deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 15:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into rs2

Browse Source
This commit is contained in:
jdeckerMS 2017-01-30 14:32:04 -08:00
commit afeb30a38c
17 changed files with 163 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
devices/hololens/TOC.md
View File

@ -1,8 +1,9 @@
# [Microsoft HoloLens](index.md)
## [HoloLens in the enterprise: requirements](hololens-requirements.md)
## [Set up HoloLens](hololens-setup.md)
## [Unlock Windows Holographic Enterprise features](hololens-upgrade-enterprise.md)
## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md)
## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
## [Set up HoloLens in kiosk mode](hololens-kiosk.md)
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
## [Install apps on HoloLens](hololens-install-apps.md)
## [Install apps on HoloLens](hololens-install-apps.md)
## [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

21
devices/hololens/change-history-hololens.md Normal file
View File

@ -0,0 +1,21 @@
---
title: Change history for Microsoft HoloLens documentation
description: This topic lists new and updated topics for HoloLens.
keywords: change history
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerMS
localizationpriority: medium
---
# Change history for Microsoft HoloLens documentation
This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
## January 2017
| New or changed topic | Description |
| --- | --- |
| All topics | Changed all references from **Windows Holographic Enterprise** to **Windows Holographic for Business** |

4
devices/hololens/hololens-enroll-mdm.md
View File

@ -11,10 +11,10 @@ localizationpriority: medium
# Enroll HoloLens in MDM
You can manage multiple HoloLens devices simultaneously using solutions like Microsoft InTune. You will be able to manage settings, select apps to install and set security configurations tailored to your organization's need.
You can manage multiple Microsoft HoloLens devices simultaneously using solutions like Microsoft InTune. You will be able to manage settings, select apps to install and set security configurations tailored to your organization's need.
>[!NOTE]
>Mobile device management (MDM) for Development Edition HoloLens does not include VPN, BitLocker, or kiosk mode. Those features are only available when you [upgrade to Windows Holographic Enterprise](hololens-upgrade-enterprise.md).
>Mobile device management (MDM) for the Development edition of HoloLens does not include VPN, BitLocker, or kiosk mode. Those features are only available when you [upgrade to Windows Holographic for Business](hololens-upgrade-enterprise.md).
## Requirements

2
devices/hololens/hololens-install-apps.md
View File

@ -16,7 +16,7 @@ The recommended way to install Universal Windows Platform (UWP) apps on HoloLens
You can also deploy apps using your mobile device management (MDM) provider or use the Windows Device Portal to install apps, if you enable **Developer Mode** on the HoloLens device.
>[!IMPORTANT]
>When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device.** Developer Mode** on a device that has been upgraded to Windows Holographic Enterprise enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
>When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device.**Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
## Use Windows Store for Business to deploy apps to HoloLens

4
devices/hololens/hololens-kiosk.md
View File

@ -18,7 +18,7 @@ Kiosk mode limits the user's ability to launch new apps or change the running ap
1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/holographic/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
>[!IMPORTANT]
>When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic Enterprise enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
>When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
2. On a PC, connect to the HoloLens using [Wi-Fi](https://developer.microsoft.com/windows/holographic/Using_the_Windows_Device_Portal.html#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/holographic/Using_the_Windows_Device_Portal.html#connecting_over_usb).
@ -32,7 +32,7 @@ Kiosk mode limits the user's ability to launch new apps or change the running ap
![Kiosk Mode](images/kiosk.png)
>[!NOTE]
>The kiosk mode option will be available if the device is [enrolled in device management](hololens-enroll-mdm.md) and has an [Enterprise license](hololens-upgrade-enterprise.md).
>The kiosk mode option will be available if the device is [enrolled in device management](hololens-enroll-mdm.md) and has a [license to upgrade to Windows Holographic for Business](hololens-upgrade-enterprise.md).
5. Select **Enable Kiosk Mode**, choose an app to run when the device starts, and click **Save**.

