deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into v-tea-CI-102692

Browse Source
This commit is contained in:
Teresa-Motiv
2019-06-07 08:23:57 -07:00
parent 7f868671ba 21143b9adb
commit b2e1ac7d56
2038 changed files with 29128 additions and 28906 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
devices/hololens/docfx.json
View File

@ -4,7 +4,7 @@
{
"files": [
"**/*.md",
"**/**.yml"
"**/**.yml"
],
"exclude": [
"**/obj/**",
@ -29,27 +29,27 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/hololens/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "jdecker",
"ms.date": "04/05/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.itpro-hololens",
"folder_relative_path_in_docset": "./"
}
}
},
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/hololens/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "jdecker",
"ms.date": "04/05/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.itpro-hololens",
"folder_relative_path_in_docset": "./"
}
}
},
"fileMetadata": {},
"template": [
null
],
"dest": "devices/hololens",
"markdownEngineName": "dfm"
"markdownEngineName": "markdig"
}
}

2
devices/hololens/hololens-insider.md
View File

@ -21,7 +21,7 @@ Welcome to the latest Insider Preview builds for HoloLens! Its simple to get
<span id="get-insider" />
## How do I install the Insider builds?
On a device running the Windows 10 April 2018 Update, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider.
On a device running the Windows 10 April 2018 Update, go to <strong>Settings -&gt; Update &amp; Security -&gt; Windows Insider Program</strong> and select <strong>Get started</strong>. Link the account you used to register as a Windows Insider.
Then, select **Active development of Windows**, choose whether youd like to receive **Fast** or **Slow** builds, and review the program terms.

18
devices/hololens/hololens-kiosk.md
View File

@ -155,23 +155,23 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
6. Expand **Runtime settings** &gt; **AssignedAccess** &gt; **MultiAppAssignedAccessSettings**.
7. In the center pane, click **Browse** to locate and select the kiosk configuration XML file that you created.
![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png)
![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png)
8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
8. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
8. On the **File** menu, select **Save.**
9. On the **Export** menu, select **Provisioning package**.
10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
9. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
10. On the **File** menu, select **Save.**
11. On the **Export** menu, select **Provisioning package**.
12. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
11. On the **Provisioning package security** page, do not select **Enable package encryption** or provisioning will fail on HoloLens. You can choose to enable package signing.
13. On the **Provisioning package security** page, do not select **Enable package encryption** or provisioning will fail on HoloLens. You can choose to enable package signing.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location.
14. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location.
13. Click **Next**.
15. Click **Next**.
14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
16. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.

14
devices/hololens/hololens-provisioning.md
View File

@ -61,7 +61,7 @@ Use the Windows Configuration Designer tool to create a provisioning package.
2. Click **Provision HoloLens devices**.
![ICD start options](images/icd-create-options-1703.png)
![ICD start options](images/icd-create-options-1703.png)
3. Name your project and click **Finish**.
@ -74,12 +74,12 @@ Use the Windows Configuration Designer tool to create a provisioning package.
<table>
<tr><td style="width:45%" valign="top"><a id="one"></a>![step one](images/one.png)![set up device](images/set-up-device.png)</br></br>Browse to and select the enterprise license file to upgrade the HoloLens edition.</br></br>You can also toggle **Yes** or **No** to hide parts of the first experience.</br></br>To set up the device without the need to connect to a Wi-Fi network, toggle **Skip Wi-Fi setup** to **On**.</br></br>Select a region and timezone in which the device will be used. </td><td>![Select enterprise licence file and configure OOBE](images/set-up-device-details.png)</td></tr>
<tr><td style="width:45%" valign="top"><a id="two"></a>![step two](images/two.png) ![set up network](images/set-up-network.png)</br></br>In this section, you can enter the details of the Wi-Fi wireless network that the device should connect to automatically. To do this, select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.</td><td>![Enter network SSID and type](images/set-up-network-details-desktop.png)</td></tr>
<tr><td style="width:45%" valign="top"><a id="three"></a>![step three](images/three.png) ![account management](images/account-management.png)</br></br>You can enroll the device in Azure Active Directory, or create a local account on the device</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions. </br></br>To create a local account, select that option and enter a user name and password. </br></br>**Important:** (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. </td><td>![join Azure AD or create a local account](images/account-management-details.png)</td></tr>
<tr><td style="width:45%" valign="top"><a id="four"></a>![step four](images/four.png) ![add certificates](images/add-certificates.png)</br></br>To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td>![add a certificate](images/add-certificates-details.png)</td></tr>
<tr><td style="width:45%" valign="top"><a id="five"></a>![step five](images/five.png) ![Developer Setup](images/developer-setup.png)</br></br>Toggle **Yes** or **No** to enable Developer Mode on the HoloLens. [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)</td><td>![Enable Developer Mode](images/developer-setup-details.png)</td></tr>
<tr><td style="width:45%" valign="top"><a id="six"></a>![step six](images/six.png) ![finish](images/finish.png)</br></br>Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.</td><td>![Protect your package](images/finish-details.png)</td></tr>
<tr><td style="width:45%" valign="top"><a id="one"></a><img src="images/one.png" alt="step one"/><img src="images/set-up-device.png" alt="set up device"/></br></br>Browse to and select the enterprise license file to upgrade the HoloLens edition.</br></br>You can also toggle <strong>Yes</strong> or <strong>No</strong> to hide parts of the first experience.</br></br>To set up the device without the need to connect to a Wi-Fi network, toggle <strong>Skip Wi-Fi setup</strong> to <strong>On</strong>.</br></br>Select a region and timezone in which the device will be used. </td><td><img src="images/set-up-device-details.png" alt="Select enterprise licence file and configure OOBE"/></td></tr>
<tr><td style="width:45%" valign="top"><a id="two"></a><img src="images/two.png" alt="step two"/> <img src="images/set-up-network.png" alt="set up network"/></br></br>In this section, you can enter the details of the Wi-Fi wireless network that the device should connect to automatically. To do this, select <strong>On</strong>, enter the SSID, the network type (<strong>Open</strong> or <strong>WPA2-Personal</strong>), and (if <strong>WPA2-Personal</strong>) the password for the wireless network.</td><td><img src="images/set-up-network-details-desktop.png" alt="Enter network SSID and type"/></td></tr>
<tr><td style="width:45%" valign="top"><a id="three"></a><img src="images/three.png" alt="step three"/> <img src="images/account-management.png" alt="account management"/></br></br>You can enroll the device in Azure Active Directory, or create a local account on the device</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>. The <strong>maximum number of devices per user</strong> setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click <strong>Get bulk token</strong>. In the <strong>Let&#39;s get you signed in</strong> window, enter an account that has permissions to join a device to Azure AD, and then the password. Click <strong>Accept</strong> to give Windows Configuration Designer the necessary permissions. </br></br>To create a local account, select that option and enter a user name and password. </br></br><strong>Important:</strong> (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the <strong>Settings</strong> app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. </td><td><img src="images/account-management-details.png" alt="join Azure AD or create a local account"/></td></tr>
<tr><td style="width:45%" valign="top"><a id="four"></a><img src="images/four.png" alt="step four"/> <img src="images/add-certificates.png" alt="add certificates"/></br></br>To provision the device with a certificate, click <strong>Add a certificate</strong>. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td><img src="images/add-certificates-details.png" alt="add a certificate"/></td></tr>
<tr><td style="width:45%" valign="top"><a id="five"></a><img src="images/five.png" alt="step five"/> <img src="images/developer-setup.png" alt="Developer Setup"/></br></br>Toggle <strong>Yes</strong> or <strong>No</strong> to enable Developer Mode on the HoloLens. <a href="https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode" data-raw-source="[Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)">Learn more about Developer Mode.</a></td><td><img src="images/developer-setup-details.png" alt="Enable Developer Mode"/></td></tr>
<tr><td style="width:45%" valign="top"><a id="six"></a><img src="images/six.png" alt="step six"/> <img src="images/finish.png" alt="finish"/></br></br>Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.</td><td><img src="images/finish-details.png" alt="Protect your package"/></td></tr>
</table>
After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.

16
devices/hololens/hololens-whats-new.md
View File

@ -35,14 +35,14 @@ Share from Microsoft Edge | Share button is now available on Microsoft Edge wind
### For administrators
Feature | Details
--- | ---
[Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**.
Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration.
PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. | When signing in as **Other User**, the PIN option is now available under **Sign-In options**.
Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with yourpassword. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when promptedduring web sign-in.
Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer toyour MDM documentationfor feature availability and instructions.
Set HoloLens device name through MDM (rename) | IT administrators can see and rename HoloLens devices in their MDM console. Refer toyour MDM documentationfor feature availability and instructions.
| Feature | Details |
|-----------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with yourpassword. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when promptedduring web sign-in. |
| Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
| Set HoloLens device name through MDM (rename) | IT administrators can see and rename HoloLens devices in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
### For international customers

2
devices/hololens/index.md
View File

@ -14,7 +14,7 @@ ms.date: 07/27/2018
<table><tbody>
<tr><td style="border: 0px;width: 75%;valign= top"><p>Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.</p><p> Microsoft HoloLens is available in the **Development Edition**, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the **Commercial Suite**, which runs Windows Holographic for Business when you apply the Enterprise license file to the device.</p></td><td align="left" style="border: 0px">![Hololens](images/hololens.png)</td></tr>
<tr><td style="border: 0px;width: 75%;valign= top"><p>Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.</p><p> Microsoft HoloLens is available in the <strong>Development Edition</strong>, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the <strong>Commercial Suite</strong>, which runs Windows Holographic for Business when you apply the Enterprise license file to the device.</p></td><td align="left" style="border: 0px"><img src="images/hololens.png" alt="Hololens"/></td></tr>
</tbody></table>
## In this section

