
- title: Deploy Surface devices
linkLists:
- linkListType: deploy
links:
- text: Manage and deploy Surface driver and firmware updates
url: manage-surface-driver-and-firmware-updates.md
- text: Surface Deployment Accelerator tool
url: microsoft-surface-deployment-accelerator.md
- text: Autopilot and Surface devices
url: windows-autopilot-and-surface-devices.md
- text: Deploying, managing, and servicing Surface Pro X
url: surface-pro-arm-app-management.md
# Card
- text: Windows Virtual Desktop on Surface
url: windows-virtual-desktop-surface.md
# Card
- title: Manage Surface devices
linkLists:
- linkListType: how-to-guide
links:
- text: Optimize Wi-Fi connectivity for Surface devices
url: surface-wireless-connect.md
- text: Manage and deploy Surface driver and firmware updates
url: manage-surface-driver-and-firmware-updates.md
- text: Best practice power settings for Surface devices
url: maintain-optimal-power-settings-on-Surface-devices.md
- text: Manage battery limit with UEFI
url: battery-limit.md
- text: Optimize Wi-Fi connectivity for Surface devices
url: surface-wireless-connect.md
# Card
- title: Secure Surface devices
- title: Explore security guidance
linkLists:
- linkListType: how-to-guide
links:
- text: Secure Surface Dock 2 ports with Surface Enterprise Management Mode (SEMM)
url: secure-surface-dock-ports-semm.md
- text: Intune management of Surface UEFI settings
url: surface-manage-dfci-guide.md
- text: Surface Enterprise Management Mode (SEMM)
url: surface-enterprise-management-mode.md
- text: Surface Data Eraser tool
url: microsoft-surface-data-eraser.md
# Card
# Card
- title: Discover Surface tools
linkLists:
- linkListType: how-to-guide
links:
- text: Surface Dock Firmware Update
url: surface-dock-firmware-update.md
- text: Surface Diagnostic Toolkit for Business
url: surface-diagnostic-toolkit-for-business-intro.md
- text: SEMM and UEFI
url: surface-enterprise-management-mode.md
- text: Surface Brightness Control
url: microsoft-surface-brightness-control.md
- text: Battery Limit setting
url: battery-limit.md
# Card
- title: Support and community
# Card
- title: Browse support solutions
linkLists:
- linkListType: learn
links:
- text: Top support solutions
url: support-solutions-surface.md
- text: Maximize your Surface battery life
url: https://support.microsoft.com/help/4483194/maximize-surface-battery-life
- text: Protecting your data during Surface repair or service
url: https://support.microsoft.com/help/4023508/surface-faq-protecting-your-data-service
- text: Troubleshoot Surface Dock and docking stations
url: https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations
- linkListType: reference
# Card
- title: Participate in Surface Community
linkLists:
- linkListType: learn
links:
- text: Surface IT Pro blog
url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro
- text: Surface Devices Tech Community
url: https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices
- text: Microsoft Mechanics Surface videos
url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ

BIN
devices/surface/images/manage-surface-driver-updates-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
devices/surface/images/manage-surface-driver-updates-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.8 KiB

BIN
devices/surface/images/manage-surface-driver-updates-3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.7 KiB

BIN
devices/surface/images/manage-surface-driver-updates-4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 68 KiB

BIN
devices/surface/images/secure-surface-dock-ports-semm-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 94 KiB

BIN
devices/surface/images/secure-surface-dock-ports-semm-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
devices/surface/images/secure-surface-dock-ports-semm-3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 94 KiB

BIN
devices/surface/images/secure-surface-dock-ports-semm-4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 67 KiB

BIN
devices/surface/images/secure-surface-dock-ports-semm-5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 KiB

BIN
devices/surface/images/secure-surface-dock-ports-semm-6.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
devices/surface/images/systeminfodma.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 119 KiB

2
devices/surface/ltsb-for-surface.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer:
manager: laurawi

2
devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
View File

@ -5,7 +5,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer:
manager: laurawi

47
devices/surface/manage-surface-driver-and-firmware-updates.md
View File

@ -11,18 +11,18 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.audience: itpro
---
# Manage and deploy Surface driver and firmware updates
How you manage Surface driver and firmware updates varies depending on your environment and organizational requirements. On Surface devices, firmware is exposed to the operating system as a driver and is visible in Device Manager, enabling device firmware and drivers to be automatically updated using Windows Update or Windows Update for Business. Although this simplified approach may be feasible for startups and small or medium-sized businesses, larger organizations typically need IT admins to distribute updates internally. This may involve comprehensive planning, application compatibility testing, piloting and validating updates, before final approval and distribution across the network.
> [!NOTE]
> This article is intended for technical support agents and IT professionals and applies to Surface devices only. If you're looking for help to install Surface updates or firmware on a home device, see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505).
While enterprise-grade software distribution solutions continue to evolve, the business rationale for centrally managing updates remains the same: Maintain the security of Surface devices and keep them updated with the latest operating system and feature improvements. This is essential for sustaining a stable production environment and ensuring users aren't blocked from being productive. This article provides an overview of recommended tools and processes for larger organizations to accomplish these goals.
## Central update management in commercial environments
@ -32,18 +32,17 @@ Microsoft has streamlined tools for managing devices including driver and fi
### Manage updates with Configuration Manager and Intune
Microsoft Endpoint Configuration Manager allows you to synchronize and deploy Surface firmware and driver updates with the Configuration Manager client. Integration with Microsoft Intune lets you see all your managed, co-managed, and partner-managed devices in one place. This is the recommended solution for large organizations to manage Surface updates.
For detailed steps, see the following resources:
- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager)
- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications).
- [How to manage Surface driver updates in Configuration Manager](https://docs.microsoft.com/surface/manage-surface-driver-updates-configuration-manager)
- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications)
- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/)
### Manage updates with Microsoft Deployment Toolkit
Included in Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. These include the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/download/details.aspx?id=54259).
For detailed steps, see the following resources:
- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/)
@ -54,7 +53,6 @@ Surface driver and firmware updates are packaged as Windows Installer (*.msi) fi
For instructions on how to deploy updates by using Endpoint Configuration Manager refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt).
**WindowsPE and Surface firmware and drivers**
Endpoint Configuration Manager and MDT both use the Windows Preinstallation Environment (WindowsPE) during the deployment process. WindowsPE only supports a limited set of basic drivers such as those for network adapters and storage controllers. Drivers for Windows components that are not part of WindowsPE might produce errors. As a best practice, you can prevent such errors by configuring the deployment process to use only the required drivers during the WindowsPE phase.
@ -65,13 +63,12 @@ Starting in Endpoint Configuration Manager, you can synchronize and deploy Micro
## Supported devices
Downloadable .msi files are available for Surface devices from Surface Pro 2 and later. Information about .msi files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release.
Downloadable .msi files are available for Surface devices from Surface Pro 2 and later. Information about .msi files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release.
## Managing firmware with DFCI
With Device Firmware Configuration Interface (DFCI) profiles built into Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For more information, see:
- [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide)
- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333).
@ -93,7 +90,6 @@ Specific versions of Windows 10 have separate .msi files, each containing all re
- Management engine (ME)
- Unified extensible firmware interface (UEFI)
### Downloading .msi files
1. Browse to [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware) on the Microsoft Download Center.
@ -102,8 +98,7 @@ Specific versions of Windows 10 have separate .msi files, each containing all re
![Figure 1. Downloading Surface updates](images/fig1-downloads-msi.png)
*Figure 1. Downloading Surface updates*
### Surface .msi naming convention
Since August 2019, .msi files have used the following naming convention:
@ -120,14 +115,15 @@ This file name provides the following information:
- **Windows release:** Win10
- **Build:** 18362
- **Version:** 19.073.44195 This shows the date and time that the file was created, as follows:
- **Year:** 19 (2019)
- **Month and week:** 073 (third week of July)
- **Minute of the month:** 44195
- **Year:** 19 (2019)
- **Month and week:** 073 (third week of July)
- **Minute of the month:** 44195
- **Revision of version:** 0 (first release of this version)
### Legacy Surface .msi naming convention
Legacy .msi files (files built before August 2019) followed the same overall naming formula but used a different method to derive the version number.
****
**Example**
- SurfacePro6_Win10_16299_1900307_0.msi
@ -138,18 +134,16 @@ This file name provides the following information:
- **Windows release:** Win10
- **Build:** 16299
- **Version:** 1900307 This shows the date that the file was created and its position in the release sequence, as follows:
- **Year:** 19 (2019)
- **Number of release:** 003 (third release of the year)
- **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro)
- **Year:** 19 (2019)
- **Number of release:** 003 (third release of the year)
- **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro)
- **Revision of version:** 0 (first release of this version)
## Learn more
- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware)
- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager)
- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications).
- [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager)
- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications)
- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/)
- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/)
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit)
@ -157,4 +151,3 @@ This file name provides the following information:
- [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide)
- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333).
- [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates)

181
devices/surface/manage-surface-driver-updates-configuration-manager.md Normal file
View File

@ -0,0 +1,181 @@
---
title: Manage Surface driver updates in Configuration Manager
description: This article describes the available options to manage and deploy firmware and driver updates for Surface devices.
ms.assetid: b64879c4-37eb-4fcf-a000-e05cbb3d26ea
ms.reviewer:
author: v-miegge
manager: laurawi
keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB
ms.localizationpriority: medium
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: daclark
ms.topic: article
audience: itpro
---
# Manage Surface driver updates in Configuration Manager
## Summary
Starting in [Microsoft System Center Configuration Manager version 1710](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1710#software-updates), you can synchronize and deploy Microsoft Surface firmware and driver updates directly through the Configuration Manager client. The process resembles deploying regular updates. However, some additional configurations are required to get the Surface driver updates into your catalog.
## Prerequisites
To manage Surface driver updates, the following prerequisites must be met:
- You must use Configuration Manager version 1710 or a later version.
- All Software Update Points (SUPs) must run Windows Server 2016 or a later version. Otherwise, Configuration Manager ignores this setting and Surface drivers won't be synchronized.
> [!NOTE]
> If your environment doesnt meet the prerequisites, refer to the [alternative methods](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager#1) to deploy Surface driver and firmware updates in the [FAQ](#frequently-asked-questions-faq) section.
## Useful log files
The following logs are especially useful when you manage Surface driver updates.
|Log name|Description|
|---|---|
|WCM.log|Records details about the software update point configuration and connections to the WSUS server for subscribed update categories, classifications, and languages.|
|WsyncMgr.log|Records details about the software updates sync process.|
These logs are located on the site server that manages the SUP, or on the SUP itself if it's installed directly on a site server.
For a complete list of Configuration Manager logs, see [Log files in System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/log-files).
## Enabling Surface driver updates management
To enable Surface driver updates management in Configuration Manager, follow these steps:
1. In the Configuration Manager console, go to **Administration** > **Overview** > **Site Configuration** > **Sites**.
1. Select the site that contains the top-level SUP server for your environment.
1. On the ribbon, select **Configure Site Components**, and then select **Software Update Point**. Or, right-click the site, and then select **Configure Site Components** > **Software Update Point**.
1. On the **Classifications** tab, select the **Include Microsoft Surface drivers and firmware updates** check box.
![Software Update Point Component Properties](images/manage-surface-driver-updates-1.png)
1. When you're prompted by the following warning message, select **OK**.
![Configuration Manager](images/manage-surface-driver-updates-2.png)
1. On the Products tab, select the products that you want to update, and then select **OK**.
Most drivers belong to the following product groups:
- Windows 10 and later version drivers
- Windows 10 and later Upgrade & Servicing Drivers
- Windows 10 Anniversary Update and Later Servicing Drivers
- Windows 10 Anniversary Update and Later Upgrade & Servicing Drivers
- Windows 10 Creators Update and Later Servicing Drivers
- Windows 10 Creators Update and Later Upgrade & Servicing Drivers
- Windows 10 Fall Creators Update and Later Servicing Drivers
- Windows 10 Fall Creators Update and Later Upgrade & Servicing Drivers
- Windows 10 S and Later Servicing Drivers
- Windows 10 S Version 1709 and Later Servicing Drivers for testing
- Windows 10 S Version 1709 and Later Upgrade & Servicing Drivers for testing
> [!NOTE]
> Most Surface drivers belong to multiple Windows 10 product groups. You may not have to select all the products that are listed here. To help reduce the number of products that populate your Update Catalog, we recommend that you select only the products that are required by your environment for synchronization.
## Verifying the configuration
To verify that the SUP is configured correctly, follow these steps:
1. Open WsyncMgr.log, and then look for the following entry:
```console
Surface Drivers can be supported in this hierarchy since all SUPs are on Windows Server 2016, WCM SCF property Sync Catalog Drivers is set.
Sync Catalog Drivers SCF value is set to : 1
```
If either of the following entries is logged in WsyncMgr.log, recheck step 4 in the previous section:
```console
Sync Surface Drivers option is not set
Sync Catalog Drivers SCF value is set to : 0
```
1. Open WCM.log, and then look for an entry that resembles the following:
![WCM.log settings](images/manage-surface-driver-updates-3.png)
This entry is an XML element that lists every product group and classification that's currently synchronized by your SUP server. For example, you might see an entry that resembles the following:
```xml
<Categories>
<Category Id="Product:05eebf61-148b-43cf-80da-1c99ab0b8699"><![CDATA[Windows 10 and later drivers]]></Category>
<Category Id="Product:06da2f0c-7937-4e28-b46c-a37317eade73"><![CDATA[Windows 10 Creators Update and Later Upgrade & Servicing Drivers]]></Category>
<Category Id="Product:c1006636-eab4-4b0b-b1b0-d50282c0377e"><![CDATA[Windows 10 S and Later Servicing Drivers]]></Category>
</Categories>
```
If you can't find the products that you selected in step 6 in the previous section, double-check whether the SUP settings are saved.
You can also wait until the next synchronization finishes, and then check whether the Surface driver and firmware updates are listed in Software Updates in the Configuration Manager console. For example, the console might display the following information:
![All Software Updates Search Results](images/manage-surface-driver-updates-4.png)
## Manual synchronization
If you don't want to wait until the next synchronization, follow these steps to start a synchronization:
1. In the Configuration Manager console, go to **Software Library** > **Overview** > **Software Updates** > **All Software Updates**.
1. On the ribbon, select **Synchronize Software Updates**. Or, right-click **All Software Update**, and then select **Synchronize Software Update**.
1. Monitor the synchronization progress by looking for the following entries in WsyncMgr.log:
```console
Surface Drivers can be supported in this hierarchy since all SUPs are on Windows Server 2016, WCM SCF property Sync Catalog Drivers is set.
sync: SMS synchronizing categories
sync: SMS synchronizing categories, processed 0 out of 311 items (0%)
sync: SMS synchronizing categories, processed 311 out of 311 items (100%)
sync: SMS synchronizing categories, processed 311 out of 311 items (100%)
sync: SMS synchronizing updates
Synchronizing update 7eaa0148-c42b-45fd-a1ab-012c82972de6 - Microsoft driver update for Surface Type Cover Integration
Synchronizing update 2dcb07f8-37ec-41ef-8cd5-030bf24dc1d8 - Surface driver update for Surface Pen Pairing
Synchronizing update 63067414-ae52-422b-b3d1-0382a4d6519a - Surface driver update for Surface UEFI
Synchronizing update 8e4e3a41-a784-4dd7-9a42-041f43ddb775 - Surface driver update for Surface Integration
Synchronizing update 7f8baee8-419f-47e2-918a-045a15a188e7 - Microsoft driver update for Surface DTX
Synchronizing update aed66e05-719b-48cd-a0e7-059e50f67fdc - Microsoft driver update for Surface Base Firmware Update
Synchronizing update 8ffe1526-6e66-43cc-86e3-05ad92a24e3a - Surface driver update for Surface UEFI
Synchronizing update 74102899-0a49-48cf-97e6-05bde18a27ff - Microsoft driver update for Surface UEFI
```
## Deploying Surface firmware and driver updates
You can deploy Surface firmware and driver updates in the same manner as you deploy other updates.
For more information about deployment, see [System Center 2012 Configuration ManagerPart7: Software Updates (Deploy)](https://blogs.technet.microsoft.com/elie/2012/05/25/system-center-2012-configuration-managerpart7-software-updates-deploy/).
## Frequently asked questions (FAQ)
**After I follow the steps in this article, my Surface drivers are still not synchronized. Why?**
If you synchronize from an upstream Windows Server Update Services (WSUS) server, instead of Microsoft Update, make sure that the upstream WSUS server is configured to support and synchronize Surface driver updates. All downstream servers are limited to updates that are present in the upstream WSUS server database.
There are more than 68,000 updates that are classified as drivers in WSUS. To prevent non-Surface related drivers from synchronizing to Configuration Manager, Microsoft filters driver synchronization against an allow list. After the new allow list is published and incorporated into Configuration Manager, the new drivers are added to the console following the next synchronization. Microsoft aims to get the Surface drivers added to the allow list each month in line with Patch Tuesday to make them available for synchronization to Configuration Manager.
If your Configuration Manager environment is offline, a new allow list is imported every time you import [servicing updates](https://docs.microsoft.com/mem/configmgr/core/servers/manage/use-the-service-connection-tool) to Configuration Manager. You will also have to import a [new WSUS catalog](https://docs.microsoft.com/mem/configmgr/sum/get-started/synchronize-software-updates-disconnected) that contains the drivers before the updates are displayed in the Configuration Manager console. Because a stand-alone WSUS environment contains more drivers than a Configuration Manager SUP, we recommend that you establish a Configuration Manager environment that has online capabilities, and that you configure it to synchronize Surface drivers. This provides a smaller WSUS export that closely resembles the offline environment.
If your Configuration Manager environment is online and able to detect new updates, you will receive updates to the list automatically. If you dont see the expected drivers, please review the WCM.log and WsyncMgr.log for any synchronization failures.
**My Configuration Manager environment is offline, can I manually import Surface drivers into WSUS?**
No. Even if the update is imported into WSUS, the update won't be imported into the Configuration Manager console for deployment if it isn't listed in the allow list. You must use the [Service Connection Tool](https://docs.microsoft.com/mem/configmgr/core/servers/manage/use-the-service-connection-tool) to import servicing updates to Configuration Manager to update the allow list.
**What alternative methods do I have to deploy Surface driver and firmware updates?**
For information about how to deploy Surface driver and firmware updates through alternative channels, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates). If you want to download the .msi or .exe file, and then deploy through traditional software deployment channels, see [Keeping Surface Firmware Updated with Configuration Manager](https://docs.microsoft.com/archive/blogs/thejoncallahan/keeping-surface-firmware-updated-with-configuration-manager).
## Additional Information
For more information about Surface driver and firmware updates, see the following articles:
- [Download the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices)
- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
- [Considerations for Surface and System Center Configuration Manager](https://docs.microsoft.com/surface/considerations-for-surface-and-system-center-configuration-manager)