6
devices/hololens/hololens-provisioning.md
View File

@ -14,7 +14,7 @@ localizationpriority: medium
Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. The Windows Assessment and Deployment Kit (ADK) for Windows 10 includes the Imaging and Configuration Designer (ICD), a tool for configuring images and runtime settings which are then built into provisioning packages.
Some of the HoloLens configurations that you can apply in a provisioning package:
- Upgrade to Windows Holographic Enterprise
- Upgrade to Windows Holographic for Business
- Set up a local account
- Set up a Wi-Fi connection
- Apply certificatess to the device
@ -32,7 +32,7 @@ When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration D
## Create a provisioning package for HoloLens
>[!NOTE]
>Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic Enterprise or if [the device has already been upgraded to Windows Holographic Enterprise](hololens-upgrade-enterprise.md).
>Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
1. On the Windows ICD start page, select **Advanced provisioning**.
@ -110,7 +110,7 @@ In Windows ICD, when you create a provisioning package for Windows Holographic,
| **Accounts** | Create a local account. HoloLens currently supports a single user only. Creating multiple local accounts in a provisioning package is not supported. <br><br>**IMPORTANT**<br>If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. If the user account is locked out, you must [perform a full device recovery](https://developer.microsoft.com/windows/holographic/reset_or_recover_your_hololens#perform_a_full_device_recovery). |
| **Certificates** | Deploy a certificate to HoloLens. |
| **ConnectivityProfiles** | Deploy a Wi-Fi profile to HoloLens. |
| **EditionUpgrade** | [Upgrade to Windows Holographic Enterprise.](hololens-upgrade-enterprise.md) |
| **EditionUpgrade** | [Upgrade to Windows Holographic for Business.](hololens-upgrade-enterprise.md) |
| **Policies** | Allow or prevent developer mode on HoloLens. |
>[!NOTE]

2
devices/hololens/hololens-requirements.md
View File

@ -36,7 +36,7 @@ When you develop for HoloLens, there are [system requirements and tools](https:/
- Wi-Fi network
- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs
## Upgrade to Windows Holographic Enterprise
## Upgrade to Windows Holographic for Business
- HoloLens Enterprise license XML file

10
devices/hololens/hololens-upgrade-enterprise.md
View File

@ -1,6 +1,6 @@
---
title: Unlock Windows Holographic Enterprise features (HoloLens)
description: HoloLens provides extra features designed for business when you upgrade to Windows Holographic Enterprise.
title: Unlock Windows Holographic for Business features (HoloLens)
description: HoloLens provides extra features designed for business when you upgrade to Windows Holographic for Business.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
@ -9,14 +9,14 @@ author: jdeckerMS
localizationpriority: medium
---
# Unlock Windows Holographic Enterprise features
# Unlock Windows Holographic for Business features
Microsoft HoloLens is available in the *Development Edition*, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the [Commercial Suite](https://developer.microsoft.com/windows/holographic/release_notes#introducing_microsoft_hololens_commercial_suite), which provides extra features designed for business.
When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic Enterprise. This license can be applied to the device either through the organization's [mobile device management (MDM) provider](#edition-upgrade-using-mdm) or a [provisioning package](#edition-upgrade-using-a-provisioning-package).
When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic for Business. This license can be applied to the device either through the organization's [mobile device management (MDM) provider](#edition-upgrade-using-mdm) or a [provisioning package](#edition-upgrade-using-a-provisioning-package).
>[!TIP]
>You can tell that the HoloLens has been upgraded to the Enterprise edition in **Settings** > **Network & Internet**. The **VPN** option is only available in Windows Holographic Enterprise.
>You can tell that the HoloLens has been upgraded to the business edition in **Settings** > **Network & Internet**. The **VPN** option is only available in Windows Holographic for Business.

BIN
devices/hololens/images/upgrade-flow.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 47 KiB

4
devices/hololens/index.md
View File

@ -13,7 +13,7 @@ localizationpriority: medium
<table><tbody>
<tr><td style="border: 0px;width: 75%;valign= top"><p>Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.</p><p> Microsoft HoloLens is available in the **Development Edition**, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the **Commercial Suite**, which runs Windows Holographic Enterprise when you apply the Enterprise license file to the device.</p></td><td align="left" style="border: 0px">![Hololens](images/hololens.png)</td></tr>
<tr><td style="border: 0px;width: 75%;valign= top"><p>Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.</p><p> Microsoft HoloLens is available in the **Development Edition**, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the **Commercial Suite**, which runs Windows Holographic for Business when you apply the Enterprise license file to the device.</p></td><td align="left" style="border: 0px">![Hololens](images/hololens.png)</td></tr>
</tbody></table>
## In this section
@ -22,7 +22,7 @@ localizationpriority: medium
| --- | --- |
| [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management |
| [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time |
| [Unlock Windows Holographic Enterprise features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic Enterprise|
| [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic for Business|
| [Enroll HoloLens in MDM](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using solutions like Microsoft InTune |
| [Set up HoloLens in kiosk mode](hololens-kiosk.md) | Enable kiosk mode for HoloLens, which limits the user's ability to launch new apps or change the running app |
| [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging |

3
devices/surface-hub/TOC.md
View File

@ -5,7 +5,8 @@
#### [Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md)
#### [Create and test a device account](create-and-test-a-device-account-surface-hub.md)
##### [Online deployment](online-deployment-surface-hub-device-accounts.md)
##### [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md)
##### [On-premises deployment (single forest)](on-premises-deployment-surface-hub-device-accounts.md)
##### [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md)
##### [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md)
##### [Create a device account using UI](create-a-device-account-using-office-365.md)
##### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md)

1
devices/surface-hub/change-history-surface-hub.md
View File

@ -19,6 +19,7 @@ This topic lists new and updated topics in the [Surface Hub Admin Guide]( surfac
| New or changed topic | Description |
| --- | --- |
| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | New |
| [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | New |
| [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) | Added graphics cards verified to work with 84" Surface Hubs and added information about the lengths of cables. |
| [Online deployment](online-deployment-surface-hub-device-accounts.md) | Updated procedures for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment. |

3
devices/surface-hub/create-and-test-a-device-account-surface-hub.md
View File

@ -46,7 +46,8 @@ For detailed steps using PowerShell to provision a device account, choose an opt
| Organization deployment | Description |
|---------------------------------|--------------------------------------|
| [Online deployment (Office 365)](online-deployment-surface-hub-device-accounts.md) | Your organization's environment is deployed entirely on Office 365. |
| [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync). |
| [On-premises deployment (single-forest)](on-premises-deployment-surface-hub-device-accounts.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync) in a single-forest environment. |
| [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync) in a multi-forest environment. |
| [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Your organization has a mix of services, with some hosted on-premises and some hosted online through Office 365. |
If you prefer to use a graphical user interface, some steps can be done using UI instead of PowerShell.

6
devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
View File

@ -1,5 +1,5 @@
---
title: On-premises deployment (Surface Hub)
title: On-premises deployment single forest (Surface Hub)
description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
keywords: single forest deployment, on prem deployment, device account, Surface Hub
@ -11,12 +11,12 @@ author: TrudyHa
localizationpriority: medium
---
# On-premises deployment (Surface Hub)
# On-premises deployment for Surface Hub in a single-forest environment
This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If youre using a multi-forest deployment, you can use equivalent cmdlets that will produce the same results. Those cmdlets are described in this section.
If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If youre using a multi-forest deployment, see [On-premises deployment for Surface Hub in a multi-forest environment](on-premises-deployment-surface-hub-multi-forest.md).
1. Start a remote PowerShell session from a PC and connect to Exchange.

105
devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md Normal file
View File

@ -0,0 +1,105 @@
---
title: On-premises deployment multi-forest (Surface Hub)
description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment.
ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
keywords: multi forest deployment, on prem deployment, device account, Surface Hub
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerMS
localizationpriority: medium
---
# On-premises deployment for Surface Hub in a multi-forest environment
This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment.
If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If youre using a single-forest deployment, see [On-premises deployment for Surface Hub in a single-forest environment](on-premises-deployment-surface-hub-device-accounts.md).
1. Start a remote PowerShell session from a PC and connect to Exchange.
Be sure you have the right permissions set to run the associated cmdlets.
Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server.
```PowerShell
Set-ExecutionPolicy Unrestricted
$org='contoso.microsoft.com'
$cred=Get-Credential $admin@$org
$sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue
$sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
Import-PSSession $sessExchange
Import-PSSession $sessLync
```
2. After establishing a session, create a new mailbox in the Resource Forest. This will allow the account to authenticate into the Surface Hub.
If you're changing an existing resource mailbox:
```PowerShell
New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01"
```
3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isnt set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
If you havent created a compatible policy yet, use the following cmdlet-—this one creates a policy called "Surface Hubs". Once its created, you can apply the same policy to other device accounts.
```PowerShell
$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
```
Once you have a compatible policy, then you will need to apply the policy to the device account.
```PowerShell
Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy -ActiveSyncEnabled $true
Set-Mailbox $acctUpn -Type Room
```
4. Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
```PowerShell
Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false AllowConflicts $false DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
```
5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information. This should be set in the User Forest.
```PowerShell
Set-AdUser $acctUpn -PasswordNeverExpires $true
```
6. Enable the account in Active Directory so it will authenticate to the Surface Hub. This should be set in the User Forest.
```PowerShell
Set-AdUser $acctUpn -Enabled $true
```
6. You now need to change the room mailbox to a linked mailbox:
```PowerShell
$cred=Get-Credential AuthForest\LinkedRoomTest1
Set-mailbox -Alias LinkedRoomTest1 -LinkedMasterAccount AuthForest\LinkedRoomTest1 -LinkedDomainController AuthForest-4939.AuthForest.extest.contoso.com -Name LinkedRoomTest1 -LinkedCredential $cred -Identity LinkedRoomTest1
```
7. Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool:
```PowerShell
Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com"
-DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com
-Identity HUB01
```
You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity.
 