20
devices/surface-hub/connect-and-display-with-surface-hub.md
View File

@ -109,7 +109,7 @@ Use these ports on the Surface Hub for Guest Mode.
</tbody>
</table>
 
### Port locations
@ -224,7 +224,7 @@ Your choice of video cable will be determined by what is available from your sou
</tbody>
</table>
 
Source audio is provided by DisplayPort and HDMI cables. If you must use VGA, Surface Hub has an audio input port that uses a 3.5 mm plug. Surface Hub also uses a USB cable that provides Touchback and Inkback from the Surface Hub to compatible Windows 10 devices. The USB cable can be used with any video input that is already connected with a cable.
@ -275,20 +275,20 @@ Check directly with graphics card vendors for the latest drivers.
<tbody>
<tr class="odd">
<td><p>NVIDIA</p></td>
<td><p>[http://nvidia.com/Download/index.aspx](http://nvidia.com/Download/index.aspx)</p></td>
<td><p><a href="http://nvidia.com/Download/index.aspx" data-raw-source="[http://nvidia.com/Download/index.aspx](http://nvidia.com/Download/index.aspx)">http://nvidia.com/Download/index.aspx</a></p></td>
</tr>
<tr class="even">
<td><p>AMD</p></td>
<td><p>[http://support.amd.com/en-us/download](http://support.amd.com/en-us/download)</p></td>
<td><p><a href="http://support.amd.com/en-us/download" data-raw-source="[http://support.amd.com/en-us/download](http://support.amd.com/en-us/download)">http://support.amd.com/en-us/download</a></p></td>
</tr>
<tr class="odd">
<td><p>Intel</p></td>
<td><p>[https://downloadcenter.intel.com/](https://downloadcenter.intel.com/)</p></td>
<td><p><a href="https://downloadcenter.intel.com/" data-raw-source="[https://downloadcenter.intel.com/](https://downloadcenter.intel.com/)">https://downloadcenter.intel.com/</a></p></td>
</tr>
</tbody>
</table>
 
### Ports
@ -347,7 +347,7 @@ Replacement PC ports on 55" Surface Hub
</tbody>
</table>
 
Replacement PC ports on 84" Surface Hub
@ -404,7 +404,7 @@ Replacement PC ports on 84" Surface Hub
</tbody>
</table>
 
### Replacement PC setup instructions
@ -439,9 +439,9 @@ You can switch the Surface Hub to use the internal PC.
3. Turn on the Surface Hub using the power switch next to the power cable.
 
## Video Out
 
The Surface Hub includes a Video Out port for mirroring visual content from the Surface Hub to another display.
### Ports

10
devices/surface-hub/create-a-device-account-using-office-365.md
View File

@ -245,7 +245,7 @@ You can use the Exchange Admin Center to create a device account:
>[!NOTE]
>If you want to create and assign a policy to the account you created, and are using Exchange 2010, look up the corresponding information regarding policy creation and policy assignment when using the EMC (Exchange management console).
 