2
devices/surface/manage-surface-uefi-settings.md
View File

@ -8,7 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: devices, surface
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer:
manager: laurawi

2
devices/surface/microsoft-surface-brightness-control.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer: hachidan
manager: laurawi

15
devices/surface/microsoft-surface-data-eraser.md
View File

@ -11,9 +11,10 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.audience: itpro
audience: itpro
ms.date: 05/11/2020
---
# Microsoft Surface Data Eraser
@ -28,6 +29,8 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
Compatible Surface devices include:
* Surface Book 3
* Surface Go 2
* Surface Pro 7
* Surface Pro X
* Surface Laptop 3
@ -164,6 +167,14 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:
### 3.30.139
*Release Date: 11 May 2020*
This version of Surface Data Eraser adds support for:
- Surface Book 3
- Surface Go 2
- New SSD in Surface Go
### 3.28.137
*Release Date: 11 Nov 2019*
This version of Surface Data Eraser:

168
devices/surface/secure-surface-dock-ports-semm.md Normal file
View File

@ -0,0 +1,168 @@
---
title: Secure Surface Dock 2 ports with Surface Enterprise Management Mode (SEMM)
description: This document provides guidance for configuring UEFI port settings for Surface Dock 2 when connected to compatible Surface devices including Surface Book 3, Surface Laptop 3, and Surface Pro 7.
ms.assetid: 2808a8be-e2d4-4cb6-bd53-9d10c0d3e1d6
ms.reviewer:
manager: laurawi
keywords: Troubleshoot common problems, setup issues
ms.prod: w10
ms.mktglfcycl: support
ms.sitesec: library
ms.pagetype: surfacehub
author: v-miegge
ms.author: jesko
ms.topic: article
ms.date: 06/08/2020
ms.localizationpriority: medium
ms.audience: itpro
---
# Secure Surface Dock 2 ports with Surface Enterprise Management Mode (SEMM)
## Introduction
Surface Enterprise Management Mode (SEMM) enables IT admins to secure and manage Surface Dock 2 ports by configuring UEFI settings in a Windows installer configuration package (.MSI file) deployed to compatible Surface devices across a corporate environment.
### Supported devices
Managing Surface Dock 2 with SEMM is available for docks connected to Surface Book 3, Surface Laptop 3, and Surface Pro 7. These compatible Surface devices are commonly referred to as **host devices**. A package is applied to host devices based on if a host device is **authenticated** or **unauthenticated**. Configured settings reside in the UEFI layer on host devices enabling you — the IT admin — to manage Surface Dock 2 just like any other built-in peripheral such as the camera.
>[!NOTE]
>You can manage Surface Dock 2 ports only when the dock is connected to one of the following compatible devices: Surface Book 3, Surface Laptop 3, and Surface Pro 7. Any device that doesn't receive the UEFI Authenticated policy settings is inherently an unauthenticated device.
### Scenarios
Restricting Surface Dock 2 to authorized persons signed into a corporate host device provides another layer of data protection. This ability to lock down Surface Dock 2 is critical for specific customers in highly secure environments who want the functionality and productivity benefits of the dock while maintaining compliance with strict security protocols. We anticipate SEMM used with Surface Dock 2 will be particularly useful in open offices and shared spaces especially for customers who want to lock USB ports for security reasons. For a video demo, check out [SEMM for Surface Dock 2](https://youtu.be/VLV19ISvq_s).
## Configuring and deploying UEFI settings for Surface Dock 2
This section provides step-by-step guidance for the following tasks:
1. Install [**Surface UEFI Configurator**](https://www.microsoft.com/download/details.aspx?id=46703).
1. Create or obtain public key certificates.
1. Create an .MSI configuration package.
1. Add your certificates.
1. Enter the 16-digit RN number for your Surface Dock 2 devices.
1. Configure UEFI settings.
1. Build and apply the configuration package to targeted Surface devices (Surface Book 3, Surface Laptop 3, or Surface Pro 7.)
>[!NOTE]
>The **Random Number (RN)** is a unique 16-digit hex code identifier which is provisioned at the factory, and printed in small type on the underside of the dock. The RN differs from most serial numbers in that it can't be read electronically. This ensures proof of ownership is primarily established only by reading the RN when physically accessing the device. The RN may also be obtained during the purchase transaction and is recorded in Microsoft inventory systems.
### Install SEMM and Surface UEFI Configurator
Install SEMM by running **SurfaceUEFI_Configurator_v2.71.139.0.msi**. This is a standalone installer and contains everything you need to create and distribute configuration packages for Surface Dock 2.
- Download **Surface UEFI Configurator** from [Surface Tools for IT](https://www.microsoft.com/en-us/download/details.aspx?id=46703).
## Create public key certificates
This section provides specifications for creating the certificates needed to manage ports for Surface Dock 2.
### Prerequisites
This article assumes that you either obtain certificates from a third-party provider or you already have expertise in PKI certificate services and know how to create your own. You should be familiar with and follow the general recommendations for creating certificates as described in [Surface Enterprise Management Mode (SEMM)](https://docs.microsoft.com/surface/surface-enterprise-management-mode) documentation, with one exception. The certificates documented on this page require expiration terms of 30 years for the **Dock Certificate Authority**, and 20 years for the **Host Authentication Certificate**.
For more information, see [Certificate Services Architecture](https://docs.microsoft.com/windows/win32/seccrypto/certificate-services-architecture) documentation and review the appropriate chapters in [Windows Server 2019 Inside Out](https://www.microsoftpressstore.com/store/windows-server-2019-inside-out-9780135492277), or [Windows Server 2008 PKI and Certificate Security](https://www.microsoftpressstore.com/store/windows-server-2008-pki-and-certificate-security-9780735640788) available from Microsoft Press.
### Root and host certificate requirements
Prior to creating the configuration package, you need to prepare public key certificates that authenticate ownership of Surface Dock 2 and facilitate any subsequent changes in ownership during the device lifecycle. The host and provisioning certificates require entering EKU IDs otherwise known as **Client Authentication Enhanced Key Usage (EKU) object identifiers (OIDs)**.
The required EKU values are listed in Table 1 and Table 2.
#### Table 1. Root and Dock Certificate requirements
|Certificate|Algorithm|Description|Expiration|EKU OID|
|---|---|---|---|---|
|Root Certificate Authority|ECDSA_P384|- Root certificate with 384-bit prime elliptic curve digital signature algorithm (ECDSA)<br>- SHA 256 Key Usage:<br>CERT_DIGITAL_SIGNATURE_KEY_USAGE<br>- CERT_KEY_CERT_SIGN_KEY_USAGE<br>CERT_CRL_SIGN_KEY_USAGE|30 years|N/A
|Dock Certificate Authority|ECC P256 curve|- Host certificate with 256-bit elliptic-curve cryptography (ECC)<br>- SHA 256 Key Usage:<br>CERT_KEY_CERT_SIGN_KEY_USAGE<br>- Path Length Constraint = 0|20 years|1.3.6.1.4.1.311.76.9.21.2<br>1.3.6.1.4.1.311.76.9.21.3|
>[!NOTE]
>The dock CA must be exported as a .p7b file.
### Provisioning Administration Certificate requirements
Each host device must have the doc CA and two certificates as shown in Table 2.
#### Table 2. Provisioning administration certificate requirements
|Certificate|Algorithm|Description|EKU OID|
|---|---|---|---|
|Host authentication certificate|ECC P256<br>SHA 256|Proves the identity of the host device.|1.3.6.1.4.1.311.76.9.21.2|
|Provisioning administration certificate|ECC P256<br>SHA256|Enables you to change dock ownership and/or policy settings by allowing you to replace the CA that's currently installed on the dock.|1.3.6.1.4.1.311.76.9.21.3<br>1.3.6.1.4.1.311.76.9.21.4|
>[!NOTE]
>The host authentication and provisioning certificates must be exported as .pfx files.
### Create configuration package
When you have obtained or created the certificates, youre ready to build the MSI configuration package that will be applied to target Surface devices.
1. Run Surface **UEFI Configurator**.
![Run Surface UEFI Configurator](images/secure-surface-dock-ports-semm-1.png)
1. Select **Surface Dock**.
![Select Surface Dock](images/secure-surface-dock-ports-semm-2.png)
1. On the certificate page, enter the appropriate **certificates**.
![enter the appropriate certificates](images/secure-surface-dock-ports-semm-3.png)
1. Add appropriate dock RNs to the list.
>[!NOTE]
>When creating a configuration package for multiple Surface Dock 2 devices, instead of entering each RN manually, you can use a .csv file that contains a list of RNs.
1. Specify your policy settings for USB data, Ethernet, and Audio ports. UEFI Configurator lets you configure policy settings for authenticated users (Authenticated Policy) and unauthenticated users (Unauthenticated Policy). The following figure shows port access turned on for authenticated users and turned off for unauthenticated users.
![Choose which components you want to activate or deactivate.](images/secure-surface-dock-ports-semm-4.png)
- Authenticated user refers to a Surface Device that has the appropriate certificates installed, as configured in the .MSI configuration package that you applied to target devices. It applies to any user authenticated user who signs into the device.
- Unauthenticated user refers to any other device.
- Select **Reset** to create a special “Reset” package that will remove any previous configuration package that the dock had accepted.
1. Select **Build** to create the package as specified.
### Apply the configuration package to a Surface Dock 2
1. Take the MSI file that the Surface UEFI Configurator generated and install it on a Surface host device. Compatible host devices are Surface Book 3, Surface Laptop 3, or Surface Pro 7.
1. Connect the host device to the Surface Dock 2. When you connect the dock UEFI policy settings are applied.
## Verify managed state using the Surface App
Once you have applied the configuration package, you can quickly verify the resultant policy state of the dock directly from the Surface App, installed by default on all Surface devices. If Surface App isn't present on the device, you can download and install it from the Microsoft Store.
### Test scenario
Objective: Configure policy settings to allow port access by authenticated users only.
1. Turn on all ports for authenticated users and turn them off for unauthenticated users.
![Enabling ports for authenticated users](images/secure-surface-dock-ports-semm-4.png)
1. Apply the configuration package to your target device and then connect Surface Dock 2.
1. Open **Surface App** and select **Surface Dock** to view the resultant policy state of your Surface Dock. If the policy settings are applied, Surface App will indicate that ports are available.
![Surface app shows all ports are available for authenticated users](images/secure-surface-dock-ports-semm-5.png)
1. Now you need to verify that the policy settings have successfully turned off all ports for unauthenticated users. Connect Surface Dock 2 to an unmanaged device, i.e., any Surface device outside the scope of management for the configuration package you created.
1. Open **Surface App** and select **Surface Dock**. The resultant policy state will indicate ports are turned off.
![Surface app showing ports turned off for unauthenticated users ](images/secure-surface-dock-ports-semm-6.png)
>[!NOTE]
>If you want to keep ownership of the device, but allow all users full access, you can make a new package with everything turned on. If you wish to completely remove the restrictions and ownership of the device (make it unmanaged), select **Reset** in Surface UEFI Configurator to create a package to apply to target devices.
Congratulations. You have successfully managed Surface Dock 2 ports on targeted host devices.
## Learn more
- [Surface Enterprise Management Mode (SEMM) documentation](https://docs.microsoft.com/surface/surface-enterprise-management-mode)
- [Certificate Services Architecture](https://docs.microsoft.com/windows/win32/seccrypto/certificate-services-architecture)
- [Windows Server 2019 Inside Out](https://www.microsoftpressstore.com/store/windows-server-2019-inside-out-9780135492277)
- [Windows Server 2008 PKI and Certificate Security](https://www.microsoftpressstore.com/store/windows-server-2008-pki-and-certificate-security-9780735640788)