6
windows/keep-secure/event-4774.md
View File

@ -1,5 +1,5 @@
---
title: 4774(S) An account was mapped for logon. (Windows 10)
title: 4774(S, F) An account was mapped for logon. (Windows 10)
description: Describes security event 4774(S, F) An account was mapped for logon.
ms.pagetype: security
ms.prod: w10
@ -24,9 +24,9 @@ Success events do not appear to occur. Failure event [has been reported](http://
*Authentication Package:Schannel*
*Account UPN:%2*
*Account UPN:*<*Acccount*>@<*Domain*>
*Mapped Name:%3*
*Mapped Name:*<*Account*>
***Required Server Roles:*** no information.

11
windows/manage/windows-spotlight.md
View File

@ -34,7 +34,7 @@ For managed devices running Windows 10 Enterprise and Windows 10 Education, en
The lock screen background will occasionally suggest Windows 10 features that the user hasn't tried yet, such as **Snap assist**.
## How do you turn off Windows spotlight locally?
## How do you turn off Windows Spotlight locally?
To turn off Windows Spotlight locally, go to **Settings** &gt; **Personalization** &gt; **Lock screen** &gt; **Background** &gt; **Windows spotlight** &gt; select a different lock screen background
@ -44,7 +44,7 @@ To turn off Windows Spotlight locally, go to **Settings** &gt; **Personalization
## How do you disable Windows Spotlight for managed devices?
Windows 10, version 1607, provides three new Group Policy settings to help you manage Spotlight on employees' computers.
Windows 10, version 1607, provides three new Group Policy settings to help you manage Windows Spotlight on enterprise computers.
**Windows 10 Pro, Enterprise, and Education**
@ -52,11 +52,14 @@ Windows 10, version 1607, provides three new Group Policy settings to help you m
**Windows 10 Enterprise and Education**
* **User Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off all Windows Spotlight features** enables enterprises to completely disable all Spotlight features in a single setting.
* **User Configuration\Administrative Templates\Windows Components\Cloud Content\Configure Spotlight on lock screen** specifically controls the use of the dynamic Spotlight image on the lock screen, and can be enabled or disabled. (The Group Policy setting **Enterprise Spotlight** does not work in Windows 10, version 1607.)
* **User Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off all Windows Spotlight features** enables enterprises to completely disable all Windows Spotlight features in a single setting.
* **User Configuration\Administrative Templates\Windows Components\Cloud Content\Configure Spotlight on lock screen** specifically controls the use of the dynamic Windows Spotlight image on the lock screen, and can be enabled or disabled. (The Group Policy setting **Enterprise Spotlight** does not work in Windows 10, version 1607.)
Windows Spotlight is enabled by default. Administrators can replace Windows Spotlight with a selected image using the Group Policy setting **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Force a specific default lock screen image**.
>[!WARNING]
> In Windows 10, version 1607, the **Force a specific default lock screen image** policy setting will prevent users from changing the lock screen image. This behavior will be corrected in a future release.
![lockscreen policy details](images/lockscreenpolicy.png)
Pay attention to the checkbox in **Options**. In addition to providing the path to the lock screen image, administrators can choose to allow or **Turn off fun facts, tips, tricks, and more on lock screen**. If the checkbox is not selected, users will see the lock screen image that is defined in the policy setting, and will also see occasional messages, such as the example in the following image.