1. Go to the Exchange Admin Center.
@ -373,11 +373,11 @@ If you aren't sure what value to use for the `RegistrarPool` parameter in your e
Get-CsOnlineUser -Identity alice@contoso.microsoft.com| fl *registrarpool*
```
3. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
3. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
```PowerShell
Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
```
```PowerShell
Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
```

75
devices/surface-hub/docfx.json
View File

@ -1,43 +1,50 @@
{
"build": {
"content":
[
{
"files": ["**/**.md", "**/**.yml"],
"exclude": ["**/obj/**"]
}
],
"content": [
{
"files": [
"**/**.md",
"**/**.yml"
],
"exclude": [
"**/obj/**"
]
}
],
"resource": [
{
"files": ["**/images/**"],
"exclude": ["**/obj/**"]
{
"files": [
"**/images/**"
],
"exclude": [
"**/obj/**"
]
}
],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/surface-hub/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "windows",
"ms.topic": "article",
"ms.mktglfcycl": "manage",
"author": "jdeckerms",
"ms.sitesec": "library",
"ms.author": "jdecker",
"ms.date": "05/23/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.surface-hub",
"folder_relative_path_in_docset": "./"
}
],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/surface-hub/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "windows",
"ms.topic": "article",
"ms.mktglfcycl": "manage",
"author": "jdeckerms",
"ms.sitesec": "library",
"ms.author": "jdecker",
"ms.date": "05/23/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.surface-hub",
"folder_relative_path_in_docset": "./"
}
}
}
},
"externalReference": [
],
"externalReference": [],
"template": "op.html",
"dest": "devices/surface-hub",
"markdownEngineName": "dfm"
"markdownEngineName": "markdig"
}
}

34
devices/surface-hub/first-run-program-surface-hub.md
View File

@ -40,7 +40,7 @@ Each of these sections also contains information about paths you might take when
>[!NOTE]
>You should have the separate keyboard that came with your Surface Hub set up and ready before beginning. See the Surface Hub Setup Guide for details.
 
## <a href="" id="first-page"></a>Hi there page
@ -50,7 +50,7 @@ This is the first screen you'll see when you power up the Surface Hub for the fi
>[!NOTE]
>This is also where you begin the optional process of deploying a provisioning package. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) if that's what you're doing.
 Select a language and the initial setup options are displayed.
Select a language and the initial setup options are displayed.
![Image showing ICD options checklist.](images/setuplocale.png)
@ -68,7 +68,7 @@ If the default values shown are correct, then you can click **Next** to go on. O
>[!NOTE]
> Once the settings on this page are entered, you can't come back to this screen unless you reset the device (see [Device reset](device-reset-surface-hub.md)). Make sure that the settings are properly configured before proceeding.
 
When the settings are accepted, the device will check for a wired network connection. If the connection is fine, it will display the [Set up for you page](#set-up-for-you). If there is a problem with the wired connection, the device will display the [Network setup page](#network-setup).
@ -90,7 +90,7 @@ This screen is shown only if the device fails to detect a wired network. If you
>[!NOTE]
>If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
 
- You can plug in a network cable while this screen is visible. The device will detect it, and will add **Next** to the screen. Click **Next** to continue with making the wired connection.
@ -125,7 +125,7 @@ This page will be shown when the device detects a wired connection with limited
- You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you).
**Note**  If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
 
- You can select **Enter proxy settings** which will allow you to specify how to use the network proxy. You'll be taken to the next screen.
@ -151,7 +151,7 @@ You can skip connecting to a network by selecting **Skip this step**. You'll be
>[!NOTE]
>If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
 
## <a href="" id="set-up-for-you"></a>Set up for you page
@ -185,12 +185,12 @@ On this page, the Surface Hub will ask for credentials for the device account th
Use either a **user principal name (UPN)** or a **domain\\user name** as the account identifier in the first entry field. Use the format that matches your environment, and enter the password.
| Environment | Required format for device account|
| ------------ | ----------------------------------|
| Device account is hosted only online. | username@domain.com|
| Device account is hosted only on-prem. | DOMAIN\username|
| Device account is hosted online and on-prem (hybrid). | DOMAIN\username|
| Environment | Required format for device account |
|-------------------------------------------------------|------------------------------------|
| Device account is hosted only online. | username@domain.com |
| Device account is hosted only on-prem. | DOMAIN\username |
| Device account is hosted online and on-prem (hybrid). | DOMAIN\username |
Click **Skip setting up a device account** to skip setting up a device account. However, if you don't set up a device account, the device will not be fully integrated into your infrastructure. For example, people won't be able to:
@ -319,7 +319,7 @@ Because every Surface Hub can be used by any number of authenticated employees,
>[!NOTE]
>The purpose of this page is primarily to determine who can configure the device from the devices UI; that is, who can actually visit a device, log in, open up the Settings app, and make changes to the Settings.
 
![Image showing Set up admins for this device page.](images/setupsetupadmins.png)
@ -357,7 +357,7 @@ This is what happens when you choose an option.
>[!NOTE]
>After you finish this process, you won't be able to change the device's admin option unless you reset the device.
 
### <a href="" id="use-microsoft-azure"></a>Use Microsoft Azure Active Directory
@ -416,7 +416,7 @@ If the join is successful, you'll see the **Enter a security group** page. When
>[!NOTE]
>If you domain join the Surface Hub, you can't unjoin the device without resetting it.
 
### Use a local admin
@ -442,7 +442,7 @@ This page will attempt to create a new admin account using the credentials that
>[!IMPORTANT]
>Before you do the updates, make sure you read [Save your BitLocker key](save-bitlocker-key-surface-hub.md) in order to make sure you have a backup of the key.
 
In order to get the latest features and fixes, you should update your Surface Hub as soon as you finish all of the preceding first-run steps.
@ -451,9 +451,9 @@ In order to get the latest features and fixes, you should update your Surface Hu
3. If updates are available, they will be downloaded. Once downloading is complete, click the **Update now** button to install the updates.
4. Follow the onscreen prompts after the updates are installed. You may need to restart the device.
 
 

16
devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
View File

@ -184,20 +184,20 @@ The following table lists the Office 365 plans and Skype for Business options.
Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
- Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
- Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
- Click on **Users and Groups** and then **Add users, reset passwords, and more**.
- Click on **Users and Groups** and then **Add users, reset passwords, and more**.
- Click the Surface Hub account, and then click the pen icon to edit the account information.
- Click the Surface Hub account, and then click the pen icon to edit the account information.
- Click **Licenses**.
- Click **Licenses**.
- In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub.
- In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub.
- Click **Save**.
- Click **Save**.
>[!NOTE]
>You can also use the Windows Azure Active Directory Module for Windows Powershell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
>[!NOTE]
>You can also use the Windows Azure Active Directory Module for Windows Powershell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
For validation, you should be able to use any Skype for Business client (PC, Android, etc.) to sign in to this account.

42
devices/surface-hub/index.md
View File

@ -13,17 +13,17 @@ ms.localizationpriority: medium
# Microsoft Surface Hub admin guide
>[Looking for the Surface Hub admin guide for Windows 10, version 1607?](https://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf)
>[Looking for the user's guide for Surface Hub?](https://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf)
> [Looking for the Surface Hub admin guide for Windows 10, version 1607?](https://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf)
>
> [Looking for the user's guide for Surface Hub?](https://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf)
<table><tr><td style="border: 0px;width: 75%;valign= top">Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organizations infrastructure and the Surface Hub itself must be properly set up and integrated. The documentation in this library describes what needs to be done both before and during setup in order to help you optimize your use of the device.</td><td align="left" style="border: 0px">![image of a Surface Hub](images/surfacehub.png) </td></tr></table>
 
<table><tr><td style="border: 0px;width: 75%;valign= top">Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organizations infrastructure and the Surface Hub itself must be properly set up and integrated. The documentation in this library describes what needs to be done both before and during setup in order to help you optimize your use of the device.</td><td align="left" style="border: 0px"><img src="images/surfacehub.png" alt="image of a Surface Hub"/> </td></tr></table>
## Surface Hub setup process
In some ways, adding your new Surface Hub is just like adding any other Microsoft Windows-based device to your network. However, in order to get your Surface Hub up and running at its full capacity, there are some very specific requirements. Here are the next topics you'll need:
In some ways, adding your new Surface Hub is just like adding any other Microsoft Windows-based device to your network. However, in order to get your Surface Hub up and running at its full capacity, there are some very specific requirements. Here are the next topics you'll need:
1. [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md)
2. [Gather the information listed in the Setup worksheet](setup-worksheet-surface-hub.md)
@ -34,22 +34,20 @@ In some ways, adding your new Surface Hub is just like adding any other Microsof
## In this section
| Topic | Description |
| --- | --- |
| [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md) | Discover the changes and improvements for Microsoft Surface Hub in the Windows 10, version 1703 release (also known as Creators Update). |
| [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise. |
| [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) | This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Surface Hub. See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. |
| [Set up Microsoft Surface Hub](set-up-your-surface-hub.md) | Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program. |
| [Manage Microsoft Surface Hub](manage-surface-hub.md) | How to manage your Surface Hub after finishing the first-run program. |
| [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) |
| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. | PowerShell scripts to help set up and manage your Surface Hub. |
| [Top support solutions for Surface Hub](support-solutions-surface-hub.md) | These are the top Microsoft Support solutions for common issues experienced using Surface Hub. |
| [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) | Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. |
| [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) | Learn how to resolve Miracast issues. |
| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents. |
| [Change history for Surface Hub](change-history-surface-hub.md) | This topic lists new and updated topics in the Surface Hub documentation library. |
| Topic | Description |
|---------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md) | Discover the changes and improvements for Microsoft Surface Hub in the Windows 10, version 1703 release (also known as Creators Update). |
| [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise. |
| [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) | This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Surface Hub. See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. |
| [Set up Microsoft Surface Hub](set-up-your-surface-hub.md) | Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program. |
| [Manage Microsoft Surface Hub](manage-surface-hub.md) | How to manage your Surface Hub after finishing the first-run program. |
| [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | |
| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. |
| [Top support solutions for Surface Hub](support-solutions-surface-hub.md) | These are the top Microsoft Support solutions for common issues experienced using Surface Hub. |
| [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) | Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. |
| [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) | Learn how to resolve Miracast issues. |
| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents. |
| [Change history for Surface Hub](change-history-surface-hub.md) | This topic lists new and updated topics in the Surface Hub documentation library. |
## Additional resources

171
devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
View File

@ -58,30 +58,32 @@ You can configure the Surface Hub settings in the following table using MDM. The
For more information, see [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323).
| Setting | Node in the SurfaceHub CSP | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
| ---- | --- | --- | --- | --- |
| Maintenance hours | MaintenanceHoursSimple/Hours/StartTime <br> MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes |
| Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes |
| Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes |
| Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID <br> MOMAgent/WorkspaceKey | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Friendly name for wireless projection | Properties/FriendlyName | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Device account, including password rotation | DeviceAccount/*`<name_of_policy>`* <br> See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes |
| Specify Skype domain | InBoxApps/SkypeForBusiness/DomainName | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Auto launch Connect App when projection is initiated | InBoxApps/Connect/AutoLaunch | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set default volume | Properties/DefaultVolume | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set screen timeout | Properties/ScreenTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set session timeout | Properties/SessionTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set sleep timeout | Properties/SleepTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow session to resume after screen is idle | Properties/AllowSessionResume | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow device account to be used for proxy authentication | Properties/AllowAutoProxyAuth | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set the LanProfile for 802.1x Wired Auth | Dot3/LanProfile | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set the EapUserData for 802.1x Wired Auth | Dot3/EapUserData | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Setting | Node in the SurfaceHub CSP | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|----------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Maintenance hours | MaintenanceHoursSimple/Hours/StartTime <br> MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes |
| Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes |
| Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes |
| Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID <br> MOMAgent/WorkspaceKey | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Friendly name for wireless projection | Properties/FriendlyName | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Device account, including password rotation | DeviceAccount/*`<name_of_policy>`* <br> See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes |
| Specify Skype domain | InBoxApps/SkypeForBusiness/DomainName | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Auto launch Connect App when projection is initiated | InBoxApps/Connect/AutoLaunch | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set default volume | Properties/DefaultVolume | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set screen timeout | Properties/ScreenTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set session timeout | Properties/SessionTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set sleep timeout | Properties/SleepTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow session to resume after screen is idle | Properties/AllowSessionResume | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow device account to be used for proxy authentication | Properties/AllowAutoProxyAuth | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set the LanProfile for 802.1x Wired Auth | Dot3/LanProfile | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Set the EapUserData for 802.1x Wired Auth | Dot3/EapUserData | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
### Supported Windows 10 settings
@ -91,66 +93,73 @@ In addition to Surface Hub-specific settings, there are numerous settings common
The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table identifies if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML.
#### Security settings
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
| --- | --- | --- |---- | --- | --- |
| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes. <br> . | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow USB Drives | Keep this enabled to support USB drives on Surface Hub | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|--------------------|------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes. <br> . | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow USB Drives | Keep this enabled to support USB drives on Surface Hub | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Browser settings
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
| --- | --- | --- |---- | --- | --- |
| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow SmartScreen | Keep this enabled to turn on SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Prevent ignoring SmartScreen Filter warnings for websites | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Prevent ignoring SmartScreen Filter warnings for files | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Allow SmartScreen | Keep this enabled to turn on SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Prevent ignoring SmartScreen Filter warnings for websites | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Prevent ignoring SmartScreen Filter warnings for files | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Windows Update settings
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML*? |
| --- | --- | --- |---- | --- | --- |
| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Defer feature updates| See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes|
| Configure device to use WSUS| Use to connect your Surface Hub to WSUS instead of Windows Update see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|---------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Defer feature updates | See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Configure device to use WSUS | Use to connect your Surface Hub to WSUS instead of Windows Update see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Windows Defender settings
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
| --- | --- | --- |---- | --- | --- |
| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | No. | No. | Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|-------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | No. | No. | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Remote reboot
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
| --- | --- | --- |---- | --- | --- |
| Reboot the device immediately | Use in conjunction with OMS to minimize support costs see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes |
| Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Reboot the device immediately | Use in conjunction with OMS to minimize support costs see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes |
| Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Install certificates
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
| --- | --- | --- |---- | --- | --- |
| Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes. <br> See [Configure Intune certificate profiles](https://docs.microsoft.com/intune/deploy-use/configure-intune-certificate-profiles). | Yes. <br> See [How to create certificate profiles in System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/create-certificate-profiles). | Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|---------------------------------|--------------------------------------------------------------|----------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|
| Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes. <br> See [Configure Intune certificate profiles](https://docs.microsoft.com/intune/deploy-use/configure-intune-certificate-profiles). | Yes. <br> See [How to create certificate profiles in System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/create-certificate-profiles). | Yes |
<!--
| Install client certificates | Use to deploy Personal Information Exchange (.pfx, .p12) certificates. | [ClientCertificateInstall CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023.aspx) | Yes. <br> See [How to Create and Deploy PFX Certificate Profiles in Intune Standalone](https://blogs.technet.microsoft.com/karanrustagi/2016/03/16/want-to-push-a-certificate-to-device-but-cant-use-ndes-continue-reading/). | Yes. <br> See [How to create PFX certificate profiles in System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/create-pfx-certificate-profiles). | Yes |
-->
@ -158,32 +167,36 @@ The following tables include info on Windows 10 settings that have been validate
#### Collect logs
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML*? |
| --- | --- | --- |---- | --- | --- |
| Collect ETW logs | Use to remotely collect ETW logs from Surface Hub. | [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) | No | No | Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|------------------|----------------------------------------------------|----------------------------------------------------------------------------------------|---------------------------|------------------------------------------|-----------------------------|
| Collect ETW logs | Use to remotely collect ETW logs from Surface Hub. | [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) | No | No | Yes |
<!--
| Collect security auditing logs | Use to remotely collect security auditing logs from Surface Hub. | SecurityAuditing node in [Reporting CSP](https://msdn.microsoft.com/library/windows/hardware/mt608321.aspx) | No | No | Yes |-->
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Set network quality of service (QoS) policy
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML*? |
| --- | --- | --- |--- | --- | ---- |
| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|------------------------|--------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Set network proxy
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML*? |
| --- | ---- | --- |---- | --- | --- |
| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|-------------------|---------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Configure Start menu
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML*? |
| --- | ---- | --- |---- | --- | --- |
| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
### Generate OMA URIs for settings
@ -258,9 +271,9 @@ For more information, see [Create configuration items for Windows 8.1 and Window
 
 

166
devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
View File

@ -20,94 +20,94 @@ This topic explains how you add a device account for your Microsoft Surface Hub
If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premises-ps-scripts) to create device accounts. If youre using a multi-forest deployment, see [On-premises deployment for Surface Hub in a multi-forest environment](on-premises-deployment-surface-hub-multi-forest.md).
1. Start a remote PowerShell session from a PC and connect to Exchange.
1. Start a remote PowerShell session from a PC and connect to Exchange.
Be sure you have the right permissions set to run the associated cmdlets.
Be sure you have the right permissions set to run the associated cmdlets.
Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server.
```PowerShell
Set-ExecutionPolicy Unrestricted
$org='contoso.microsoft.com'
$cred=Get-Credential $admin@$org
$sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue
$sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
Import-PSSession $sessExchange
Import-PSSession $sessLync
```
2. After establishing a session, youll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
If you're changing an existing resource mailbox:
```PowerShell
Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
If youre creating a new resource mailbox:
```PowerShell
New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isnt set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
If you havent created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once its created, you can apply the same policy to other device accounts.
```PowerShell
$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
```
Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
```PowerShell
Set-Mailbox $acctUpn -Type Regular
Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy
Set-Mailbox $acctUpn -Type Room
Set-Mailbox $credNewAccount.UserName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
```
4. Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
```PowerShell
Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false AllowConflicts $false DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
```
5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
```PowerShell
Set-AdUser $acctUpn -PasswordNeverExpires $true
```
6. Enable the account in Active Directory so it will authenticate to the Surface Hub.
```PowerShell
Set-AdUser $acctUpn -Enabled $true
```
7. Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool:
```PowerShell
Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com"
-DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com
-Identity HUB01
```
You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity.
8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it:
Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server.
```PowerShell
Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI "tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true
```
Set-ExecutionPolicy Unrestricted
$org='contoso.microsoft.com'
$cred=Get-Credential $admin@$org
$sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue
$sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
Import-PSSession $sessExchange
Import-PSSession $sessLync
```
Again, you need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same.
2. After establishing a session, youll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
If you're changing an existing resource mailbox:
```PowerShell
Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
If youre creating a new resource mailbox:
```PowerShell
New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isnt set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
If you havent created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once its created, you can apply the same policy to other device accounts.
```PowerShell
$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
```
Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
```PowerShell
Set-Mailbox $acctUpn -Type Regular
Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy
Set-Mailbox $acctUpn -Type Room
Set-Mailbox $credNewAccount.UserName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
```
4. Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
```PowerShell
Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false AllowConflicts $false DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
```
5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
```PowerShell
Set-AdUser $acctUpn -PasswordNeverExpires $true
```
6. Enable the account in Active Directory so it will authenticate to the Surface Hub.
```PowerShell
Set-AdUser $acctUpn -Enabled $true
```
7. Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool:
```PowerShell
Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com"
-DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com
-Identity HUB01
```
You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity.
8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it:
```PowerShell
Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI "tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true
```
Again, you need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same.
 ## Disable anonymous email and IM
## Disable anonymous email and IM
@ -143,7 +143,7 @@ To change the policy entry:
```
$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $true
$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Replace = $policyEntry}
```
```
To remove the policy entry:
@ -152,7 +152,7 @@ $policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -va
$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Remove = $policyEntry}
```
 