410
devices/surface/step-by-step-surface-deployment-accelerator.md
View File

@ -1,410 +0,0 @@
---
title: Step by step Surface Deployment Accelerator (Surface)
description: This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices.
ms.assetid: A944FB9C-4D81-4868-AFF6-B9D1F5CF1032
ms.reviewer:
manager: laurawi
ms.localizationpriority: medium
keywords: deploy, configure
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.topic: article
ms.date: 10/31/2019
---
# Step by step: Surface Deployment Accelerator
This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices. This article also contains instructions on how to perform these tasks without an Internet connection or without support for Windows Deployment Services network boot (PXE).
> [!NOTE]
> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
## How to install Surface Deployment Accelerator
For information about prerequisites and instructions for how to download and install SDA, see [Microsoft Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md).
1. Download SDA, which is included in [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) on the Microsoft Download Center.
2. Run the SDA installation file, named **Surface\_Deployment\_Accelerator\_*xxxx*.msi**, where *xxxx* is the current version number.
3. Accept the End User License Agreement (EULA) by selecting the check box, and then click **Install**, as shown in Figure 1.
![Surface Deployment Accelerator setup](images/sdasteps-fig1.png "Surface Deployment Accelerator setup")
*Figure 1. SDA setup*
4. Click **Finish** to complete the installation of SDA.
The tool installs in the SDA program group, as shown in Figure 2.
![SDA program group and icon](images/sdasteps-fig2.png "SDA program group and icon")
*Figure 2. The SDA program group and icon*
>[!NOTE]
>At this point, the tool has not yet prepared any deployment environment or downloaded any materials from the Internet.
## Create a deployment share
The following steps show you how to create a deployment share for Windows 10 that supports Surface 3, Surface Pro 3, Surface Pro 4, Surface Book, the Surface Firmware Tool, the Surface Asset Tag Tool, and Office 365. As you follow the steps below, make the selections that are applicable for your organization. For example, you could choose to deploy Windows 10 to Surface Book only, without any of the Surface apps.
>[!NOTE]
>SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice.
1. Open the SDA wizard by double-clicking the icon in the **Surface Deployment Accelerator** program group on the Start screen.
2. On the **Welcome** page, click **Next** to continue.
3. On the **Verify System** page, the SDA wizard verifies the prerequisites required for an SDA deployment share. This process also checks for the presence of the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 and the Microsoft Deployment Toolkit (MDT) 2013 Update 2. If these tools are not detected, they are downloaded and installed automatically. Click **Next** to continue.
>[!NOTE]
>As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows:
> * Deployment tools
> * User State Migration Tool (USMT)
> * Windows Preinstallation Environment (WinPE)
> [!NOTE]
> As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
4. On the **Windows 8.1** page, to create a Windows 10 deployment share, do not select the **Would you like to support Windows 8.1** check box. Click **Next** to continue.
5. On the **Windows 10** page, to create a Windows 10 deployment share, select the **Would you like to support Windows 10** check box. Supply the following information before you click **Next** to continue:
- **Configure Deployment Share for Windows 10**
- **Local Path** Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3.
- **Share Name** Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**.
- **Windows 10 Deployment Services**
- Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot.
- **Windows 10 Source Files**
- **Local Path** Specify or browse to the root directory of Windows 10 installation files. If you have an ISO file, mount it and browse to the root of the mounted drive. You must have a full set of source files, not just **Install.wim**.
![Specify Windows 10 deployment share options](images/sdasteps-fig3.png "Specify Windows 10 deployment share options")
*Figure 3. Specify Windows 10 deployment share options*
6. On the **Configure** page, select the check box next to each device or app that you want to include in your deployment share. Note that Surface Pro 4 and Surface Book only support Windows 10 and are not available for the deployment of Windows 8.1. The Surface Firmware Tool is only applicable to Surface 3 and Surface Pro 3 and cannot be selected unless Surface 3 or Surface Pro 3 drivers are selected, as shown in Figure 4. Click **Next** to continue.
![Firmware tool selection](images/sdasteps-fig4-select.png "Firmware tool selection")
*Figure 4. Selecting Surface Firmware Tool requires Surface Pro 3 drivers*
>[!NOTE]
>You cannot select both Surface 3 and Surface 3 LTE models at the same time.
7. On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes:
- Download of Windows ADK
- Installation of Windows ADK
- Download of MDT
- Installation of MDT
- Download of Surface apps and drivers
- Creation of the deployment share
- Import of Windows installation files into the deployment share
- Import of the apps and drivers into the deployment share
- Creation of rules and task sequences for Windows deployment
![The installation progress window](images/sdasteps-fig5-installwindow.png "The installation progress window")
*Figure 5. The Installation Progress window*
### Optional: Workaround for Webclient exception
You may see this error message while installing the latest version of ADK or MDT: _An exception occurred during a WebClient request._ This is due to incompatibility between the Surface Deployment Accelerator (SDA) and Background Intelligent Transfer Service (BITS). To work around this issue, do the following.
In the two PowerShell scripts:
```PowerShell
%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
```
Edit the $BITSTransfer variable in the input parameters to $False as shown below:
```PowerShell
Param(
[Parameter(
Position=0,
Mandatory=$False,
HelpMessage="Download via BITS bool true/false"
)]
[string]$BITSTransfer = $False
)
```
8. When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices.
### Optional: Create a deployment share without an Internet connection
If you are unable to connect to the Internet with your deployment server, or if you want to download the Surface drivers and apps separately, you can specify a local source for the driver and app files at the time of deployment share creation. On the **Configure** page of the SDA wizard, select the **Copy from a Local Directory** check box, as shown in Figure 6. The **Download from the Internet** check box will be automatically deselected. Enter the folder location where you have placed the driver and app files in the **Local Path** field, as shown in Figure 6.
>[!NOTE]
>All of the downloaded driver and applications files must be located in the same folder. If a required driver or application file is missing from the selected folder when you click **Next**, a warning is displayed and the wizard will not proceed to the next step.
>[!NOTE]
>The driver and app files do not need to be extracted from the downloaded .zip files.
>[!NOTE]
>Including Office 365 in your deployment share requires an Internet connection and cannot be performed if you use local files.
![Specify Surface driver and app files](images/sdasteps-fig6-specify-driver-app-files.png "Specify Surface driver and app files")
*Figure 6. Specify the Surface driver and app files from a local path*
>[!NOTE]
>The **Copy from a Local Directory** check box is only available in SDA version 1.90.0221 or later.
### <a href="" id="optional"></a>Optional: Prepare offline USB media
You can use USB media to perform an SDA deployment if your Surface device is unable to boot from the network. For example, if you do not have a Microsoft Surface Ethernet Adapter or Microsoft Surface dock to facilitate network boot (PXE boot). The USB drive produced by following these steps includes a complete copy of the SDA deployment share and can be run on a Surface device without a network connection.
>[!NOTE]
>The offline media files for the complete SDA deployment share are approximately 9 GB in size. Your USB drive must be at least 9 GB in size. A 16 GB USB drive is recommended.
Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](https://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
1. **diskpart** Opens DiskPart to manage disks and partitions.
2. **list disk** Displays a list of the disks available in your system; use this list to identify the disk number that corresponds with your USB drive.
3. **sel disk 2** Selects your USB drive; use the number that corresponds with the disk in your system.
4. **clean** Removes all configuration from your USB drive.
>[!WARNING]
>This step will remove all information from your drive. Verify that your USB drive does not contain any needed data before you perform the **clean** command.
5. **create part pri** Creates a primary partition on the USB drive.
6. **format fs=fat32 quick** Formats the partition with the FAT32 file system, performing a quick format. FAT32 is required to boot the device from UEFI systems like Surface devices.
7. **assign** Assigns the next available drive letter to the newly created FAT32 volume.
8. **active** Sets the partition to be active, which is required to boot the volume.
9. **exit** Exits DiskPart, after which you can close the PowerShell or Command Prompt window.
![Use DiskPart to prepare a USB drive for boot](images/sdasteps-fig7-diskpart.png "Use DiskPart to prepare a USB drive for boot")
*Figure 7. Use DiskPart to prepare a USB drive for boot*
>[!NOTE]
>You can format your USB drive with FAT32 from Disk Management, but you must still use DiskPart to set the partition as active for the drive to boot properly.
After you have prepared the USB drive for boot, the next step is to generate offline media from the SDA deployment share. To create this media, follow these steps:
1. Open the **Deployment Workbench** from the **Microsoft Deployment Toolkit** group on your Start screen.
2. Expand the **Deployment Shares** node and the **Microsoft Surface Deployment Accelerator** deployment share.
3. Expand the folder **Advanced Configuration** and select the **Media** folder.
4. Right-click the **Media** folder and click **New Media** as shown in Figure 8 to start the New Media Wizard.
![The Media folder of the SDA deployment share](images/sdasteps-fig8-mediafolder.png "The Media folder of the SDA deployment share")
*Figure 8. The Media folder of the SDA deployment share*
5. On the **General Settings** page in the **Media path** field, enter or browse to a folder where you will create the files for the new offline media. See the example **E:\\SDAMedia** in Figure 9. Leave the default profile **Everything** selected in the **Selection profile** drop-down menu, and then click **Next**.
![Specify a location and selection profile for your offline media](images/sdasteps-fig9-location.png "Specify a location and selection profile for your offline media")
*Figure 9. Specify a location and selection profile for your offline media*
6. On the **Summary** page verify your selections, and then click **Next** to begin creation of the media.
7. A **Progress** page is displayed while the media is created.
8. On the **Confirmation** page, click **Finish** to complete creation of the media.
9. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab as shown in Figure 10.
![Rules of the SDA deployment share](images/sdasteps-fig10-rules.png "Rules of the SDA deployment share")
*Figure 10. Rules of the SDA deployment share*
10. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+C** to copy the text.
11. Click **OK** to close the **Microsoft Surface Deployment Accelerator** deployment share properties.
12. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab.
13. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+V** to paste the text you copied from the **Microsoft Surface Deployment Accelerator** deployment share rules.
14. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
15. Press **Ctrl+A** to select all of the text in the window, and then press **Ctrl+C** to copy the text.
16. Close Bootstrap.ini and click **OK** in **Microsoft Surface Deployment Accelerator** deployment share properties to close the window.
17. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
18. Press **Ctrl+A** to select all of the text in the window, then press **Ctrl+V** to paste the text from the SDA deployment share Bootstrap.ini file.
19. Delete the following lines from the Bootstrap.ini as shown in Figure 11, and then save the file:
```PowerShell
UserID=
UserDomain=
UserPassword=
DeployRoot=\\SDASERVER\SDAWin10
UserID=
UserDomain=
UserPassword=
```
![The Bootstrap.ini file](images/sdasteps-fig11-bootstrap.ini.png "The Bootstrap.ini file")
*Figure 11. The Bootstrap.ini file of MEDIA001*
20. Close Bootstrap.ini and click **OK** in **MEDIA001** deployment share properties to close the window.
21. In the **Deployment Workbench** under the **Media** folder, right-click the newly created **MEDIA001** and click **Update Media Content**, as shown in Figure 12. This will update the media files with the content of the **Microsoft Surface Deployment Accelerator** deployment share.
![Select the Update Media Content option](images/sdasteps-fig12-updatemedia.png "Select the Update Media Content option")
*Figure 12. Select the Update Media Content option*
22. The **Update Media Content** window is displayed and shows the progress as the media files are created. When the process completes, click **Finish.**
The final step is to copy the offline media files to your USB drive.
1. In File Explorer, open the path you specified in Step 5, for example **E:\\SDAMedia**.
2. Copy all of the files from the Content folder to the root of the USB drive.
Your USB drive is now configured as bootable offline media that contains all of the resources required to perform a deployment to a Surface device.
## SDA task sequences
The SDA deployment share is configured with all of the resources required to perform a Windows deployment to a Surface device. These resources include Windows source files, image, Surface drivers, and Surface apps. The deployment share also contains two pre-configured task sequences, as shown in Figure 13. These task sequences contain the steps required to perform a deployment to a Surface device using the default Windows image from the installation media or to create a reference image complete with Windows updates and applications. To learn more about task sequences, see [MDT 2013 Update 2 Lite Touch components](https://technet.microsoft.com/itpro/windows/deploy/mdt-2013-lite-touch-components).
![Task sequences in the Deployment Workbench](images/sdasteps-fig13-taskseq.png "Task sequences in the Deployment Workbench")
*Figure 13. Task sequences in the Deployment Workbench*
### Deploy Microsoft Surface
The **1 Deploy Microsoft Surface** task sequence is used to perform a complete deployment of Windows to a Surface device. This task sequence is pre-configured by the SDA wizard and is ready to perform a deployment as soon as the wizard completes. Running this task sequence on a Surface device deploys the unaltered Windows image copied directly from the Windows installation media you specified in the SDA wizard, along with the Surface drivers for your device. The drivers for your Surface device will be automatically selected through the pre-configured deployment share rules.
When you run the task sequence, you will be prompted to provide the following information:
- A computer name
- Your domain information and the credentials required to join the domain
- A product key, if one is required
>[!NOTE]
>If you are deploying the same version of Windows as the version that came on your device, no product key is required.
- A time zone
- An Administrator password
The Surface apps you specified on the **Configure** page of the SDA wizard are automatically installed when you run this task sequence on a Surface device.
### Create Windows reference image
The **2 Create Windows Reference Image** task sequence is used to perform a deployment to a virtual machine for the purpose of capturing an image complete with Windows Updates for use in a deployment to Surface devices. By installing Windows Updates in your reference image, you eliminate the need to download and install those updates on each deployed Surface device. The deployment process with an up-to-date image is significantly faster and more efficient than performing a deployment first and then installing Windows Updates on each device.
Like the **1 Deploy Microsoft Surface** task sequence, the **2 Create Windows Reference Image** task sequence performs a deployment of the unaltered Windows image directly from the installation media. Creation of a reference image should always be performed on a virtual machine. Using a virtual machine as your reference system helps to ensure that the resulting image is compatible with different hardware configurations.
>[!NOTE]
>Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and Microsoft Endpoint Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
In addition to the information required by the **1 Deploy Microsoft Surface** task sequence, you will also be prompted to capture an image when you run this task sequence on your reference virtual machine. The **Location** and **File name** fields are automatically populated with the proper information for your deployment share. All that you need to do is select the **Capture an image of this reference computer** option when you are prompted on the **Capture Image** page of the Windows Deployment Wizard.
## Deployment to Surface devices
To perform a deployment from the SDA deployment share, follow this process on the Surface device:
1. Boot the Surface device to MDT boot media for the SDA deployment share. You can do this over the network by using PXE boot, or from a USB drive as described in the [Optional: Prepare offline USB media](#optional) section of this article.
2. Select the deployment share for the version of Windows you intend to deploy and enter your credentials when you are prompted.
3. Select the task sequence you want to run, usually the **1 Deploy Microsoft Surface** task sequence.
4. Address the task sequence prompts to pick applications, supply a password, and so on.
5. The task sequence performs the automated deployment using the options specified.
### Boot the Surface device from the network
To boot the Surface device from the network, the Microsoft Surface Deployment Accelerator wizard must have been run on a Windows Server 2012 R2 or later environment that was configured with the Windows Deployment Services (WDS). WDS must have been configured to respond to network boot (PXE boot) requests and the boot files must have been imported into WDS. The SDA wizard will import these file automatically if the **Import boot media into the local Windows Deployment Service** check box was selected on the page for the version of Windows you intend to deploy.
To boot the Surface device from the network, you must also use a Microsoft Surface Ethernet Adapter or the Ethernet port on a Microsoft Surface Dock. Third-party Ethernet adapters are not supported for network boot (PXE boot). A keyboard is also required. Both the Microsoft Surface Type Cover and keyboards connected via USB to the device or dock are supported.
To instruct your Surface device to boot from the network, start with the device powered off and follow these steps:
1. Press and hold the **Volume Down** button, press and release the **Power** button. Continue holding the **Volume Down** button until the device has begun to boot from the network.
2. Press **Enter** when prompted by the dialog on the screen. This prompt indicates that your device has found the WDS PXE server over the network.
3. If you have configured more than one deployment share on this device, you will be prompted to select between the boot images for each deployment share. For example, if you created both a Windows 10 and a Windows 8.1 deployment share, you will be prompted to choose between these two options.
4. Enter the domain credentials that you use to log on to the server where SDA is installed when you are prompted, as shown in Figure 14.
![Prompt for credentials to the deployment share](images/sdasteps-fig14-credentials.png "Prompt for credentials to the deployment share")
*Figure 14. The prompt for credentials to the deployment share*
5. The Windows Deployment Wizard will start from the deployment share to walk you through the deployment process.
### Alternatively boot the devices from the USB stick
To boot a device from the USB stick:
1. Press and hold the **Volume Down** button, press and release the **Power** button. Continue holding the **Volume Down** button until the device has begun to boot from the USB drive.
2. The Windows Deployment Wizard will start from the deployment share to walk you through the deployment process.
### Run the Deploy Microsoft Surface task sequence
To run the Deploy Microsoft Surface task sequence:
1. On the **Task Sequence** page, select the **1 Deploy Microsoft Surface** task sequence as shown in Figure 15, and then click **Next.**
![Select the task sequence](images/sdasteps-fig15-deploy.png "Select the task sequence")
*Figure 15. Select the 1 Deploy Microsoft Surface task sequence*
2. On the **Computer Details** page, type a name for the Surface device in the **Computer Name** box. In the **Join a domain** section, type your domain name and credentials as shown in Figure 16, and then click **Next**.
![Computer name and domain credentials](images/sdasteps-fig16-computername.png "Computer name and domain credentials")
*Figure 16. Enter the computer name and domain information*
3. On the **Product Key** page, keep the **No product key is required** check box selected if you are deploying the same version and edition of Windows to your Surface devices as they came with from the factory. If you are deploying a different version or edition of Windows to the device, such as Windows Enterprise, select the licensing option that is applicable to your scenario.
4. On the **Locale and Time** page, select your desired **Language Settings** and **Time Zone**, and then click **Next.**
5. On the **Administrator Password** page, type a password for the local Administrator account on the Surface device, and then click **Next.**
6. On the **BitLocker** page, select the **Enable BitLocker** option along with your desired configuration of BitLocker protectors if you want to encrypt the device. Otherwise, keep the **Do not enable BitLocker for this computer** check box selected, and then click **Next.**
7. On the **Ready** page, verify your selections and then click **Begin** to start the automated deployment to this device. The deployment will not require user interaction again. The Windows Deployment Wizard will close and an **Installation Progress** window is displayed to show progress of the task sequence as the image is applied and applications are installed (Figure 17).
![Installation progress window](images/sdasteps-fig17-installprogresswindow.png "Installation progress window")
*Figure 17. The Installation Progress window*
8. When the deployment task sequence completes, a **Success** window is displayed. Click **Finish** to complete the deployment and begin using your Surface device.

2
devices/surface/support-solutions-surface.md
View File

@ -10,7 +10,7 @@ ms.mktglfcycl: support
ms.sitesec: library
ms.pagetype: surfacehub
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.date: 09/26/2019
ms.localizationpriority: medium

54
devices/surface/surface-book-quadro.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.date: 5/06/2020
ms.reviewer: brrecord
@ -15,29 +15,29 @@ audience: itpro
---
# Surface Book 3 Quadro RTX 3000 technical overview
Surface Book 3 for Business powered by the NVIDIA® Quadro RTX™ 3000 GPU is built for professionals who need real-time rendering, AI acceleration, and advanced graphics and compute performance in a portable form factor. Quadro RTX 3000 fundamentally changes what you can do with the new Surface Book 3:
- **Ray Tracing** - Produce stunning renders, designs and animations faster than ever before with 30 RT Cores for hardware-accelerated ray tracing.
Surface Book 3 for Business powered by the NVIDIA® Quadro RTX™ 3000 GPU is built for professionals who need real-time rendering, AI acceleration, advanced graphics, and compute performance in a portable form factor. Quadro RTX 3000 fundamentally changes what you can do with the new Surface Book 3:
- **Ray Tracing** - Produce stunning renders, designs and animations faster than ever before with 30 RT Cores for hardware-accelerated ray tracing.
- **Artificial Intelligence** - Remove redundant, tedious tasks and compute intensive work with 240 Tensor Cores for GPU-accelerated AI.
- **Advanced Graphics and Compute Technology** - Experience remarkable speed and interactivity during your most taxing graphics and compute workloads with 1,920 CUDA Cores and 6GB of GDDR6 memory.
## Enterprise grade solution
Of paramount importance to commercial customers, Quadro RTX 3000 brings a fully professional grade solution that combines accelerated ray tracing and deep learning capabilities with an integrated enterprise level management and support solution. Quadro drivers are tested and certified for more than 100 professional applications by leading ISVs providing an additional layer of quality assurance to validate stability, reliability, and performance.
Of paramount importance to commercial customers, Quadro RTX 3000 brings a fully professional-grade solution that combines accelerated ray tracing and deep learning capabilities with an integrated enterprise level management and support solution. Quadro drivers are tested and certified for more than 100 professional applications by leading ISVs, providing an additional layer of quality assurance to validate stability, reliability, and performance.
Quadro includes dedicated enterprise tools for remote management of Surface Book 3 devices with Quadro RTX 3000. IT admins can remotely configure graphics systems, save/restore configurations, continuously monitor graphics systems and perform remote troubleshooting if necessary. These capabilities along with deployment tools help maximize uptime and minimize IT support requirements.
Quadro includes dedicated enterprise tools for remote management of Surface Book 3 devices with Quadro RTX 3000. IT admins can remotely configure graphics systems, save/restore configurations, continuously monitor graphics systems, and perform remote troubleshooting if necessary. These capabilities along with deployment tools help maximize uptime and minimize IT support requirements.
NVIDIA develops and maintains Quadro Optimal Drivers for Enterprise (ODE) that are tuned, tested, and validated to provide enterprise level stability, reliability, availability, and support with extended product availability. Each driver release involves more than 2,000 man days of testing with professional applications test suites and test cases, as well as WHQL certification. Security threats are continually monitored, and regular security updates are released to protect against newly discovered vulnerabilities. In addition, Quadro drivers undergo an additional layer of testing by Surface engineering prior to release via Windows Update.
NVIDIA develops and maintains Quadro Optimal Drivers for Enterprise (ODE) that are tuned, tested, and validated to provide enterprise level stability, reliability, availability, and support with extended product availability. Each driver release involves more than 2,000 man-days of testing with professional applications test suites and test cases, as well as WHQL certification. Security threats are continually monitored, and regular security updates are released to protect against newly discovered vulnerabilities. In addition, Quadro drivers undergo an additional layer of testing by Surface engineering prior to release via Windows Update.
## Built for compute-intensive workloads
Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance of any Surface laptop, enabling advanced professionals to work from anywhere.
The Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance of any Surface laptop, enabling advanced professionals to work from anywhere.
- **Creative professionals such as designers and animators.** Quadro RTX enables real-time cinematic-quality rendering through Turing-optimized ray tracing APIs such as NVIDIA OptiX, Microsoft DXR, and Vulkan.
- **Architects and engineers using large, complex computer aided design (CAD) models and assemblies.** The RTX platform features the new NGX SDK to infuse powerful AI-enhanced capabilities into visual applications. This frees up time and resources through intelligent manipulation of images, automation of repetitive tasks, and optimization of compute-intensive processes.
- **Software developers across manufacturing, media & entertainment, medical, and other industries.** Quadro RTX speeds application development with ray tracing, deep learning, and rasterization capabilities through industry-leading software SDKs and APIs.
- **Software developers across manufacturing, media and entertainment, medical, and other industries.** Quadro RTX speeds application development with ray tracing, deep learning, and rasterization capabilities through industry-leading software SDKs and APIs.
- **Data scientists using Tensor Cores and CUDA cores to accelerate computationally intensive tasks and other deep learning operations.** By using sensors, increased connectivity, and deep learning, researchers and developers can enable AI applications for everything from autonomous vehicles to scientific research.
@ -45,14 +45,14 @@ Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance of an
| **Component** | **Description** |
| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| RT cores | Dedicated hardware-based ray-tracing technology allows the GPU to render film quality, photorealistic objects and environments with physically accurate shadows, reflections, and refractions. The real-time ray-tracing engine works with NVIDIA OptiX, Microsoft DXR, and Vulkan APIs to deliver a level of realism far beyond what is possible using traditional rendering techniques. RT cores accelerate the Bounding Volume Hierarchy (BVH) traversal and ray casting functions using low number of rays casted through a pixel. |
| Enhanced tensor cores | Mixed-precision cores purpose-built for deep learning matrix arithmetic, deliver 8x TFLOPS for training compared with previous generation. Quadro RTX 3000 utilizes 240 Tensor Cores; each Tensor Core performs 64 floating point fused multiply-add (FMA) operations per clock, and each streaming multiprocessor (SM) performs a total of 1,024 individual floating-point operations per clock. In addition to supporting FP16/FP32 matrix operations, new Tensor Cores added INT8 (2,048 integer operations per clock) and experimental INT4 and INT1 (binary) precision modes for matrix operations. |
| RT cores | Dedicated hardware-based ray-tracing technology allows the GPU to render film quality, photorealistic objects and environments with physically accurate shadows, reflections, and refractions. The real-time ray-tracing engine works with NVIDIA OptiX, Microsoft DXR, and Vulkan APIs to deliver a level of realism far beyond what is possible using traditional rendering techniques. RT cores accelerate the Bounding Volume Hierarchy (BVH) traversal and ray casting functions using low number of rays casted through a pixel. |
| Enhanced tensor cores | Mixed-precision cores purpose-built for deep learning matrix arithmetic, deliver 8x TFLOPS for training compared with previous generation. Quadro RTX 3000 utilizes 240 Tensor Cores; each Tensor Core performs 64 floating point fused multiply-add (FMA) operations per clock, and each streaming multiprocessor (SM) performs a total of 1,024 individual floating-point operations per clock. In addition to supporting FP16/FP32 matrix operations, new Tensor Cores added INT8 (2,048 integer operations per clock) and experimental INT4 and INT1 (binary) precision modes for matrix operations. |
| Turing optimized software | Deep learning frameworks such as the Microsoft Cognitive Toolkit (CNTK), Caffe2, MXNet, TensorFlow, and others deliver significantly faster training times and higher multi-node training performance. GPU accelerated libraries such as cuDNN, cuBLAS, and TensorRT deliver higher performance for both deep learning inference and High-Performance Computing (HPC) applications. |
| NVIDIA CUDA parallel computing platform | Natively execute standard programming languages like C/C++ and Fortran, and APIs such as OpenCL, OpenACC and Direct Compute to accelerate techniques such as ray tracing, video and image processing, and computation fluid dynamics. |
| Advanced streaming multiprocessor (SM) architecture | Combined shared memory and L1 cache improve performance significantly, while simplifying programming and reducing the tuning required to attain best application performance. |
| High performance GDDR6 Memory | Quadro RTX 3000 features 6GB of frame buffer making it the ideal platform for handling large datasets and latency-sensitive applications. |
| Advanced streaming multiprocessor (SM) architecture | Combined shared memory and L1 cache improve performance significantly, while simplifying programming and reducing the tuning required to attain the best application performance. |
| High performance GDDR6 Memory | Quadro RTX 3000 features 6GB of frame buffer, making it the ideal platform for handling large datasets and latency-sensitive applications. |
| Single instruction, multiple thread (SIMT) | New independent thread scheduling capability enables finer-grain synchronization and cooperation between parallel threads by sharing resources among small jobs. |
| Mixed-precision computing | 16-bit floating-point precision computing enables the training and deployment of larger neural networks. With independent parallel integer and floating-point data paths, the Turing SM handles workloads more efficiently using a mix of computation and addressing calculations. |
| Mixed-precision computing | 16-bit floating-point precision computing enables the training and deployment of larger neural networks. With independent parallel integer and floating-point data paths, the Turing SM handles workloads more efficiently using a mix of computation and addressing calculations. |
| Dynamic load balancing | Provides dynamic allocation capabilities of GPU resources for graphics and compute tasks as needed to maximize resource utilization. |
| Compute preemption | Preemption at the instruction-level provides finer grain control over compute tasks to prevent long-running applications from either monopolizing system resources or timing out. |
| H.264, H.265 and HEVC encode/decode engines | Enables faster than real-time performance for transcoding, video editing, and other encoding applications with two dedicated H.264 and HEVC encode engines and a dedicated decode engine that are independent of 3D/compute pipeline. |
@ -86,7 +86,7 @@ Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance of an
## App acceleration
The following table shows how Quadro RTX 3000 provides significantly faster acceleration across leading professional applications. It includes SPECview perf 13 benchmark test results comparing Surface Book 3 15-inch with NVIDIA Quadro RTX 3000 versus Surface Book 2 15-inch with NVIDIA GeForce GTX 1060 devices in market March 2020.
The following table shows how Quadro RTX 3000 provides significantly faster acceleration across leading professional applications. It includes SPECview perf 13 benchmark test results comparing the Surface Book 3 15-inch with NVIDIA Quadro RTX 3000 versus the Surface Book 2 15-inch with NVIDIA GeForce GTX 1060 devices in the market as of March 2020.
**Table 3. App acceleration on Surface Book 3 with Quadro RTX 3000**
@ -95,23 +95,23 @@ The following table shows how Quadro RTX 3000 provides significantly faster acce
| Adobe Dimension | - RTX-accelerated ray tracing delivers photorealistic 3D rendering to 2D artists and designers. |
| Adobe Substance Alchemist | - Create and blend materials with ease, featuring RTX-accelerated AI. |
| Adobe Substance Painter | - Paint materials onto 3d models, featuring RTX accelerated bakers, and Iray RTX rendering which generates photorealistic imagery for interactive and batch rendering workflows. <br> |
| Adobe Substance Designer | - Author procedural materials featuring RTX accelerated bakers<br>- Uses NVIDIA Iray rendering including textures/substances and bitmap texture export to render in any Iray powered compatible with MDL.<br>- DXR-accelerated light and ambient occlusion baking. |
| Adobe Photoshop | - CUDA core acceleration enables faster editing with 30+ GPU-accelerated features such as blur gallery, liquify, smart sharpen, & perspective warp enable photographers and designers to modify images smoothly and quickly. |
| Adobe Substance Designer | - Author procedural materials featuring RTX accelerated bakers<br>- Uses NVIDIA Iray rendering including textures/substances and bitmap texture export to render in any Iray that is compatible with MDL.<br>- DXR-accelerated light and ambient occlusion baking. |
| Adobe Photoshop | - CUDA core acceleration enables faster editing with 30+ GPU-accelerated features such as blur gallery, liquify, smart sharpen, and perspective warp enable photographers and designers to modify images smoothly and quickly. |
| Adobe Lightroom | - Faster editing high res images with GPU-accelerated viewport, which enables the modeling of larger 3D scenes, and the rigging of more complex animations.<br>- GPU-accelerated image processing enables dramatically more responsive adjustments, especially on 4K or higher resolution displays.<br>- GPU-accelerated AI-powered “Enhance Details” for refining fine color detail of RAW images. |
| Adobe Illustrator | - Pan and zoom with GPU-accelerated canvas faster, which enables graphic designers and illustrators to pan across and zoom in and out of complex vector graphics smoothly and interactively. |
| Adobe<br>Premiere Pro | - Significantly faster editing and rendering video with GPU-accelerated effects vs CPU:<br>- GPU-accelerated effects with NVIDIA CUDA technology for real-time video editing and faster final frame rendering.<br>- GPU-accelerated AI Auto Reframe feature for intelligently converting landscape video to dynamically tracked portrait or square video. |
| Adobe<br>Premiere Pro | - Significantly faster editing and rendering video with GPU-accelerated effects vs CPU.<br>- GPU-accelerated effects with NVIDIA CUDA technology for real-time video editing and faster final frame rendering.<br>- GPU-accelerated AI Auto Reframe feature for intelligently converting landscape video to dynamically tracked portrait or square video. |
| Autodesk<br>Revit | - GPU-accelerated viewport for a smoother, more interactive design experience.<br>- Supports 3rd party GPU-accelerated 3D renderers such as V-Ray and Enscape. |
| Autodesk<br>3ds Max | - GPU-accelerated viewport graphics for fast, interactive 3D modelling and design.<br>- RTX-accelerated ray tracing and AI denoising ****with the default Arnold renderer.<br>- More than 70 percent faster compared with Surface Book 2 15”. |
| Autodesk<br>3ds Max | - GPU-accelerated viewport graphics for fast, interactive 3D modelling and design.<br>- RTX-accelerated ray tracing and AI denoising with the default Arnold renderer.<br>- More than 70 percent faster compared with Surface Book 2 15”. |
| Autodesk<br>Maya | - RTX-accelerated ray tracing and AI denoising with the default Arnold renderer.<br>- OpenGL Viewport Acceleration. |
| Dassault Systemes<br>Solidworks | - Solidworks Interactive Ray Tracer (Visualize) accelerated by both RT Cores and Tensor Cores; AI-accelerated denoiser.<br>- Runs more than 50% faster compared with Surface Book 2 15” |
| Dassault Systemes<br>3D Experience Platform | - CATIA Interactive Ray Tracer (Live Rendering) accelerated by RT Cores.<br>- Catia runs more than 100% faster compared with Surface Book 2 15. |
| ImageVis3D | - Runs more than 2x faster compared with Surface Book 2 15”.. |
| Dassault Systemes<br>Solidworks | - Solidworks Interactive Ray Tracer (Visualize) accelerated by both RT Cores and Tensor Cores; AI-accelerated denoiser.<br>- Runs more than 50% faster compared with Surface Book 2 15”. |
| Dassault Systemes<br>3D Experience Platform | - CATIA Interactive Ray Tracer (Live Rendering) accelerated by RT Cores.<br>- Catia runs more than 100% faster compared with Surface Book 2 15". |
| ImageVis3D | - Runs more than 2x faster compared with Surface Book 2 15”. |
| McNeel & Associates<br>Rhino 3D | - GPU-accelerated viewport for a smooth and interactive modelling and design experience.<br>- Supports Cycles for GPU-accelerated 3D rendering. |
| Siemens NX | - Siemens NX Interactive Ray Tracer (Ray Traced Studio) accelerated by RT Cores.<br>- Runs more than 10 x faster compared with Surface Book 2 15”.. |
| Esri ArcGIS | - Real-time results from what took days & weeks, due to DL inferencing leveraging tensor cores. |
| Siemens NX | - Siemens NX Interactive Ray Tracer (Ray Traced Studio) accelerated by RT Cores.<br>- Runs more than 10x faster compared with Surface Book 2 15”. |
| Esri ArcGIS | - Real-time results from what took days and weeks, due to DL inferencing leveraging tensor cores. |
| PTC Creo | - Creo's real-time engineering simulation tool (Creo Simulation Live) built on CUDA.<br>- Runs more than 15% faster compared with Surface Book 2 15”. |
| Luxion KeyShot | - 3rd party Interactive Ray Tracer used by Solidworks, Creo, and Rhino. Accelerated by RT Cores, OptiX™ AI-accelerated denoising. |
| ANSYS<br>Discovery Live | - ANSYS real-time engineering simulation tool (ANSYS Discovery Live) built on CUDA |
| ANSYS<br>Discovery Live | - ANSYS real-time engineering simulation tool (ANSYS Discovery Live) built on CUDA. |
## SKUs
**Table 4. Surface Book 3 with Quadro RTX 3000 SKUs**
@ -123,7 +123,7 @@ The following table shows how Quadro RTX 3000 provides significantly faster acce
## Summary
Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance on any Surface laptop, providing architects, engineers, developers, and data scientists with the tools they need to work efficiently from anywhere:
The Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance of any Surface laptop, providing architects, engineers, developers, and data scientists with the tools they need to work efficiently from anywhere:
- RTX-acceleration across multiple workflows like design, animation, video production, and more.
- Desktop-grade performance in a mobile form factor.
@ -133,4 +133,4 @@ Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance on an
- [Surface Book 3 GPU technical overview](surface-book-GPU-overview.md)
- [Surface for Business](https://www.microsoft.com/surface/business)
- [Microsoft Cognitive Toolkit (CNTK)](https://docs.microsoft.com/cognitive-toolkit/)
- [Microsoft Cognitive Toolkit (CNTK)](https://docs.microsoft.com/cognitive-toolkit/)