170
devices/surface-hub/online-deployment-surface-hub-device-accounts.md
View File

@ -21,129 +21,129 @@ This topic has instructions for adding a device account for your Microsoft Surfa
If you have a pure, online (O365) deployment, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-os356-ps-scripts) to create device accounts.
1. Start a remote PowerShell session on a PC and connect to Exchange.
1. Start a remote PowerShell session on a PC and connect to Exchange.
Be sure you have the right permissions set to run the associated cmdlets.
Be sure you have the right permissions set to run the associated cmdlets.
```PowerShell
Set-ExecutionPolicy RemoteSigned
$org='contoso.microsoft.com'
$cred=Get-Credential admin@$org
$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $sess
```
```PowerShell
Set-ExecutionPolicy RemoteSigned
$org='contoso.microsoft.com'
$cred=Get-Credential admin@$org
$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $sess
```
2. After establishing a session, youll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
2. After establishing a session, youll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
If you're changing an existing resource mailbox:
If you're changing an existing resource mailbox:
```PowerShell
Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
```PowerShell
Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
If youre creating a new resource mailbox:
If youre creating a new resource mailbox:
```PowerShell
New-Mailbox -MicrosoftOnlineServicesID HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
```PowerShell
New-Mailbox -MicrosoftOnlineServicesID HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isnt set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isnt set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
If you havent created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once its created, you can apply the same policy to other device accounts.
If you havent created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once its created, you can apply the same policy to other device accounts.
```PowerShell
$easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false -AllowNonProvisionableDevices $True
```
```PowerShell
$easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false -AllowNonProvisionableDevices $True
```
Once you have a compatible policy, then you will need to apply the policy to the device account.
Once you have a compatible policy, then you will need to apply the policy to the device account.
```PowerShell
Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.Id
```
```PowerShell
Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.Id
```
4. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
4. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
```PowerShell
Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false AllowConflicts $false DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
```
```PowerShell
Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false AllowConflicts $false DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
```
5. Connect to Azure AD.
5. Connect to Azure AD.
You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
```PowerShell
Install-Module -Name AzureAD
```
You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
```PowerShell
Install-Module -Name AzureAD
```
You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
```PowerShell
Import-Module AzureAD
Connect-AzureAD -Credential $cred
```
```PowerShell
Import-Module AzureAD
Connect-AzureAD -Credential $cred
```
6. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
6. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
```PowerShell
Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration"
```
```PowerShell
Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration"
```
7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online).
7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online).
Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
```PowerShell
Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
```PowerShell
Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
Get-AzureADSubscribedSku | Select Sku*,*Units
$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$License.SkuId = SkuId You selected
Get-AzureADSubscribedSku | Select Sku*,*Units
$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$License.SkuId = SkuId You selected
$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
$AssignedLicenses.AddLicenses = $License
$AssignedLicenses.RemoveLicenses = @()
$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
$AssignedLicenses.AddLicenses = $License
$AssignedLicenses.RemoveLicenses = @()
Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
```
Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
```
8. Enable the device account with Skype for Business.
If the Skype for Business PowerShell module is not installed, [download the Skype for Business Online Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366).
8. Enable the device account with Skype for Business.
If the Skype for Business PowerShell module is not installed, [download the Skype for Business Online Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366).
- Start by creating a remote PowerShell session from a PC.
- Start by creating a remote PowerShell session from a PC.
```PowerShell
Import-Module SkypeOnlineConnector
$cssess=New-CsOnlineSession -Credential $cred
Import-PSSession $cssess -AllowClobber
```
```PowerShell
Import-Module SkypeOnlineConnector
$cssess=New-CsOnlineSession -Credential $cred
Import-PSSession $cssess -AllowClobber
```
- Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, *alice@contoso.com*):
- Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, <em>alice@contoso.com</em>):
```PowerShell
(Get-CsTenant).TenantPoolExtension
```
OR by setting a variable
```PowerShell
(Get-CsTenant).TenantPoolExtension
```
OR by setting a variable
```PowerShell
$strRegistrarPool = (Get-CsTenant).TenantPoolExtension
$strRegistrarPool = $strRegistrarPool[0].Substring($strRegistrarPool[0].IndexOf(':') + 1)
```
```PowerShell
$strRegistrarPool = (Get-CsTenant).TenantPoolExtension
$strRegistrarPool = $strRegistrarPool[0].Substring($strRegistrarPool[0].IndexOf(':') + 1)
```
- Enable the Surface Hub account with the following cmdlet:
- Enable the Surface Hub account with the following cmdlet:
```PowerShell
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool yourRegistrarPool -SipAddressType EmailAddress
```
```PowerShell
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool yourRegistrarPool -SipAddressType EmailAddress
```
OR using the $strRegistarPool variable from above
OR using the $strRegistarPool variable from above
```PowerShell
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool $strRegistrarPool -SipAddressType EmailAddress
```
```PowerShell
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool $strRegistrarPool -SipAddressType EmailAddress
```
For validation, you should be able to use any Skype for Business client (PC, Android, etc) to sign in to this account.