2
devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro

22
devices/surface/surface-diagnostic-toolkit-business.md
View File

@ -6,12 +6,12 @@ ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.date: 10/31/2019
ms.date: 05/11/2020
ms.reviewer: hachidan
manager: laurawi
ms.audience: itpro
audience: itpro
---
# Deploy Surface Diagnostic Toolkit for Business
@ -41,6 +41,9 @@ Command line | Directly troubleshoot Surface devices remotely without user inter
SDT for Business is supported on Surface 3 and later devices, including:
- Surface Book 3
- Surface Go 2
- Surface Pro X
- Surface Pro 7
- Surface Laptop 3
- Surface Pro 6
@ -116,6 +119,7 @@ In addition to the .exe file, SDT installs a JSON file and an admin.dll file (mo
*Figure 2. Files installed by SDT*
<span id="create-custom-sdt" />
## Preparing the SDT package for distribution
Creating a custom package allows you to target the tool to specific known issues.
@ -170,6 +174,18 @@ You can select to run a wide range of logs across applications, drivers, hardwar
- [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
## Changes and updates
### Version 2.94.139.0
*Release date: May 11, 2020*<br>
This version of Surface Diagnostic Toolkit for Business adds support for the following:
- Ability to skip Windows Update to perform hardware check.
- Ability to receive notifications for about the latest version update
- Surface Go 2
- Surface Book 3
- Show progress indicator
### Version 2.43.139.0
*Release date: October 21, 2019*<br>
This version of Surface Diagnostic Toolkit for Business adds support for the following:

2
devices/surface/surface-diagnostic-toolkit-command-line.md
View File

@ -5,7 +5,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer: hachidan
manager: laurawi

2
devices/surface/surface-diagnostic-toolkit-desktop-mode.md
View File

@ -5,7 +5,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer: hachidan
manager: laurawi

2
devices/surface/surface-diagnostic-toolkit-for-business-intro.md
View File

@ -5,7 +5,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer: cottmca
manager: laurawi

20
devices/surface/surface-dock-whats-new.md
View File

@ -8,14 +8,14 @@ ms.sitesec: library
author: coveminer
ms.author: greglin
ms.topic: article
ms.date: 5/06/2020
ms.date: 5/29/2020
ms.reviewer: brrecord
manager: laurawi
audience: itpro
---
# Whats new in Surface Dock 2
Surface Dock 2, the next generation Surface dock, lets users connect external monitors and multiple peripherals to obtain a fully modernized desktop experience from a Surface device. Built to maximize efficiency at the office, in a flexible workspace, or at home, Surface Dock 2 features seven ports, including two front-facing USB-C ports, with 15 watts of fast charging power for phone and accessories. Surface Dock 2 is designed to simplify IT management, enabling admins to automate firmware updates using Windows Update or centralize updates with internal software distribution tools. An extended set of management tools will be released via Windows update upon commercial distribution.
Surface Dock 2, the next generation Surface dock, lets users connect external monitors and multiple peripherals to obtain a fully modernized desktop experience from a Surface device. Built to maximize efficiency at the office, in a flexible workspace, or at home, Surface Dock 2 features seven ports, including two front-facing USB-C ports, with 15 watts of fast charging power for phone and accessories. Surface Dock 2 is designed to simplify IT management, enabling admins to automate firmware updates using Windows Update or centralize updates with internal software distribution tools. Surface Enterprise Management Mode (SEMM) now enables IT admins to secure ports on Surface Dock 2. For more information, see [Secure Surface Dock 2 ports with Surface Enterprise Management Mode](https://techcommunity.microsoft.com/t5/surface-it-pro-blog/secure-surface-dock-2-ports-with-surface-enterprise-management/ba-p/1418999).
## General system requirements
@ -28,8 +28,7 @@ Surface Dock 2, the next generation Surface dock, lets users connect external mo
- Surface Book 2
- Surface Laptop 2
- Surface Go
- Surface Go with LTE Advanced
- Surface Studio 2
- Surface Go with LTE Advanced
- Surface Pro 7
- Surface Laptop 3
- Surface Book 3
@ -86,7 +85,7 @@ Surface Dock 2, the next generation Surface dock, lets users connect external mo
|Surflink|Yes|Yes|
|USB-A|2 front facing USB 3.1 Gen 1<br>2 rear facing USB 3.1 Gen 1|2 rear facing USB 3.2 Gen 2 (7.5W power)|
|Mini Display port|2 rear facing (DP1.2)|None|
|USB-C|None|2 front facing USB 3.2 Gen 2<br>[15W power]<br>2 rear facing USB 3.2 Gen 2 (DP1.4a)<br>[7.5W power]|
|USB-C|None|2 front facing USB 3.2 Gen 2<br>(15W power)<br>2 rear facing USB 3.2 Gen 2 (DP1.4a)<br>(7.5W power)|
|3.5 mm Audio in/out|Yes|Yes|
|Ethernet|Yes, 1 gigabit|Yes 1 gigabit|
|DC power in|Yes|Yes|
@ -99,20 +98,18 @@ Surface Dock 2, the next generation Surface dock, lets users connect external mo
|Wake-on-LAN from Connected Standby<sup>1</sup>|Yes|Yes|
|Wake-on-LAN from S4/S5 sleep modes|No|Yes|
|Network PXE boot|Yes|Yes|
|SEMM host access control|No|Coming in Windows Update<sup>2</sup>|
|SEMM port access control<sup>3</sup>|No|Coming in Windows Update|
|SEMM host access control|No|Yes
|SEMM port access control<sup>2</sup>|No|Yes|
|Servicing support|MSI|Windows Update or MSI|
||||
1. *Devices must be configured for Wake on LAN via Surface Enterprise Management Mode (SEMM) or Device Firmware Control Interface (DFCI) to wake from Hibernation or Power-Off states. Wake from Hibernation or Power-Off is supported on Surface Pro 7, Surface Laptop 3, Surface Pro X, Surface Book 3, and Surface Go 2. Software license required for some features. Sold separately.*
2. *Pending release via Windows Update.*
3. *Software license required for some features. Sold separately.*
2. *Software license required for some features. Sold separately.*
## Streamlined device management
Following the public announcement of Surface Dock 2, Surface will release streamlined management functionality via Windows Update enabling IT admins to utilize the following enterprise-grade features:
Surface has released streamlined management functionality via Windows Update enabling IT admins to utilize the following enterprise-grade features:
- **Frictionless updates**. Update your docks silently and automatically, with Windows Update or Microsoft Endpoint Configuration Manager, (formerly System Center Configuration Manager - SCCM) or other MSI deployment tools.
- **Wake from the network**. Manage and access corporate devices without depending on users to keep their devices powered on. Even when a docked device is in sleep, hibernation, or power off mode, your team can wake from the network for service and management, using Endpoint Configuration Manager or other enterprise management tools.
@ -120,5 +117,6 @@ Following the public announcement of Surface Dock 2, Surface will release stream
## Next steps
- [Secure Surface Dock 2 ports with Surface Enterprise Management Mode](https://techcommunity.microsoft.com/t5/surface-it-pro-blog/secure-surface-dock-2-ports-with-surface-enterprise-management/ba-p/1418999)
- [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
- [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)

42
devices/surface/surface-enterprise-management-mode.md
View File

@ -7,12 +7,13 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer: scottmca
ms.reviewer: hachidan
manager: laurawi
ms.localizationpriority: medium
ms.audience: itpro
audience: itpro
ms.date: 05/26/2020
---
# Microsoft Surface Enterprise Management Mode
@ -31,6 +32,9 @@ There are two administrative options you can use to manage SEMM and enrolled Sur
The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
>[!NOTE]
>You can now use Surface UEFI Configurator and SEMM to manage ports on Surface Dock 2. To learn more, see [Secure Surface Dock 2 ports with SEMM](secure-surface-dock-ports-semm.md).
![Microsoft Surface UEFI Configurator](images/surface-ent-mgmt-fig1-uefi-configurator.png "Microsoft Surface UEFI Configurator")
*Figure 1. Microsoft Surface UEFI Configurator*
@ -95,7 +99,7 @@ The following list shows all the available devices you can manage in SEMM:
|Enable Battery limit| Allows you to manage Battery limit functionality. If you do not configure this setting, Battery limit is enabled |
| Security | Displays the Surface UEFI **Security** page. If you do not configure this setting, the Security page is displayed. |
| Devices | Displays the Surface UEFI **Devices** page. If you do not configure this setting, the Devices page is displayed. |
| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the DateTime page is displayed. |
| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the Boot page is displayed. |
| DateTime | Displays the Surface UEFI **DateTime** page. If you do not configure this setting, the DateTime page is displayed. |
@ -227,9 +231,27 @@ create a reset package using PowerShell to reset SEMM.
## Version History
### Version 2.59.
* Support to Surface Pro 7, Surface Pro X, and Surface Laptop 3 13.5" and 15" models with Intel processor. Note: Surface Laptop 3 15" AMD processor is not supported.
- Support to Wake on Power feature
### Version 2.71.139.0
This version of SEMM adds support for Surface Dock 2 management features for Surface Book 3, Surface Laptop 3, and Surface Pro 7 including:
- Enabling audio (locking/unlocking), Ethernet and USB ports
- Ability to create dock packages for both authenticated and unauthenticated hosts
### Version 2.70.130.0
This version of SEMM includes:
- Support for Surface Go 2
- Support for Surface Book 3
- Bug fixes
### Version 2.59.139.0
* Support for Surface Pro 7, Surface Pro X, and Surface Laptop 3 13.5" and 15" models with Intel processor. Note: Surface Laptop 3 15" AMD processor is not supported.
- Support for Wake on Power feature
### Version 2.54.139.0
* Support to Surface Hub 2S
@ -263,6 +285,6 @@ create a reset package using PowerShell to reset SEMM.
## Related topics
[Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
[Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
- [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
- [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
- [Secure Surface Dock 2 ports with SEMM](secure-surface-dock-ports-semm.md)

4
devices/surface/surface-manage-dfci-guide.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.date: 11/13/2019
ms.reviewer: jesko
@ -31,7 +31,7 @@ Until now, managing firmware required enrolling devices into Surface Enterprise
Now with newly integrated UEFI firmware management capabilities in Microsoft Intune, the ability to lock down hardware is simplified and easier to use with new features for provisioning, security, and streamlined updating all in a single console, now unified as [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). The following figure shows UEFI settings viewed directly on the device (left) and viewed in the Endpoint Manager console (right).
![UEFI settings shown on device (left) and in the Endpoint Manager console (right) ](images/uefidfci.png)
![UEFI settings shown on device (left) and in the Endpoint Manager console (right)](images/uefidfci.png)
Crucially, DFCI enables zero touch management, eliminating the need for manual interaction by IT admins. DFCI is deployed via Windows Autopilot using the device profiles capability in Intune. A device profile allows you to add and configure settings which can then be deployed to devices enrolled in management within your organization. Once the device receives the device profile, the features and settings are applied automatically. Examples of common device profiles include Email, Device restrictions, VPN, Wi-Fi, and Administrative templates. DFCI is simply an additional device profile that enables you to manage UEFI configuration settings from the cloud without having to maintain on-premises infrastructure.