10
devices/surface-hub/prepare-your-environment-for-surface-hub.md
View File

@ -102,15 +102,15 @@ When you go through the first-run program for your Surface Hub, there's some inf
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>[Create and test a device account](create-and-test-a-device-account-surface-hub.md)</p></td>
<td align="left"><p><a href="create-and-test-a-device-account-surface-hub.md" data-raw-source="[Create and test a device account](create-and-test-a-device-account-surface-hub.md)">Create and test a device account</a></p></td>
<td align="left"><p>This topic introduces how to create and test the device account that Surface Hub uses to communicate with and Skype.</p></td>
</tr>
<tr class="even">
<td align="left"><p>[Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md)</p></td>
<td align="left"><p><a href="provisioning-packages-for-certificates-surface-hub.md" data-raw-source="[Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md)">Create provisioning packages</a></p></td>
<td align="left"><p>For Windows 10, settings that use the registry or a content services platform (CSP) can be configured using provisioning packages. You can also add certificates during first run using provisioning.</p></td>
</tr>
<tr class="odd">
<td align="left"><p>[Admin group management](admin-group-management-for-surface-hub.md)</p></td>
<td align="left"><p><a href="admin-group-management-for-surface-hub.md" data-raw-source="[Admin group management](admin-group-management-for-surface-hub.md)">Admin group management</a></p></td>
<td align="left"><p>Every Surface Hub can be configured individually by opening the Settings app on the device. However, to prevent people who are not administrators from changing the settings, the Settings app requires administrator credentials to open the app and change settings.</p>
<p>The Settings app requires local administrator credentials to open the app.</p></td>
</tr>
@ -123,9 +123,9 @@ When you go through the first-run program for your Surface Hub, there's some inf
- [Blog post: Surface Hub in a Multi-Domain Environment](https://blogs.technet.microsoft.com/y0av/2017/11/08/11/)
- [Blog post: Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
 
 

26
devices/surface-hub/provisioning-packages-for-surface-hub.md
View File

@ -72,11 +72,11 @@ After you [install Windows Configuration Designer](https://technet.microsoft.com
### Create the provisioning package
1. Open Windows Configuration Designer:
- From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
- From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
or
or
- If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
- If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
2. Click **Provision Surface Hub devices**.
@ -85,13 +85,13 @@ After you [install Windows Configuration Designer](https://technet.microsoft.com
### Configure settings
<table>
<tr><td style="width:45%" valign="top">![step one](images/one.png) ![add certificates](images/add-certificates.png)</br></br>To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td>![add a certificate](images/add-certificates-details.png)</td></tr>
<tr><td style="width:45%" valign="top">![step two](images/two.png) ![configure proxy settings](images/proxy.png)</br></br>Toggle **Yes** or **No** for proxy settings. The default configuration for Surface Hub is to automatically detect proxy settings, so you can select **No** if that is the setting that you want. However, if your infrastructure previously required using a proxy server and has changed to not require a proxy server, you can use a provisioning package to revert your Surface Hub devices to the default settings by selecting **Yes** and **Automatically detect settings**. </br></br>If you toggle **Yes**, you can select to automatically detect proxy settings, or you can manually configure the settings by entering a URL to a setup script, or a static proxy server address. You can also identify whether to use the proxy server for local addresses, and enter exceptions (addresses that Surface Hub should connect to directly without using the proxy server). </td><td>![configure proxy settings](images/proxy-details.png)</td></tr>
<tr><td style="width:45%" valign="top">![step three](images/three.png) ![device admins](images/set-up-device-admins.png)</br></br>You can enroll the device in Active Directory and specify a security group to use the Settings app, enroll in Azure Active Directory to allow global admins to use the Settings app, or create a local administrator account on the device.</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain, and specify the security group to have admin credentials on Surface Hub. If a provisioning package that enrolls a device in Active Directory is going to be applied to a Surface Hub that was reset, the same domain account can only be used if the account listed is a domain administrator or is the same account that set up the Surface Hub initially. Otherwise, a different domain account must be used in the provisioning package.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.</br></br>To create a local administrator account, select that option and enter a user name and password. </br></br>**Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. </td><td>![join Active Directory, Azure AD, or create a local admin account](images/set-up-device-admins-details.png)</td></tr>
<tr><td style="width:45%" valign="top">![step four](images/four.png) ![enroll in device management](images/enroll-mdm.png)</br></br>Toggle **Yes** or **No** for enrollment in MDM. </br></br>If you toggle **Yes**, you must provide a service account and password or certificate thumbprint that is authorized to enroll the device, and also specify the authentication type. If required by your MDM provider, also enter the URLs for the discovery service, enrollment service, and policy service. [Learn more about managing Surface Hub with MDM.](manage-settings-with-mdm-for-surface-hub.md)</td><td>![enroll in mobile device management](images/enroll-mdm-details.png)</td></tr>
<tr><td style="width:45%" valign="top">![step five](images/five.png) ![add applications](images/add-applications.png)</br></br>You can install multiple Universal Windows Platform (UWP) apps in a provisioning package. For help with the settings, see [Provision PCs with apps](https://technet.microsoft.com/itpro/windows/configure/provision-pcs-with-apps). </br></br>**Important:** Although the wizard interface allows you to select a Classic Win32 app, only include UWP apps in a provisioning package that will be applied to Surface Hub. If you include a Classic Win32 app, provisioning will fail. </td><td>![add an application](images/add-applications-details.png)</td></tr>
<tr><td style="width:45%" valign="top">![step six](images/six.png) ![Add configuration file](images/add-config-file.png)</br></br>You don't configure any settings in this step. It provides instructions for including a configuration file that contains a list of device accounts. The configuration file must not contain column headers. When you apply the provisioning package to Surface Hub, if a Surface Hub configuration file is included on the USB drive, you can select the account and friendly name for the device from the file. See [Sample configuration file](#sample-configuration-file) for an example.</br></br>**Important:** The configuration file can only be applied during the out-of-box setup experience (OOBE) and can only be used with provisioning packages created using the Windows Configuration Designer released with Windows 10, version 1703. </td><td>![Add a Surface Hub configuration file](images/add-config-file-details.png)</td></tr>
<tr><td style="width:45%" valign="top"> ![finish](images/finish.png)</br></br>You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.</td><td>![Protect your package](images/finish-details.png)</td></tr>
<tr><td style="width:45%" valign="top"><img src="images/one.png" alt="step one"/> <img src="images/add-certificates.png" alt="add certificates"/></br></br>To provision the device with a certificate, click <strong>Add a certificate</strong>. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td><img src="images/add-certificates-details.png" alt="add a certificate"/></td></tr>
<tr><td style="width:45%" valign="top"><img src="images/two.png" alt="step two"/> <img src="images/proxy.png" alt="configure proxy settings"/></br></br>Toggle <strong>Yes</strong> or <strong>No</strong> for proxy settings. The default configuration for Surface Hub is to automatically detect proxy settings, so you can select <strong>No</strong> if that is the setting that you want. However, if your infrastructure previously required using a proxy server and has changed to not require a proxy server, you can use a provisioning package to revert your Surface Hub devices to the default settings by selecting <strong>Yes</strong> and <strong>Automatically detect settings</strong>. </br></br>If you toggle <strong>Yes</strong>, you can select to automatically detect proxy settings, or you can manually configure the settings by entering a URL to a setup script, or a static proxy server address. You can also identify whether to use the proxy server for local addresses, and enter exceptions (addresses that Surface Hub should connect to directly without using the proxy server). </td><td><img src="images/proxy-details.png" alt="configure proxy settings"/></td></tr>
<tr><td style="width:45%" valign="top"><img src="images/three.png" alt="step three"/> <img src="images/set-up-device-admins.png" alt="device admins"/></br></br>You can enroll the device in Active Directory and specify a security group to use the Settings app, enroll in Azure Active Directory to allow global admins to use the Settings app, or create a local administrator account on the device.</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain, and specify the security group to have admin credentials on Surface Hub. If a provisioning package that enrolls a device in Active Directory is going to be applied to a Surface Hub that was reset, the same domain account can only be used if the account listed is a domain administrator or is the same account that set up the Surface Hub initially. Otherwise, a different domain account must be used in the provisioning package.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>. The <strong>maximum number of devices per user</strong> setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click <strong>Get bulk token</strong>. In the <strong>Let&#39;s get you signed in</strong> window, enter an account that has permissions to join a device to Azure AD, and then the password. Click <strong>Accept</strong> to give Windows Configuration Designer the necessary permissions.</br></br>To create a local administrator account, select that option and enter a user name and password. </br></br><strong>Important:</strong> If you create a local account in the provisioning package, you must change the password using the <strong>Settings</strong> app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. </td><td><img src="images/set-up-device-admins-details.png" alt="join Active Directory, Azure AD, or create a local admin account"/></td></tr>
<tr><td style="width:45%" valign="top"><img src="images/four.png" alt="step four"/> <img src="images/enroll-mdm.png" alt="enroll in device management"/></br></br>Toggle <strong>Yes</strong> or <strong>No</strong> for enrollment in MDM. </br></br>If you toggle <strong>Yes</strong>, you must provide a service account and password or certificate thumbprint that is authorized to enroll the device, and also specify the authentication type. If required by your MDM provider, also enter the URLs for the discovery service, enrollment service, and policy service. <a href="manage-settings-with-mdm-for-surface-hub.md" data-raw-source="[Learn more about managing Surface Hub with MDM.](manage-settings-with-mdm-for-surface-hub.md)">Learn more about managing Surface Hub with MDM.</a></td><td><img src="images/enroll-mdm-details.png" alt="enroll in mobile device management"/></td></tr>
<tr><td style="width:45%" valign="top"><img src="images/five.png" alt="step five"/> <img src="images/add-applications.png" alt="add applications"/></br></br>You can install multiple Universal Windows Platform (UWP) apps in a provisioning package. For help with the settings, see <a href="https://technet.microsoft.com/itpro/windows/configure/provision-pcs-with-apps" data-raw-source="[Provision PCs with apps](https://technet.microsoft.com/itpro/windows/configure/provision-pcs-with-apps)">Provision PCs with apps</a>. </br></br><strong>Important:</strong> Although the wizard interface allows you to select a Classic Win32 app, only include UWP apps in a provisioning package that will be applied to Surface Hub. If you include a Classic Win32 app, provisioning will fail. </td><td><img src="images/add-applications-details.png" alt="add an application"/></td></tr>
<tr><td style="width:45%" valign="top"><img src="images/six.png" alt="step six"/> <img src="images/add-config-file.png" alt="Add configuration file"/></br></br>You don&#39;t configure any settings in this step. It provides instructions for including a configuration file that contains a list of device accounts. The configuration file must not contain column headers. When you apply the provisioning package to Surface Hub, if a Surface Hub configuration file is included on the USB drive, you can select the account and friendly name for the device from the file. See <a href="#sample-configuration-file" data-raw-source="[Sample configuration file](#sample-configuration-file)">Sample configuration file</a> for an example.</br></br><strong>Important:</strong> The configuration file can only be applied during the out-of-box setup experience (OOBE) and can only be used with provisioning packages created using the Windows Configuration Designer released with Windows 10, version 1703. </td><td><img src="images/add-config-file-details.png" alt="Add a Surface Hub configuration file"/></td></tr>
<tr><td style="width:45%" valign="top"> <img src="images/finish.png" alt="finish"/></br></br>You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.</td><td><img src="images/finish-details.png" alt="Protect your package"/></td></tr>
</table>
After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
@ -141,11 +141,11 @@ After you [install Windows Configuration Designer](https://technet.microsoft.com
### Create the provisioning package (advanced)
1. Open Windows Configuration Designer:
- From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
- From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
or
or
- If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
- If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
2. Click **Advanced provisioning**.