2
devices/surface/surface-pro-arm-app-management.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.localizationpriority: high
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.date: 4/15/2020
ms.reviewer: jessko

2
devices/surface/surface-pro-arm-app-performance.md
View File

@ -6,7 +6,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: manage
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.date: 10/03/2019
ms.reviewer: jessko

2
devices/surface/surface-system-sku-reference.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.date: 03/09/2020
ms.reviewer:

2
devices/surface/surface-wireless-connect.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
author: coveminer
ms.audience: itpro
ms.localizationpriority: medium
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer: tokatz
manager: laurawi

2
devices/surface/unenroll-surface-devices-from-semm.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer:
manager: laurawi

2
devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.pagetype: surface
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro

2
devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer:
manager: laurawi

172
devices/surface/using-the-sda-deployment-share.md
View File

@ -1,172 +0,0 @@
---
title: Using the Microsoft Surface Deployment Accelerator deployment share (Surface)
description: Explore the scenarios where you can use SDA to meet the deployment needs of your organization including Proof of Concept, pilot deployment, as well as import additional drivers and applications.
keywords: deploy, install, automate, deployment solution
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro
ms.reviewer:
manager: laurawi
---
# Using the Microsoft Surface Deployment Accelerator deployment share
With Microsoft Surface Deployment Accelerator (SDA), you can quickly and easily set up a deployment solution that is ready to deploy Windows to Surface devices. The prepared environment is built on powerful deployment technologies available from Microsoft, such as the [Microsoft Deployment Toolkit (MDT)](https://technet.microsoft.com/windows/dn475741), and is capable of immediately performing a deployment after configuration. See [Step-by-Step: Surface Deployment Accelerator](https://technet.microsoft.com/itpro/surface/step-by-step-surface-deployment-accelerator) for a comprehensive walkthrough of using the SDA wizard to set up a deployment share and perform a deployment.
For more information about SDA and information on how to download SDA, see [Microsoft Surface Deployment Accelerator (SDA)](https://technet.microsoft.com/itpro/surface/microsoft-surface-deployment-accelerator).
> [!NOTE]
> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
Using SDA provides these primary benefits:
* With SDA, you can create a ready-to-deploy environment that can deploy to target devices as fast as your download speeds allow. The wizard experience enables you to check a few boxes and then the automated process builds your deployment environment for you.
* With SDA, you prepare a deployment environment built on the industry leading deployment solution of MDT. With MDT you can scale from a relatively basic deployment of a few Surface devices to a solution capable of deploying to thousands of devices including all of the different makes and models in your organization and all of the applications required by each device and user.
This article explores four scenarios where you can use SDA to meet the needs of your organization. See [Deploy Windows 10](https://technet.microsoft.com/itpro/windows/deploy/index) to explore the capabilities of MDT and the Windows deployment technologies available from Microsoft in greater detail.
## Perform a Proof of Concept deployment
One of the primary scenarios for use of SDA is as a Proof of Concept. A *Proof of Concept* (PoC) enables you to test or evaluate the capabilities of a solution or technology. A PoC is often used to illustrate the benefits of the solution or technology to decision makers. For example, if you want to recommend Surface devices as a replacement of older point of sale (POS) systems, you could perform a PoC to demonstrate how Surface devices provide superior computing power, flexibility, and connectivity when compared to alternate options.
Using SDA to prepare a PoC of Surface devices enables you to very quickly prepare a demonstration of Surface device or devices, which gives you more time for customization or preparation. The flexibility of SDA even lets you import resources, like applications and drivers, from existing MDT deployment infrastructure. See the [Work with existing deployment shares](#work-with-existing-deployment-shares) section later in this article for more information.
SDA is also an excellent PoC of the capabilities of MDT. SDA demonstrates just how quickly an MDT deployment environment can be prepared and made ready for deployment to devices. It also shows just how flexible and customizable the MDT solution can be, with support for Windows 10 and Windows 8.1, for Microsoft Store and desktop applications, and several models of Surface devices.
Some recommendations for a successful PoC with SDA are:
* Keep your SDA deployment environment separate from your production network. This ensures optimal performance and reduces potential for conflicts during your PoC deployment.
* Use a fresh and updated instance of Windows Server to house your SDA deployment share to maintain the simplicity and performance of the demonstration environment.
* Test the deployment process before you demonstrate your PoC. This reduces the potential for unexpected situations and keeps the demonstration focused on the deployment process and Surface devices.
* Use offline files with SDA to further reduce installation times.
* For help with your PoC, contact [Surface Support](https://www.microsoft.com/surface/support/contact-us-business).
## Perform a pilot deployment
A pilot deployment differs from a PoC. Where a PoC is usually a closed demonstration that is performed prior to the deployment process in order to get approval for the use of certain technologies or solutions, a *pilot deployment* is performed during the deployment process as a limited scope deployment for testing and validation. The focus of a pilot deployment can be as narrow as only a handful of devices, or wide enough to include a significant portion of your organization.
>[!NOTE]
>A pilot deployment should not replace the testing process that should be performed regularly in the lab as the deployment environment is built and developed. A deployment solution should be tested in virtual and physical environments as new applications and drivers are added and when task sequences are modified and before a pilot deployment is performed.
For example, you are tasked with deploying Surface devices to mobile workers and you want to test the organizations MDT deployment process by providing a small number of devices to executives. You can use SDA to create an isolated Surface deployment environment and then copy the task sequence, applications, and drivers needed from the production deployment share. This not only enables you to quickly create a Surface deployment, but it also minimizes the risk to the production deployment process used for other types of devices.
For small organizations, the pilot deployment environment of SDA may suffice as a complete deployment solution. Even if you do not have an existing deployment environment, you can import drivers and applications (covered later in this article) to provide a complete deployment solution based on MDT. Even without previous knowledge of MDT or Windows deployment, you can follow the [Step-by-Step: Surface Deployment Accelerator](https://technet.microsoft.com/itpro/surface/step-by-step-surface-deployment-accelerator) article to get started with a deployment to Surface devices.
## Import additional drivers
The SDA deployment share includes all of the drivers needed for Surface devices. This includes the drivers for the components inside the Surface device, such as the wireless network adapter and the main chipset, as well as drivers for Surface accessories, such as the Surface Dock or Surface USB Ethernet adapters. The SDA deployment share does not, however, include drivers for third-party devices or peripherals.
For example, you may intend to use your Surface device with a thermal printer, credit card reader, and barcode scanner as a POS terminal. In this scenario, the thermal printer, credit card reader, and barcode scanner will very likely require installation of drivers to operate properly. You could potentially download and install these drivers from Windows Update when each peripheral is connected, or you could install the driver package from the manufacturer manually on each Surface device, but the ideal solution is to have these drivers already present in Windows so that when the peripheral is connected, it will just work.
Because SDA is built on MDT, adding the drivers to the SDA deployment share is easy and simple.
>[!NOTE]
>The drivers must be in the Setup Information File (.inf) format. If the drivers for your device come as an executable file (.exe), they may need to be extracted or installed to procure the .inf file. Some device drivers come packaged with applications, for example an all-in-one printer bundled with scan software. These applications will need to be installed separately from the drivers.
To import drivers for a peripheral device:
1. Download the drivers for your device from the manufacturer web site.
2. Open the MDT Deployment Workbench.
3. Expand the **Deployment Shares** node and expand the SDA deployment share.
4. Expand the **Out-of-Box Drivers** folder.
5. Select the folder of the Surface model for which you would like to include this driver.
6. Click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1.
![Provide the location of your driver files](images/using-sda-driverfiles-fig1.png "Provide the location of your driver files")
*Figure 1. Provide the location of your driver files*
7. The Import Drivers Wizard presents a series of steps:
- **Specify Directory** Click **Browse** and navigate to the folder where you stored the drivers in Step 1.
- **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
- **Progress** While the drivers are imported, a progress bar is displayed on this page.
- **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
8. Repeat Steps 5-7 for each Surface model on which you would like to include this driver.
9. Close the Deployment Workbench.
After the drivers are imported for the Surface model, the deployment task sequence will automatically select the drivers during the deployment process and include them in the Windows environment. When you connect your device, such as the barcode scanner in the example, Windows should automatically detect the device and you should be able to use it immediately.
>[!NOTE]
>You can even import drivers for other computer makes and models to support other devices. See **Step 5: Prepare the drivers repository** in [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt) for more information about how to import drivers for other makes and models.
## Import additional applications
As with drivers, the SDA deployment share can be pre-configured with apps like the Surface App and Microsoft Office 365. You can also add applications to the SDA deployment share and configure them to be installed on your Surface devices during deployment of Windows. In the ideal scenario, your Surface devices deployed with the SDA deployment share will include all of the applications needed to be ready for your end users.
In the previous example for including drivers for a POS system, you would also need to include POS software for processing transactions and recording the input from the barcode scanner and credit card reader. To import an application and prepare it for installation on your Surface devices during Windows deployment:
1. Download the application installation files or locate the installation media for your application.
2. Determine the command line instruction for silent installation, usually provided by the developer of the application. For Windows Installer files (.msi), see [Standard Installer Command-Line Options](https://msdn.microsoft.com/library/windows/desktop/aa372024) in the Windows Dev Center.
3. Open the MDT Deployment Workbench.
4. Expand the **Deployment Shares** node and expand the SDA deployment share.
5. Expand the **Applications** folder.
6. Click **New Application** to start the New Application Wizard, as shown in Figure 2.
![Provide the command to install your application](images/using-sda-installcommand-fig2.png "Provide the command to install your application")
*Figure 2: Provide the command to install your application*
7. Follow the steps of the New Application Wizard:
- **Application Type** Click **Application with Source Files**, and then click **Next**.
- **Details** Enter a name for the application in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
- **Source** Click **Browse** to navigate to and select the folder with the application installation files procured in Step 1, and then click **Next**.
- **Destination** Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
- **Command Details** Enter the silent command-line instruction, for example `setup.msi /quiet /norestart`
- **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
- **Progress** While the installation files are imported, a progress bar is displayed on this page.
- **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
8. Click the **Task Sequences** folder, right-click **1 - Deploy Microsoft Surface**, and then click **Properties**.
9. Click the **Task Sequence** tab to view the steps that are included in the new task sequence.
10. Select the **Windows Update (Pre-Application Installation)** step, and then click **Add**.
11. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
![A new Install Application step for Sample POS App](images/using-sda-newinstall-fig3.png "A new Install Application step for Sample POS App")
*Figure 3. A new Install Application step for Sample POS App*
12. On the **Properties** tab of the new **Install Application** step, enter **Install - Sample POS App** in the **Name** field, where *Sample POS App* is the name of your app.
13. Click **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
14. Select your app from the list of applications, and then click **OK**.
15. Click **OK** to close the task sequence properties.
16. Close the Deployment Workbench.
## Work with existing deployment shares
One of the many benefits of an MDT deployment share is the simplicity of how deployment resources are stored. The MDT deployment share is, at its core, just a standard network file share. All deployment resources, such as Windows images, application installation files, and drivers, are stored in a share that can be browsed with File Explorer, copied and pasted, and moved just like any other file share, provided that you have the necessary permissions. This makes working with deployment resources extremely easy. MDT even allows you to make it easier by allowing you to open multiple deployment shares from the Deployment Workbench and to transfer or copy resources between them.
This ability gives SDA some extra capabilities when used in an environment with an existing MDT infrastructure. For example, if you install SDA on an isolated server to prepare a PoC and then log on to your production MDT deployment share from the Deployment Workbench on your SDA server, you can copy applications, drivers, task sequences, and other components into the SDA deployment share that is prepared with Surface apps and drivers. With this process, in a very short amount time, you can have a deployment environment ready to deploy your organizations precise requirements to Surface devices.
You can also use this capability in reverse. For example, you can copy the Surface drivers, deployment task sequences, and apps directly into a lab or testing environment following a successful PoC. Using these resources, you can immediately begin to integrate Surface deployment into your existing deployment infrastructure.

2
devices/surface/wake-on-lan-for-surface-devices.md
View File

@ -8,7 +8,7 @@ ms.pagetype: surface, devices
ms.sitesec: library
ms.localizationpriority: medium
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer: scottmca
manager: laurawi