14
devices/surface-hub/set-up-your-surface-hub.md
View File

@ -37,21 +37,21 @@ Before you turn on your Microsoft Surface Hub for the first time, make sure you'
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>[Setup worksheet](setup-worksheet-surface-hub.md)</p></td>
<td align="left"><p>When you've finished pre-setup and are ready to start first-time setup for your Surface Hub, make sure you have all the information listed in this section.</p></td>
<td align="left"><p><a href="setup-worksheet-surface-hub.md" data-raw-source="[Setup worksheet](setup-worksheet-surface-hub.md)">Setup worksheet</a></p></td>
<td align="left"><p>When you&#39;ve finished pre-setup and are ready to start first-time setup for your Surface Hub, make sure you have all the information listed in this section.</p></td>
</tr>
<tr class="even">
<td align="left"><p>[First-run program](first-run-program-surface-hub.md)</p></td>
<td align="left"><p>The term &quot;first run&quot; refers to the series of steps you'll go through the first time you power up your Surface Hub, and means the same thing as &quot;out-of-box experience&quot; (OOBE). This section will walk you through the process.</p></td>
<td align="left"><p><a href="first-run-program-surface-hub.md" data-raw-source="[First-run program](first-run-program-surface-hub.md)">First-run program</a></p></td>
<td align="left"><p>The term &quot;first run&quot; refers to the series of steps you&#39;ll go through the first time you power up your Surface Hub, and means the same thing as &quot;out-of-box experience&quot; (OOBE). This section will walk you through the process.</p></td>
</tr>
</tbody>
</table>
 
 
 

74
devices/surface-hub/skype-hybrid-voice.md
View File

@ -22,63 +22,63 @@ If you deployed Skype for Business Cloud PBX with one of the hybrid voice option
>[!WARNING]
>If you create an account before configuration of Hybrid voice (you run Enable-CSMeetingRoom command), you will not be able to configure required hybrid voice parameters. In order to configure hybrid voice parameters for a previously configured account or to reconfigure a phone number, delete the E5 or E3 + Cloud PBX add-on license, and then follow the steps below, starting at step 3.
1. Create a new user account for Surface Hub. This example uses **surfacehub2@adatum.com**. The account can be created in local Active Directory and synchronized to the cloud, or created directly in the cloud.
1. Create a new user account for Surface Hub. This example uses <strong>surfacehub2@adatum.com</strong>. The account can be created in local Active Directory and synchronized to the cloud, or created directly in the cloud.
![new object user](images/new-user-hybrid-voice.png)
2. Select **Password Never Expires**. This is important for a Surface Hub device.
2. Select **Password Never Expires**. This is important for a Surface Hub device.
![Password never expires](images/new-user-password-hybrid-voice.png)
![Password never expires](images/new-user-password-hybrid-voice.png)
3. In Office 365, add **E5** license or **E3 and Cloud PBX** add-on to the user account created for the room. This is required for Hybrid Voice to work.
3. In Office 365, add **E5** license or **E3 and Cloud PBX** add-on to the user account created for the room. This is required for Hybrid Voice to work.
![Add product license](images/product-license-hybrid-voice.png)
![Add product license](images/product-license-hybrid-voice.png)
4. Wait approximately 15 minutes until the user account for the room appears in Skype for Business Online.
4. Wait approximately 15 minutes until the user account for the room appears in Skype for Business Online.
5. After the user account for room is created in Skype for Business Online, enable it for Hybrid Voice in Skype for Business Remote PowerShell by running the following cmdlet:
5. After the user account for room is created in Skype for Business Online, enable it for Hybrid Voice in Skype for Business Remote PowerShell by running the following cmdlet:
```
Set-csuser surfacehub2@adatum.com EnterpriseVoiceEnabled $true -HostedVoiceMail $true -onpremlineuri tel:+15005000102
```
```
Set-csuser surfacehub2@adatum.com EnterpriseVoiceEnabled $true -HostedVoiceMail $true -onpremlineuri tel:+15005000102
```
6. Validate Hybrid Voice call flow by placing test calls from the Surface Hub.
6. Validate Hybrid Voice call flow by placing test calls from the Surface Hub.
7. Start a remote PowerShell session on a PC and connect to Exchange by running the following cmdlets.
7. Start a remote PowerShell session on a PC and connect to Exchange by running the following cmdlets.
```
Set-ExecutionPolicy Unrestricted
$cred=Get-Credential -Message "Please use your Office 365 admin credentials"
$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/ps1-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $sess
```
```
Set-ExecutionPolicy Unrestricted
$cred=Get-Credential -Message "Please use your Office 365 admin credentials"
$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/ps1-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $sess
```
8. After establishing a session, modify the user account for the room to enable it as a **RoomMailboxAccount** by running the following cmdlets. This allows the account to authenticate with Surface Hub.
8. After establishing a session, modify the user account for the room to enable it as a **RoomMailboxAccount** by running the following cmdlets. This allows the account to authenticate with Surface Hub.
```
Set-Mailbox surfacehub2@adatum.com -Type Room
Set-Mailbox surfacehub2@adatum.com -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
```
Set-Mailbox surfacehub2@adatum.com -Type Room
Set-Mailbox surfacehub2@adatum.com -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
9. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
9. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isnt set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isnt set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
If you havent created a compatible policy yet, use the following cmdlet (this one creates a policy called "Surface Hubs"). After its created, you can apply the same policy to other device accounts.
If you havent created a compatible policy yet, use the following cmdlet (this one creates a policy called "Surface Hubs"). After its created, you can apply the same policy to other device accounts.
```
$easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false
```
```
$easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false
```
After you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. Run the following cmdlets to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox (you may need to re-enable the account and set the password again).
After you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. Run the following cmdlets to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox (you may need to re-enable the account and set the password again).
```
Set-Mailbox surfacehub2@adatum.com -Type Regular
Set-CASMailbox surfacehub2@adatum.com -ActiveSyncMailboxPolicy $easPolicy.id
Set-Mailbox surfacehub2@adatum.com -Type Room
$credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
Set-Mailbox surfacehub2@adatum.com -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
```
```
Set-Mailbox surfacehub2@adatum.com -Type Regular
Set-CASMailbox surfacehub2@adatum.com -ActiveSyncMailboxPolicy $easPolicy.id
Set-Mailbox surfacehub2@adatum.com -Type Room
$credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
Set-Mailbox surfacehub2@adatum.com -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
```
10. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties can be set in [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md). The following cmdlets provide an example of setting Exchange properties.

2
devices/surface-hub/surface-hub-authenticator-app.md
View File

@ -29,7 +29,7 @@ To let people in your organization sign in to Surface Hub with their phones and
![multi-factor authentication options](images/mfa-options.png)
- Enable content hosting on Azure AD services such as Office online, SharePoint, etc.
- Enable content hosting on Azure AD services such as Office, SharePoint, etc.
- Surface Hub must be running Windows 10, version 1703 or later.

6
devices/surface-hub/surface-hub-recovery-tool.md
View File

@ -78,7 +78,9 @@ Install Surface Hub Recovery Tool on the host PC.
5. When the download is complete, the tool instructs you to connect an SSD drive. If the tool is unable to locate the attached drive, there is a good chance that the cable being used is not reporting the name of the SSD to Windows. The imaging tool must find the name of the drive as "LITEON L CH-128V2S USB Device" before it can continue. For more information on how to remove the existing drive from your Surface Hub, see [Surface Hub SSD replacement](surface-hub-ssd-replacement.md).
![Connect SSD](images/shrt-drive.png)
~~~
![Connect SSD](images/shrt-drive.png)
~~~
6. When the drive is recognized, click **Start** to begin the re-imaging process. On the warning that all data on the drive will be erased, click **OK**.
@ -94,7 +96,7 @@ Install Surface Hub Recovery Tool on the host PC.
Issue | Notes
--- | ---
The tool fails to image the SSD | Make sure you are using a factory-supplied SSD and one of the tested cables.
The tool fails to image the SSD | Make sure you are using a factory-supplied SSD and one of the tested cables.
The reimaging process appears halted/frozen | It is safe to close and restart the Surface Hub Recovery Tool with no ill effect to the SSD.
The drive isnt recognized by the tool | Verify that the Surface Hub SSD is enumerated as a Lite-On drive, "LITEON L CH-128V2S USB Device". If the drive is recognized as another named device, your current cable isnt compatible. Try another cable or one of the tested cable listed above.
Error: -2147024809 | Open Disk Manager and remove the partitions on the Surface Hub drive. Disconnect and reconnect the drive to the host machine. Restart the imaging tool again.