158
devices/surface/windows-virtual-desktop-surface.md Normal file
View File

@ -0,0 +1,158 @@
---
title: Windows Virtual Desktop on Surface
description: This article explains how Surface devices deliver an ideal end node for Windows Virtual Desktop solutions, providing customers with flexible form factors, Windows 10 modern device security and manageability, and support for persistent, on-demand & just-in-time work scenarios.
ms.prod: w10
ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: greglin
ms.topic: article
ms.date: 5/20/2020
ms.reviewer: rohenr
manager: laurawi
audience: itpro
---
# Windows Virtual Desktop on Surface
## Introduction
Windows Virtual Desktop on Surface lets you run Virtual Desktop Infrastructure (VDI) on a Surface device blurring the lines between the local desktop experience and the virtual desktop where touch, pen, ink, and biometric authentication span both physical and virtual environments. Representing another milestone in the evolution of computing, Windows Virtual Desktop on Surface <a href="#1"><sup>1</sup></a> combines Microsoft 365 - virtualized in the Azure cloud - with the advanced security protections, enterprise-level manageability, and enhanced productivity tools of Windows 10 on Surface. This fusion of premium form factor and Virtual Desktop Infrastructure in Azure provides exceptional customer value across user experiences, portability, security, business continuity, and modern management.
### Windows Virtual Desktop
Windows Virtual Desktop (WVD) is a comprehensive desktop and app virtualization service running in the Azure cloud. Its the only virtual desktop infrastructure that delivers simplified management, multi-session Windows 10, optimizations for Office 365 ProPlus, and support for Remote Desktop Services (RDS) environments. With WVD you can quickly deploy and scale Windows desktops and apps on Azure and get built-in security and compliance features.
### Windows Virtual Desktop partner integrations
For a list of approved partner providers and independent software vendors for Windows Virtual Desktop, see [Windows Virtual Desktop partner integrations](https://docs.microsoft.com/azure/virtual-desktop/partners). Some partners also provide Virtual Desktop as a Service (DaaS). DaaS frees you from having to maintain your own virtual machines (VMs) by providing a fully managed, turnkey desktop and virtualization service. The ability to deliver customized desktops to users anywhere in the world enables companies to quickly adjust to changing market conditions by spinning up cloud desktops on-demand - when and where theyre needed.
## Microsoft Surface Devices
Surface engineering has long set new standards for innovation by going beyond the keyboard and mouse to imagine more natural ways of interacting with devices, whether by touch, voice, ink, or Surface Dial. And with chip-to-cloud integration of Microsoft 365 and the security and manageability of Windows 10 Pro, Surface delivers connected hardware, software, apps, and services the way they were intended. Although its possible to run WVD from Windows devices dating back to Windows 7, Microsoft Surface devices provide unique advantages including support for:
- **Flexible form factors** - like 2-in-1 devices such as Surface Go 2, Surface Pro 7 and Surface Pro X with pen, touch and detachable keyboard.
- **Persistent, on-demand and just-in-time work scenarios** - with offline and on-device access for more productive experiences.
- **Windows 10 modern device security and manageability** - providing the flexibility to be productive anywhere.
## Flexible form factors and premium user experience
The Microsoft Surface for Business family comprises a diverse portfolio of form factors including traditional laptops, all-in-one machines, and 2-in-1 devices. Surface devices deliver experiences people love with the choice and flexibility they need in order to work on their terms.
### The modern virtual desktop endpoint
Surface 2-in-1 devices, including [Surface Go 2](https://www.microsoft.com/p/surface-go-2) (10.5”), [Surface Pro 7](https://www.microsoft.com/surface/devices/surface-pro-7/) (12”) and [Surface Pro X](https://www.microsoft.com/p/surface-pro-x/) (13”), provide users with the ideal cloud desktop endpoint bringing together the optimal balance of portability, versatility, power, and all-day battery. From site engineers relying on Surface Go 2 in tablet mode to financial advisors attaching Surface Pro 7 to a dock and multiple monitors, 2-in-1 devices deliver the versatility that has come to define the modern workplace.
Unlike traditional, fixed VDI “terminals”, Surface devices allow users to work from anywhere and enable companies to remain viable and operational during unforeseen events -- from severe weather to public health emergencies. With support for persistent, on-demand and just-in-time scenarios, Surface devices effectively help companies sustain ongoing operations and mitigate risk from disruptive events. Features designed to enhance productivity on Surface 2-in-1 devices include:
- Vibrant, high resolution displays with 3:2 aspect ratio to get work done.
- Natural inking and multi-touch for more immersive experiences.
- With a wide variety of built-in and third-party accessibility features, Surface devices let you choose how to interact with your device, express ideas, and get work done.
- Far-field mics and high-performance speakers for improved virtual meetings.
- Biometric security including built-in, Windows Hello camera that comes standard on every Surface device.
- Long battery life <a href="#2"><sup>2</sup></a> and fast charging.
- LTE options <a href="#3"><sup>3</sup></a> on modern devices like Surface Pro X and Surface Go 2 for hassle-free and secure connectivity.
- Support for a wide range of peripherals such as standard printers, 3D printers, cameras, credit card readers, barcode scanners, and many others. A large ecosystem of Designed for Surface partners provides licensed and certified Surface accessories.
- Broad range of Device Redirection support.
### Device Redirection Support
The Surface-centric productivity experiences listed above become even more compelling in Windows Virtual Desktop environments by taking advantage of device redirection capabilities with Windows 10. Surface provides a broad range of device redirection support, especially when compared to OEM thin clients and fixed terminals, Android, iOS/macOS and Web-based access. The Windows Inbox (MSTSC) and Windows Desktop (MSRDC) clients provide the most device redirection capabilities including Input Redirection (keyboard, mouse, pen and touch), Port Redirection (serial and USB) and Other Redirections (cameras, clipboard, local drive/storage, location, microphones, printers, scanners, smart cards and speakers). For a detailed comparison of device redirection support refer to the [device redirection documentation](https://docs.microsoft.com/windows-server/remote/remote-desktop-services/clients/remote-desktop-app-compare#redirection-support).
### Familiar Desktop Experience
Not only does running the Windows Desktop Client on Surface devices provide users with a broad set of device redirection capabilities, it lets everyone launch apps in familiar ways — directly from the Start Menu or Search bar.
### Persistent, on-demand and just-in-time work scenarios
Windows Virtual Desktop on Surface helps customers meet increasingly complex business and security requirements across industries, employee roles, and work environments. These include:
- Multi-layered security of access to data and organizational resources.
- Compliance with industry regulations.
- Support for an increasingly elastic workforce.
- Employee-specific needs across a variety of job functions.
- Ability to support specialized, processor-intensive workloads.
- Resilience for sustaining operations during disruptions.
### Table 1. Windows Virtual Desktop business conversations
| Security & regulation | Elastic workforce | Work Roles | Special workloads | Business continuity |
| ---------------------------------------------------- | ---------------------------------------------------------------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------- |
| - Financial Services<br>- Healthcare<br>- Government | - Merger & acquisition<br>- Short term employees<br>- Contractors & partners | - BYOD & mobile<br>- Customer support/service<br>- Branch workers | - Design & engineering<br>- Support for legacy apps<br>- Software dev & test | - On demand<br>- Just-in-Time (JIT)<br>- Work @ Home |
### Offline and on-device access for more productive experiences
Traditionally, VDI solutions only work when the endpoint is connected to the internet. But what happens when the internet or power is unavailable for any reason (due to mobility, being on a plane, or power outages, and so on)?
To support business continuity and keep employees productive, Surface devices can easily augment the virtual desktop experience with offline access to files, Microsoft 365 and third-party applications. Traditional apps like Microsoft Office, available across .x86, x64, Universal Windows Platform, ARM platforms, enable users to stay productive in “offline mode”. Files from the virtual desktop cloud environment can be synced locally on Surface using OneDrive for Business for offline access as well. You can have the confidence that all locally “cached” information is up-to-date and secure.
In addition to adding support for offline access to apps and files, Surface devices are designed to optimize collaborative experiences like Microsoft Teams “On-Device”. Although some VDI solutions support the use of Teams through a virtual session, users can benefit from the more optimized experience provided by a locally installed instance of Teams. Localizing communications and collaboration apps for multimedia channels like voice, video, live captioning allows organizations to take full advantage of Surface devices ability to provide optimized Microsoft 365 experiences. The emergence of Surface artificial intelligence (AI) or “AI-on-device” brings new capabilities to life, such as eye gaze technology that adjusts the appearance of your eyes so the audience sees you looking directly at the camera when communicating via video.
An alternative to locally installing traditional applications is to take advantage of the latest version of Microsoft Edge, which comes with support for Progressive Web Apps (PWA). PWAs are just websites that are progressively enhanced to function like native apps on supporting platforms. The qualities of a PWA combine the best of the web and native apps by additional features, such as push notifications, background data refresh, offline support, and more.
### Virtual GPUs
GPUs are ideal for AI compute and graphics-intensive workloads, helping customers to fuel innovation through scenarios like high-end remote visualization, deep learning, and predictive analytics. However, this isnt ideal for professionals who need to work remotely or while on the go because varying degrees of internal GPU horsepower are tied to the physical devices, limiting mobility and flexibility.
To solve for this Azure offers the N-series family of Virtual Machines with NVIDIA GPU capabilities (vGPU). With vGPUs, IT can either share GPU performance across multiple virtual machines, or power demanding workloads by assigning multiple GPUs to a single virtual machine. For Surface this means that no matter what device youre using, from the highly portable Surface Go 2 to the slim and stylish Surface Laptop 3, your device has access to powerful server-class graphics performance. Surface and vGPUs allow you to combine all the things you love about Surface, to include pen, touch, keyboard, trackpad and PixelSense displays, with graphics capability only available in high performance computing environments.
Azure N-series brings these capabilities to life on your Surface device allowing you to work in any way you want, wherever you go. [Learn more about Azure N-Series and GPU optimized virtual machine sizes.](https://docs.microsoft.com/azure/virtual-machines/sizes-gpu)
## Microsoft 365 and Surface
Even in a virtualized desktop environment, Microsoft 365 and Surface deliver the experiences employees love, the protection organizations demand, and flexibility for teams to work their way. According to Forrester Research: <a href="#4"><sup>4</sup></a>
- Microsoft 365-powered Surface devices give users up to 5 hours in weekly productivity gains with up to 9 hours saved per week for highly mobile workers, providing organizations with 112 percent ROI on Microsoft 365 with Surface
- 75 percent agree Microsoft 365-powered Surface devices help improve employee satisfaction and retention
- agree that Microsoft 365- powered Surface devices have helped improve employee satisfaction and retention.
### Security and management
From chip to cloud, Microsoft 365 and Surface helps organizations stay protected and up to date.
With both Surface hardware and software designed, built, and tested by Microsoft, users can be confident theyre productive and protected by leading technologies from chip to cloud. With increased numbers of users working remotely, protecting corporate data and intellectual property becomes more paramount than ever. Windows Virtual Desktop on Surface is designed around a zero-trust security model in which every access request is strongly authenticated, authorized within policy constraints, and inspected for anomalies before granting access.
By maximizing efficiencies from cloud computing, modern management enables IT to better serve the needs of users, stakeholders and customers in an increasingly competitive business environment. For example, you can get Surface devices up-and-running with minimal interaction from your team. Setup is automatic and self-serviced. Updates are quick and painless for both your team and your users. You can manage devices regardless of their physical location.
Security and management features delivered with Windows Virtual Desktop on Surface include:
- **Windows Update.** Keeping Windows up to date helps you stay ahead of new security threats. Windows 10 has been engineered from the ground up to be more secure and utilize the latest hardware capabilities to improve security. With a purpose-built UEFI <a href="#5"><sup>5</sup></a> and Windows Update for Business that responds to evolving threats, end-to-end protection is secure and simplified.
- **Hardware encryption.** Device encryption lets you protect the data on your Surface so it can only be accessed by authorized individuals. All Surface for Business devices feature a discrete Trusted Platform Module (dTPM) that is hardware-protected against intrusion while software uses protected keys and measurements to verify software validity.
- **Windows Defender.** Windows Defender Antivirus brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices. The tool is built in and needs no extra agents to be deployed on-devices or in the VDI environment, simplifying management and optimizing device start up. Windows Defender is built in and needs no extra agents to be deployed on-device or in the VDI environment, simplifying management and optimizing device start up. The true out-of-the-box experience.
- **Removable drives** - A subset of newer Surface devices feature removable SSD drives <a href="#6"><sup>6</sup></a> providing greater control over data retention.
- **Modern authentication -** Microsoft 365 and Surface is a unified platform delivering every Windows security feature (subject to licensing and enablement). All Surface portfolio devices ship with a custom-built camera, designed for Windows Hello for Business providing biometric security that persists seamlessly from on-device to VDI-based experiences.
- **Modern firmware management** -Using Device Firmware Configuration Interface (DFCI),<a href="#7"><sup>7</sup></a> IT administrators can remotely disable hardware elements at a firmware level such as mics, USB ports, SD card slots, cameras, and Bluetooth which removes power to the peripheral. Windows Defender Credential Guard uses virtualization-based security so that only privileged system software can access them.
- **Backward and forward compatibility** - Windows 10 devices provide backward and forward compatibility across hardware, software and services. Microsoft has a strong history of maintaining legacy support of hardware, peripherals, software and services while incorporating the latest technologies. Businesses can plan IT investments to have a long useful life.
- **Bridge for legacy Windows 7 workloads** - For solution scenarios dependent on legacy Windows OS environments, enterprises can use VDI instances of Windows 7 running in Azure. This enables support on modern devices like Surface without the risk of relying on older Windows 7 machines that no longer receive the latest security updates. In addition to these “future proofing” benefits, migration of any legacy workloads becomes greatly simplified when modern Windows 10 hardware is already deployed.
- **Zero-Touch Deployment** - Autopilot is the recommended modern management deployment option for Surface devices. Windows Autopilot on Surface is a cloud-based deployment technology in Windows 10. You can use Windows Autopilot on Surface to remotely deploy and configure devices in a zero-touch process right out of the box. Windows Autopilot-registered devices are identified over the Internet at first startup through a unique device signature that's called a hardware hash. They're automatically enrolled and configured by using modern management solutions such as Azure Active Directory (Azure AD) and mobile device management.
### Surface devices: Minimizing environmental impacts
Surface performs life cycle assessments to calculate the environmental impact of devices across key stages of product life cycle enabling Microsoft to minimize these impacts. Each Surface product has an ECO profile that includes details on greenhouse gas emissions, primary energy consumption and material composition data, packaging, recycling, and related criteria. To download profiles for each Surface device, see [ECO Profiles](https://www.microsoft.com/download/details.aspx?id=55974) on the Microsoft Download Center.
## Summary
Windows Virtual Desktop on Surface provides organizations with greater flexibility and resilience in meeting the diverse needs of users, stakeholders, and customers. Running Windows Virtual Desktop solutions on Surface devices provides unique advantages over continued reliance on legacy devices. Flexible form factors like Surface Go 2 and Surface Pro 7 connected to the cloud (or offline), enable users to be productive from anywhere, at any time. Whether employees work in persistent, on-demand, or just-in-time scenarios, Windows Virtual Desktop on Surface affords businesses with the versatility to sustain productivity throughout disruptions from public health emergencies or other unforeseen events. Using the built in, multi-layered security and modern manageability of Windows 10, companies can take advantage of an expanding ecosystem of cloud-based services to rapidly deploy and scale Windows desktops and apps. Simply put, Windows Virtual Desktop on Surface delivers critically needed technology to organizations and businesses of all sizes.
## Learn more
For more information, see the following resources:
- [Windows Virtual Desktop](https://azure.microsoft.com/services/virtual-desktop/)
- [Surface for Business](https://www.microsoft.com/surface/business)
- [Modernize your workforce with Microsoft Surface](https://boards.microsoft.com/public/prism/103849?token=754435c36d)
- [A guide to Surface Technical Content and Solutions](https://boards.microsoft.com/public/prism/104362/category/90968?token=09e688ec4a)
- [Microsoft zero-trust security](https://www.microsoft.com/security/business/zero-trust)
----------
<a id="1">1.</a> Windows Virtual Desktop on Surface refers to running Azure Virtual Desktop Infrastructure on a Surface device and is described here as an architectural solution, not a separately available product.<br>
<a id="2">2.</a> Battery life varies significantly with settings, usage and other factors.<br>
<a id="3">3.</a> Service availability and performance subject to service providers network. Contact your service provider for details, compatibility, pricing, SIM card, and activation. See all specs and frequencies at surface.com.<br>
<a id="4">4.</a> Forrester Consulting, “A Forrester Total Economic Impact™ Study: Maximizing Your ROI from Microsoft 365 Enterprise with Microsoft Surface,” commissioned by Microsoft, 2018.<br>
<a id="5">5.</a> Surface Go and Surface Go 2 use a third-party UEFI and do not support DFCI. DFCI is currently available for Surface Book 3, Surface Laptop 3, Surface Pro 7, and Surface Pro X. Find out more about managing Surface UEFI settings.<br>
<a id="6">6.</a> Removable SSD is available on Surface Laptop 3 and Surface Pro X. Note that hard drive is not user removable. Hard drive is only removable a by skilled technician following Microsoft instructions.<br>
<a id="7">7.</a> DFCI is currently available for Surface Book 3, Surface Laptop 3, Surface Pro 7, and Surface Pro X. [Find out more](https://docs.microsoft.com/surface/manage-surface-uefi-settings) about managing Surface UEFI settings.