2
devices/surface-hub/surface-hub-site-readiness-guide.md
View File

@ -131,7 +131,7 @@ For details on Touchback and Inkback, see the user guide at http://www.microsoft
## See also
[Watch the video (opens in a pop-up media player)][http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov)
[Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov)

2
devices/surface-hub/surface-hub-start-menu.md
View File

@ -102,7 +102,6 @@ There are a few key differences between Start menu customization for Surface Hub
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
```
<span id="edge" />
@ -179,7 +178,6 @@ This example shows a link to a website and a link to a .pdf file.
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
```
>[!NOTE]

4
devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
View File

@ -25,7 +25,7 @@ There are a few scenarios where you need to specify the domain name of your Skyp
2. Click **Surface Hub**, and then click **Calling & Audio**.
3. Under **Skype for Business configuration**, click **Configure domain name**.
4. Type the domain name for your Skype for Business server, and then click **Ok**.
> [!TIP]
> You can type multiple domain names, separated by commas. <br> For example: lync.com, outlook.com, lync.glbdns.microsoft.com
> [!TIP]
> You can type multiple domain names, separated by commas. <br> For example: lync.com, outlook.com, lync.glbdns.microsoft.com
![Add Skype for Business FQDN to Settings](images/system-settings-add-fqdn.png)

16
devices/surface-hub/use-room-control-system-with-surface-hub.md
View File

@ -33,7 +33,7 @@ To connect to a room control system control panel, you don't need to configure a
| Parity | none |
| Flow control | none |
| Line feed | every carriage return |
 
## Wiring diagram
@ -55,7 +55,7 @@ The following command modifiers are available. Commands terminate with a new lin
| - | Decrease a value |
| = | Set a discrete value |
| ? | Queries for a current value |
 
## Power
@ -112,7 +112,7 @@ Changes to volume levels can be sent by a room control system, or other system.
| Volume- | SMC sends the volume down command.</br></br>PC service notifies SMC of new volume level. | Volume = 50 |
 
## Mute for audio
@ -123,7 +123,7 @@ Audio can be muted.
| AudioMute+ | SMC sends the audio mute command.</br></br>PC service notifies SMC that audio is muted. | none |
 
## Video source
@ -137,7 +137,7 @@ Several display sources can be used.
| 3 | VGA |
 
Changes to display source can be sent by a room control system, or other system.
@ -160,7 +160,7 @@ Errors are returned following the format in this table.
| Error: Command not available when off '&lt;input&gt;'. | When the Surface Hub is off, commands other than Power return this error. For example, &quot;Volume+&quot; would be invalid and return &quot; Error: Command not available when off 'Volume'&quot;. |
 
## Related topics
@ -169,9 +169,9 @@ Errors are returned following the format in this table.
[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
 
 

2
devices/surface/assettag.md
View File

@ -28,7 +28,7 @@ for Surface devices. It works on Surface Pro 3 and all newer Surface devices.
To run Surface Asset Tag:
1. On the Surface device, download **Surface Pro 3 AssetTag.zip** from the [Microsoft Download
1. On the Surface device, download **Surface Asset Tag.zip** from the [Microsoft Download
Center](https://www.microsoft.com/en-us/download/details.aspx?id=46703),
extract the zip file, and save AssetTag.exe in desired folder (in
this example, C:\\assets).

48
devices/surface/deploy-surface-app-with-windows-store-for-business.md
View File

@ -14,7 +14,7 @@ ms.reviewer:
manager: dansimp
---
#Deploy Surface app with Microsoft Store for Business and Education
# Deploy Surface app with Microsoft Store for Business and Education
**Applies to**
* Surface Pro 4
@ -38,11 +38,11 @@ The Surface app is a lightweight Microsoft Store app that provides control of ma
If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Microsoft Store or your Microsoft Store for Business.
##Surface app overview
## Surface app overview
The Surface app is available as a free download from the [Microsoft Store](https://www.microsoft.com/store/apps/Surface/9WZDNCRFJB8P). Users can download and install it from the Microsoft Store, but if your organization uses Microsoft Store for Business instead, you will need to add it to your stores inventory and possibly include the app as part of your Windows deployment process. These processes are discussed throughout this article. For more information about Microsoft Store for Business, see [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/) in the Windows TechCenter.
##Add Surface app to a Microsoft Store for Business account
## Add Surface app to a Microsoft Store for Business account
Before users can install or deploy an app from a companys Microsoft Store for Business account, the desired app(s) must first be made available and licensed to the users of a business.
@ -72,14 +72,14 @@ Before users can install or deploy an app from a companys Microsoft Store for
*Figure 3. Offline-licensed app acknowledgement*
* Click **OK**.
##Download Surface app from a Microsoft Store for Business account
## Download Surface app from a Microsoft Store for Business account
After you add an app to the Microsoft Store for Business account in Offline mode, you can download and add the app as an AppxBundle to a deployment share.
1. Log on to the Microsoft Store for Business account at https://businessstore.microsoft.com.
2. Click **Manage->Apps & software**. A list of all of your companys apps is displayed, including the Surface app you added in the [Add Surface app to a Microsoft Store for Business account](#add-surface-app-to-a-microsoft-store-for-business-account) section of this article.
3. Under **Actions**, click the ellipsis (**…**), and then click **Download for offline use** for the Surface app.
4. Select the desired **Platform** and **Architecture** options from the available selections for the selected app, as shown in Figure 4.
![Example of the AppxBundle package](images\deploysurfapp-fig4-downloadappxbundle.png "Example of the AppxBundle package")
![Example of the AppxBundle package](images/deploysurfapp-fig4-downloadappxbundle.png "Example of the AppxBundle package")
*Figure 4. Download the AppxBundle package for an app*
5. Click **Download**. The AppxBundle package will be downloaded. Make sure you note the path of the downloaded file because youll need that later in this article.
@ -91,7 +91,7 @@ After you add an app to the Microsoft Store for Business account in Offline mode
Figure 5 shows the required frameworks for the Surface app.
![Required frameworks for the Surface app](images\deploysurfapp-fig5-requiredframework.png "Required frameworks for the Surface app")
![Required frameworks for the Surface app](images/deploysurfapp-fig5-requiredframework.png "Required frameworks for the Surface app")
*Figure 5. Required frameworks for the Surface app*
@ -105,7 +105,7 @@ To download the required frameworks for the Surface app, follow these steps:
>[!NOTE]
>Only the 64-bit (x64) version of each framework is required for Surface devices. Surface devices are native 64-bit UEFI devices and are not compatible with 32-bit (x86) versions of Windows that would require 32-bit frameworks.
##Install Surface app on your computer with PowerShell
## Install Surface app on your computer with PowerShell
The following procedure provisions the Surface app onto your computer and makes it available for any user accounts created on the computer afterwards.
1. Using the procedure described in the [How to download Surface app from a Microsoft Store for Business account](#download-surface-app-from-a-microsoft-store-for-business-account) section of this article, download the Surface app AppxBundle and license file.
2. Begin an elevated PowerShell session.
@ -129,26 +129,26 @@ The following procedure provisions the Surface app onto your computer and makes
Before the Surface app is functional on the computer where it has been provisioned, you must also provision the frameworks described earlier in this article. To provision these frameworks, use the following procedure in the elevated PowerShell session you used to provision the Surface app.
5. In the elevated PowerShell session, copy and paste the following command:
```
Add-AppxProvisionedPackage Online SkipLicense PackagePath <DownloadPath>\Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx
```
6. In the elevated PowerShell session, copy and paste the following command:
```
Add-AppxProvisionedPackage Online SkipLicense PackagePath <DownloadPath>\Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx
```
5. In the elevated PowerShell session, copy and paste the following command:
```
Add-AppxProvisionedPackage Online SkipLicense PackagePath <DownloadPath>\Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx
```
6. In the elevated PowerShell session, copy and paste the following command:
```
Add-AppxProvisionedPackage Online SkipLicense PackagePath <DownloadPath>\Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx
```
##Install Surface app with MDT
## Install Surface app with MDT
The following procedure uses MDT to automate installation of the Surface app at the time of deployment. The application is provisioned automatically by MDT during deployment and thus you can use this process with existing images. This is the recommended process to deploy the Surface app as part of a Windows deployment to Surface devices because it does not reduce the cross platform compatibility of the Windows image.
1. Using the procedure described [earlier in this article](#download-surface-app-from-a-microsoft-store-for-business-account), download the Surface app AppxBundle and license file.
2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**.
3. On the **Command Details** page of the New Application Wizard, specify the default **Working Directory** and for the **Command** specify the file name of the AppxBundle, as follows:
1. Using the procedure described [earlier in this article](#download-surface-app-from-a-microsoft-store-for-business-account), download the Surface app AppxBundle and license file.
2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**.
3. On the **Command Details** page of the New Application Wizard, specify the default **Working Directory** and for the **Command** specify the file name of the AppxBundle, as follows:
* Command:
```
Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle
```
* Working Directory: %DEPLOYROOT%\Applications\SurfaceApp
* Command:
```
Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle
```
* Working Directory: %DEPLOYROOT%\Applications\SurfaceApp
For the Surface app to function on the target computer, it will also require the frameworks described earlier in this article. Use the following procedure to import the frameworks required for the Surface app into MDT and to configure them as dependencies.
1. Using the procedure described earlier in this article, download the framework files. Store each framework in a separate folder.