256
mdop/appv-v5/app-v-51-supported-configurations.md
View File

@ -16,6 +16,8 @@ ms.date: 04/02/2020
# App-V 5.1 Supported Configurations
>Applies to: Windows 10, version 1607; Window Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 (Extended Security Update)
This topic specifies the requirements to install and run Microsoft Application Virtualization (App-V) 5.1 in your environment.
## App-V Server system requirements
@ -40,48 +42,16 @@ The App-V 5.1 Server does not support the following scenarios:
The following table lists the operating systems that are supported for the App-V 5.1 Management server installation.
**Note**  
Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating system</th>
<th align="left">Service Pack</th>
<th align="left">System architecture</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2016</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2012</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
</tbody>
</table>
> [!NOTE]
> Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
| Operating System | Service Pack | System Architecture |
|----------------------------------|--------------|---------------------|
| Microsoft Windows Server 2019 | | 64-bit |
| Microsoft Windows Server 2016 | | 64-bit |
| Microsoft Windows Server 2012 R2 | | 64-bit |
| Microsoft Windows Server 2012 | | 64-bit |
| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates)| SP1 | 64-bit |
**Important**  
@ -155,44 +125,13 @@ For more information on user configuration files with SQL server 2016 or later,
The following table lists the operating systems that are supported for the App-V 5.1 Publishing server installation.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating system</th>
<th align="left">Service Pack</th>
<th align="left">System architecture</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2016</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2012</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
</tbody>
</table>
| Operating System | Service Pack | System Architecture |
|----------------------------------|--------------|---------------------|
| Microsoft Windows Server 2019 | | 64-bit |
| Microsoft Windows Server 2016 | | 64-bit |
| Microsoft Windows Server 2012 R2 | | 64-bit |
| Microsoft Windows Server 2012 | | 64-bit |
| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit |
### <a href="" id="publishing-server-hardware-requirements-"></a>Publishing server hardware requirements
@ -208,44 +147,13 @@ App-V adds no additional requirements beyond those of Windows Server.
The following table lists the operating systems that are supported for the App-V 5.1 Reporting server installation.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating system</th>
<th align="left">Service Pack</th>
<th align="left">System architecture</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2016</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2012</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
</tbody>
</table>
| Operating System | Service Pack | System Architecture |
|----------------------------------|--------------|---------------------|
| Microsoft Windows Server 2019 | | 64-bit |
| Microsoft Windows Server 2016 | | 64-bit |
| Microsoft Windows Server 2012 R2 | | 64-bit |
| Microsoft Windows Server 2012 | | 64-bit |
| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit |
### <a href="" id="reporting-server-hardware-requirements-"></a>Reporting server hardware requirements
@ -309,7 +217,8 @@ The following table lists the SQL Server versions that are supported for the App
The following table lists the operating systems that are supported for the App-V 5.1 client installation.
**Note:** With the Windows 10 Anniversary release (aka 1607 version), the App-V client is in-box and will block installation of any previous version of the App-V client
> [!NOTE]
> With the Windows 10 Anniversary release (aka 1607 version), the App-V client is in-box and will block installation of any previous version of the App-V client
<table>
<colgroup>
@ -368,44 +277,13 @@ The following list displays the supported hardware configuration for the App-V 5
The following table lists the operating systems that are supported for App-V 5.1 Remote Desktop Services (RDS) client installation.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating system</th>
<th align="left">Service Pack</th>
<th align="left">System architecture</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2016</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2012</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
</tbody>
</table>
| Operating System | Service Pack | System Architecture |
|----------------------------------|--------------|---------------------|
| Microsoft Windows Server 2019 | | 64-bit |
| Microsoft Windows Server 2016 | | 64-bit |
| Microsoft Windows Server 2012 R2 | | 64-bit |
| Microsoft Windows Server 2012 | | 64-bit |
| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit |
### Remote Desktop Services client hardware requirements
@ -421,59 +299,16 @@ App-V adds no additional requirements beyond those of Windows Server.
The following table lists the operating systems that are supported for the App-V 5.1 Sequencer installation.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating system</th>
<th align="left">Service pack</th>
<th align="left">System architecture</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2016</p></td>
<td align="left"></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
<td align="left"></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2012</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows 10</p></td>
<td align="left"><p></p></td>
<td align="left"><p>32-bit and 64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows 8.1</p></td>
<td align="left"><p></p></td>
<td align="left"><p>32-bit and 64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows 7</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>32-bit and 64-bit</p></td>
</tr>
</tbody>
</table>
| Operating System | Service Pack | System Architecture |
|----------------------------------|--------------|---------------------|
| Microsoft Windows Server 2019 | | 64-bit |
| Microsoft Windows Server 2016 | | 64-bit |
| Microsoft Windows Server 2012 R2 | | 64-bit |
| Microsoft Windows Server 2012 | | 64-bit |
| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit |
| Microsoft Windows 10 | | 32-bit and 64-bit |
| Microsoft Windows 8.1 | | 32-bit and 64-bit |
| Microsoft Windows 7 | SP1 | 32-bit and 64-bit |
### Sequencer hardware requirements
@ -491,7 +326,8 @@ The App-V client supports the following versions of System Center Configuration
The following App-V and System Center Configuration Manager version matrix shows all officially supported combinations of App-V and Configuration Manager.
**Note:** Both App-V 4.5 and 4.6 have exited Mainstream support.
> [!NOTE]
> Both App-V 4.5 and 4.6 have exited Mainstream support.
<table>
<colgroup>

57
mdop/appv-v5/deploying-the-app-v-51-server.md
View File

@ -13,37 +13,27 @@ ms.prod: w10
ms.date: 06/16/2016
---
# Deploying the App-V 5.1 Server
You can install the Microsoft Application Virtualization (App-V) 5.1 server features by using different deployment configurations, which described in this topic. Before you install the server features, review the server section of [App-V 5.1 Security Considerations](app-v-51-security-considerations.md).
For information about deploying the App-V Server, see [About App-V 5.1](about-app-v-51.md#bkmk-migrate-to-51).
**Important**  
Before you install and configure the App-V 5.1 servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings.
> [!IMPORTANT]
> Before you install and configure the App-V 5.1 servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings.
## <a href="" id="---------app-v-5-1-server-overview"></a> App-V 5.1 Server overview
The App-V 5.1 Server is made up of five components. Each component serves a different purpose within the App-V 5.1 environment. Each of the five components is briefly described here:
- Management Server provides overall management functionality for the App-V 5.1 infrastructure.
- Management Database facilitates database predeployments for App-V 5.1 management.
- Publishing Server provides hosting and streaming functionality for virtual applications.
- Reporting Server provides App-V 5.1 reporting services.
- Reporting Database facilitates database predeployments for App-V 5.1 reporting.
- Management Server provides overall management functionality for the App-V 5.1 infrastructure.
- Management Database facilitates database predeployments for App-V 5.1 management.
- Publishing Server provides hosting and streaming functionality for virtual applications.
- Reporting Server provides App-V 5.1 reporting services.
- Reporting Database facilitates database predeployments for App-V 5.1 reporting.
## <a href="" id="---------app-v-5-1-stand-alone-deployment"></a> App-V 5.1 stand-alone deployment
The App-V 5.1 standalone deployment provides a good topology for a small deployment or a test environment. When you use this type of implementation, all server components are deployed to a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V 5.1 components. Therefore, you should not use this topology for larger deployments.
[How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md)
@ -52,7 +42,6 @@ The App-V 5.1 standalone deployment provides a good topology for a small deploym
## <a href="" id="---------app-v-5-1-server-distributed-deployment"></a> App-V 5.1 Server distributed deployment
The distributed deployment topology can support a large App-V 5.1 client base and it allows you to more easily manage and scale your environment. When you use this type of deployment, the App-V 5.1 Server components are deployed across multiple computers, based on the structure and requirements of the organization.
[How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md)
@ -67,19 +56,15 @@ The distributed deployment topology can support a large App-V 5.1 client base an
## Using an Enterprise Software Distribution (ESD) solution and App-V 5.1
You can also deploy the App-V 5.1 clients and packages by using an ESD without having to deploy App-V 5.1. The full capabilities for integration will vary depending on the ESD that you use.
**Note**  
The App-V 5.1 reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V 5.1 clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
> [!NOTE]
> The App-V 5.1 reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V 5.1 clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
[Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md)
## <a href="" id="---------app-v-5-1-server-logs"></a> App-V 5.1 Server logs
You can use App-V 5.1 server log information to help troubleshoot the server installation and operational events while using App-V 5.1. The server-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Server-related events:
**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**
@ -92,14 +77,11 @@ In App-V 5.0 SP3, some logs were consolidated and moved. See [About App-V 5.0 SP
## <a href="" id="---------app-v-5-1-reporting"></a> App-V 5.1 reporting
App-V 5.1 reporting allows App-V 5.1 clients to collect data and then send it back to be stored in a central repository. You can use this information to get a better view of the virtual application usage within your organization. The following list displays some of the types of information the App-V 5.1 client collects:
- Information about the computer that runs the App-V 5.1 client.
- Information about virtualized packages on a specific computer that runs the App-V 5.1 client.
- Information about package open and shutdown for a specific user.
- Information about the computer that runs the App-V 5.1 client.
- Information about virtualized packages on a specific computer that runs the App-V 5.1 client.
- Information about package open and shutdown for a specific user.
The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services to generate any necessary reports.
@ -111,19 +93,4 @@ Use the following link for more information [About App-V 5.1 Reporting](about-ap
## Other resources for the App-V server
[Deploying App-V 5.1](deploying-app-v-51.md)

105
mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md
View File

@ -13,75 +13,42 @@ ms.prod: w10
ms.date: 06/16/2016
---
# How to Deploy the App-V Databases by Using SQL Scripts
Use the following instructions to use SQL scripts, rather than the Windows Installer, to:
- Install the App-V 5.1 databases
- Install the App-V 5.1 databases
- Upgrade the App-V databases to a later version
- Upgrade the App-V databases to a later version
> [!NOTE]
> If you have already deployed the App-V 5.0 SP3 database, the SQL scripts are not required to upgrade to App-V 5.1.
**Note**
If you have already deployed the App-V 5.0 SP3 database, the SQL scripts are not required to upgrade to App-V 5.1.
## How to install the App-V databases by using SQL scripts
1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
1. Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location.
1. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
Example: appv\_server\_setup.exe /layout c:\\&lt;_temporary location path_&gt;
**How to install the App-V databases by using SQL scripts**
1. Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate Readme.txt file for instructions:
1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
| Database | Location of Readme.txt file to use |
|--|--|
| Management database | ManagementDatabase subfolder |
| Reporting database | ReportingDatabase subfolder |
2. Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location.
> [!CAUTION]
> The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders.
3. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
Example: appv\_server\_setup.exe /layout c:\\&lt;temporary location path&gt;
4. Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate Readme.txt file for instructions:
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Database</th>
<th align="left">Location of Readme.txt file to use</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Management database</p></td>
<td align="left"><p>ManagementDatabase subfolder</p></td>
</tr>
<tr class="even">
<td align="left"><p>Reporting database</p></td>
<td align="left"><p>ReportingDatabase subfolder</p></td>
</tr>
</tbody>
</table>
~~~
**Caution**
The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders.
**Important**
The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3.
> [!IMPORTANT]
> The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3.
The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). **Step 1** is not required for versions of App-V later than App-V 5.0 SP3.
~~~
## Updated management database README file content
**Updated management database README file content**
``` syntax
```plaintext
******************************************************************
Before you install and use the Application Virtualization Database Scripts you must:
1.Review the Microsoft Application Virtualization Server 5.0 license terms.
@ -107,7 +74,7 @@ Steps to install "AppVManagement" schema in SQL SERVER.
2. Ensure the target SQL Server instance and SQL Server Agent service are running.
3. If you are not running the scripts directly on the server, ensure the
3. If you are not running the scripts directly on the server, ensure the
necessary SQL Server client software is installed and available from
the specified location. Specifically, the "osql" command must
## be supported for these scripts to run.
@ -120,7 +87,7 @@ Steps to install "AppVManagement" schema in SQL SERVER.
defaults are likely sufficient, it is suggested that the following
settings be reviewed:
DATABASE - ensure name is satisfactory - default is "AppVManagement".
DATABASE - ensure name is satisfactory - default is "AppVManagement".
2. Review the Permissions.sql file and provide all the necessary account information
for setting up read and write access on the database. Note: Default settings
@ -130,23 +97,23 @@ Steps to install "AppVManagement" schema in SQL SERVER.
## INSTALLATION:
1. Run the database.sql against the "master" database. Your user
1. Run the database.sql against the "master" database. Your user
credential must have the ability to create databases.
This script will create the database.
2. Run the following scripts against the "AppVManagement" database using the
2. Run the following scripts against the "AppVManagement" database using the
same account as above in order.
CreateTables.sql
CreateStoredProcs.sql
UpdateTables.sql
## Permissions.sql
## Permissions.sql
```
**Updated reporting database README file content**
## Updated reporting database README file content
``` syntax
```plaintext
******************************************************************
Before you install and use the Application Virtualization Database Scripts you must:
1.Review the Microsoft Application Virtualization Server 5.0 license terms.
@ -188,7 +155,7 @@ Steps to install "AppVReporting" schema in SQL SERVER.
defaults are likely sufficient, it is suggested that the following
settings be reviewed:
DATABASE - ensure name is satisfactory - default is "AppVReporting".
DATABASE - ensure name is satisfactory - default is "AppVReporting".
2. Review the Permissions.sql file and provide all the necessary account information
for setting up read and write access on the database. Note: Default settings
@ -203,13 +170,13 @@ Steps to install "AppVReporting" schema in SQL SERVER.
## INSTALLATION:
1. Run the database.sql against the "master" database. Your user
1. Run the database.sql against the "master" database. Your user
credential must have the ability to create databases.
This script will create the database.
2. If upgrading the database, run UpgradeDatabase.sql This will upgrade database schema.
2. Run the following scripts against the "AppVReporting" database using the
2. Run the following scripts against the "AppVReporting" database using the
same account as above in order.
CreateTables.sql
@ -222,20 +189,10 @@ Steps to install "AppVReporting" schema in SQL SERVER.
```
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
**Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
## Related topics
[Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md)
[How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md)

35
mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md
View File

@ -13,19 +13,17 @@ ms.prod: w10
ms.date: 06/16/2016
---
# How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell
Use the following PowerShell procedure to convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by Microsoft SQL Server when running SQL scripts.
Before attempting this procedure, you should read and understand the information and examples displayed in the following list:
- **.INPUTS** The account or accounts used to convert to SID format. This can be a single account name or an array of account names.
- **.INPUTS** The account or accounts used to convert to SID format. This can be a single account name or an array of account names.
- **.OUTPUTS** - A list of account names with the corresponding SID in standard and hexadecimal formats.
- **.OUTPUTS** - A list of account names with the corresponding SID in standard and hexadecimal formats.
- **Examples** -
- **Examples** -
**.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List**.
@ -33,13 +31,10 @@ Before attempting this procedure, you should read and understand the information
**.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200**
\#&gt;
**To convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs)**
## To convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs)
1. Copy the following script into a text editor and save it as a PowerShell script file, for example **ConvertToSIDs.ps1**.
2. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
1. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
```powershell
<#
@ -61,7 +56,7 @@ Before attempting this procedure, you should read and understand the information
function ConvertSIDToHexFormat
{
param(\[System.Security.Principal.SecurityIdentifier\]$sidToConvert)
param([System.Security.Principal.SecurityIdentifier]$sidToConvert)
$sb = New-Object System.Text.StringBuilder
[int] $binLength = $sidToConvert.BinaryLength
@ -79,7 +74,7 @@ Before attempting this procedure, you should read and understand the information
[string]::Format("{0}====== Description ======{0}{0}" +
" Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" +
" Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" +
" Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.ps1 DOMAIN\Account1 DOMAIN\Account2 ...'){0}" +
" The output is written to the console in the format 'Account name SID as string SID as hexadecimal'{0}" +
" And can be written out to a file using standard PowerShell redirection{0}" +
" Please specify user accounts in the format 'DOMAIN\username'{0}" +
@ -131,17 +126,21 @@ Before attempting this procedure, you should read and understand the information
Write-Output $SIDs
}
}
3. Run the script you saved in step one of this procedure passing the accounts to convert as arguments.
```
1. Run the script you saved in step one of this procedure passing the accounts to convert as arguments.
For example,
**.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List” or “$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")**
**.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List**
or
**$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")**
**.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200**
**.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200”**
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
**Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
## Related topics
[Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md)

Some files were not shown because too many files have changed in this diff Show More