306
devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
View File

@ -18,10 +18,10 @@ manager: dansimp
**Applies to**
- Surface Studio
* Surface Pro 4
* Surface Book
* Surface 3
* Windows 10
- Surface Pro 4
- Surface Book
- Surface 3
- Windows 10
This article walks you through the recommended process to deploy Windows 10 to Surface devices with Microsoft deployment technologies. The process described in this article yields a complete Windows 10 environment including updated firmware and drivers for your Surface device along with applications like Microsoft Office 365 and the Surface app. When the process is complete, the Surface device will be ready for use by the end user. You can customize this process to include your own applications and configuration to meet the needs of your organization. You can also follow the guidance provided in this article to integrate deployment to Surface devices into existing deployment strategies.
@ -121,13 +121,13 @@ To boot from the network with either your reference virtual machines or your Sur
Windows Deployment Services (WDS) is a Windows Server role. To add the WDS role to a Windows Server 2012 R2 environment, use the Add Roles and Features Wizard, as shown in Figure 1. Start the Add Roles and Features Wizard from the **Manage** button of **Server Manager**. Install both the Deployment Server and Transport Server role services.
![Install the Windows Deployment Services role](images\surface-deploymdt-fig1.png "Install the Windows Deployment Services role")
![Install the Windows Deployment Services role](images/surface-deploymdt-fig1.png "Install the Windows Deployment Services role")
*Figure 1. Install the Windows Deployment Services server role*
After the WDS role is installed, you need to configure WDS. You can begin the configuration process from the WDS node of Server Manager by right-clicking your servers name and then clicking **Windows Deployment Services Management Console**. In the **Windows Deployment Services** window, expand the **Servers** node to find your server, right-click your server, and then click **Configure** in the menu to start the Windows Deployment Services Configuration Wizard, as shown in Figure 2.
![Configure PXE response for Windows Deployment Services](images\surface-deploymdt-fig2.png "Configure PXE response for Windows Deployment Services")
![Configure PXE response for Windows Deployment Services](images/surface-deploymdt-fig2.png "Configure PXE response for Windows Deployment Services")
*Figure 2. Configure PXE response for Windows Deployment Services*
@ -148,7 +148,7 @@ To install Windows ADK, run the Adksetup.exe file that you downloaded from [Down
When you get to the **Select the features you want to install** page, you only need to select the **Deployment Tools** and **Windows Preinstallation Environment (Windows PE)** check boxes to deploy Windows 10 using MDT, as shown in Figure 3.
![Required options for deployment with MDT](images\surface-deploymdt-fig3.png "Required options for deployment with MDT")
![Required options for deployment with MDT](images/surface-deploymdt-fig3.png "Required options for deployment with MDT")
*Figure 3. Only Deployment Tools and Windows PE options are required for deployment with MDT*
@ -178,24 +178,24 @@ To create the deployment share, follow these steps:
1. Open the Deployment Workbench from your Start menu or Start screen, as shown in Figure 5.
![The MDT Deployment Workbench](images\surface-deploymdt-fig5.png "The MDT Deployment Workbench")
![The MDT Deployment Workbench](images/surface-deploymdt-fig5.png "The MDT Deployment Workbench")
*Figure 5. The MDT Deployment Workbench*
2. Right-click the **Deployment Shares** folder, and then click **New Deployment Share** to start the New Deployment Share Wizard, as shown in Figure 6.
![Summary page of the New Deployment Share Wizard](images\surface-deploymdt-fig6.png "Summary page of the New Deployment Share Wizard")
![Summary page of the New Deployment Share Wizard](images/surface-deploymdt-fig6.png "Summary page of the New Deployment Share Wizard")
*Figure 6. The Summary page of the New Deployment Share Wizard*
3. Create a new deployment share with New Deployment Share Wizard with the following steps:
* **Path** Specify a local folder where the deployment share will reside, and then click **Next**.
* **Path** Specify a local folder where the deployment share will reside, and then click **Next**.
>[!NOTE]
>Like the WDS remote installation folder, it is recommended that you put this folder on an NTFS volume that is not your system volume.
* **Share** Specify a name for the network share under which the local folder specified on the **Path** page will be shared, and then click **Next**.
* **Share** Specify a name for the network share under which the local folder specified on the **Path** page will be shared, and then click **Next**.
>[!NOTE]
>The share name cannot contain spaces.
@ -203,11 +203,11 @@ To create the deployment share, follow these steps:
>[!NOTE]
>You can use a Dollar Sign (**$**) to hide your network share so that it will not be displayed when users browse the available network shares on the server in File Explorer.
* **Descriptive Name** Enter a descriptive name for the network share (this descriptive name can contain spaces), and then click **Next**. The descriptive name will be the name of the folder as it appears in the Deployment Workbench.
* **Options** You can accept the default options on this page. Click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the deployment share.
* **Progress** While the deployment share is being created, a progress bar is displayed on this page to indicate the status of the deployment share creation process.
* **Confirmation** When the deployment share creation process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Deployment Share Wizard.
* **Descriptive Name** Enter a descriptive name for the network share (this descriptive name can contain spaces), and then click **Next**. The descriptive name will be the name of the folder as it appears in the Deployment Workbench.
* **Options** You can accept the default options on this page. Click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the deployment share.
* **Progress** While the deployment share is being created, a progress bar is displayed on this page to indicate the status of the deployment share creation process.
* **Confirmation** When the deployment share creation process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Deployment Share Wizard.
4. When the New Deployment Share Wizard is complete, you can expand the Deployment Shares folder to find your newly created deployment share.
5. You can expand your deployment share, where you will find several folders for the resources, scripts, and components of your MDT deployment environment are stored.
@ -230,30 +230,30 @@ To import Windows 10 installation files, follow these steps:
1. Right-click the **Operating Systems** folder under your deployment share in the Deployment Workbench, and then click **New Folder** to open the **New Folder** page, as shown in Figure 7.
![Create a new folder on the New Folder page](images\surface-deploymdt-fig7.png "Create a new folder on the New Folder page")
![Create a new folder on the New Folder page](images/surface-deploymdt-fig7.png "Create a new folder on the New Folder page")
*Figure 7. Create a new folder on the New Folder page*
2. On the **New Folder** page a series of steps is displayed, as follows:
* **General Settings** Enter a name for the folder in the **Folder Name** field (for example, Windows 10 Enterprise), add any comments you want in the **Comments** field, and then click **Next**.
* **Summary** Review the specified configuration of the new folder on this page, and then click **Next**.
* **Progress** A progress bar will be displayed on this page while the folder is created. This page will likely pass very quickly.
* **Confirmation** When the new folder has been created, a **Confirmation** page displays the success of the operation. Click **Finish** to close the **New Folder** page.
* **General Settings** Enter a name for the folder in the **Folder Name** field (for example, Windows 10 Enterprise), add any comments you want in the **Comments** field, and then click **Next**.
* **Summary** Review the specified configuration of the new folder on this page, and then click **Next**.
* **Progress** A progress bar will be displayed on this page while the folder is created. This page will likely pass very quickly.
* **Confirmation** When the new folder has been created, a **Confirmation** page displays the success of the operation. Click **Finish** to close the **New Folder** page.
3. Expand the Operating Systems folder to see the newly created folder.
4. Right-click the newly created folder, and then click **Import Operating System** to launch the Import Operating System Wizard, as shown in Figure 8.
![Import source files with the Import Operating System Wizard](images\surface-deploymdt-fig8.png "Import source files with the Import Operating System Wizard")
![Import source files with the Import Operating System Wizard](images/surface-deploymdt-fig8.png "Import source files with the Import Operating System Wizard")
*Figure 8. Import source files with the Import Operating System Wizard*
5. The Import Operating System Wizard walks you through the import of your operating system files, as follows:
* **OS Type** Click **Full Set of Source Files** to specify that you are importing the Windows source files from installation media, and then click **Next**.
* **Source** Click **Browse**, move to and select the folder or drive where your installation files are found, and then click **Next**.
* **Destination** Enter a name for the new folder that will be created to hold the installation files, and then click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the installation files are imported, a progress bar is displayed on this page.
* **Confirmation** When the operating system import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Operating System Wizard.
6. Expand the folder you created in Step 1 to see the entry for your newly imported installation files for Windows 10.
* **OS Type** Click **Full Set of Source Files** to specify that you are importing the Windows source files from installation media, and then click **Next**.
* **Source** Click **Browse**, move to and select the folder or drive where your installation files are found, and then click **Next**.
* **Destination** Enter a name for the new folder that will be created to hold the installation files, and then click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the installation files are imported, a progress bar is displayed on this page.
* **Confirmation** When the operating system import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Operating System Wizard.
6. Expand the folder you created in Step 1 to see the entry for your newly imported installation files for Windows 10.
Now that youve imported the installation files from the installation media, you have the files that MDT needs to create the reference image and you are ready to instruct MDT how to create the reference image to your specifications.
@ -268,35 +268,35 @@ To create the reference image task sequence, follow these steps:
1. Right-click the **Task Sequences** folder under your deployment share in the Deployment Workbench, and then click **New Task Sequence** to start the New Task Sequence Wizard, as shown in Figure 9.
![Create new task sequence to deploy and update a Windows 10 reference environment](images\surface-deploymdt-fig9.png "Create new task sequence to deploy and update a Windows 10 reference environment")
![Create new task sequence to deploy and update a Windows 10 reference environment](images/surface-deploymdt-fig9.png "Create new task sequence to deploy and update a Windows 10 reference environment")
*Figure 9. Create a new task sequence to deploy and update a Windows 10 reference environment*
2. The New Task Sequence Wizard presents a series of steps, as follows:
* **General Settings** Enter an identifier for the reference image task sequence in the **Task Sequence ID** field, a name for the reference image task sequence in the **Task Sequence Name** field, and any comments for the reference image task sequence in the **Task Sequence Comments** field, and then click **Next**.
>[!NOTE]
>The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
* **Select Template** Select **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
* **Select OS** Navigate to and select the Windows 10 image you imported with the Windows 10 installation files, and then click **Next**.
* **Specify Product Key** Click **Do Not Specify a Product Key at This Time**, and then click **Next**.
* **OS Settings** Enter a name, organization, and home page URL in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
* **Admin Password** Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
>[!NOTE]
>During creation of a reference image, any specified Administrator password will be automatically removed when the image is prepared for capture with Sysprep. During reference image creation, a password is not necessary, but is recommended to remain in line with best practices for production deployment environments.
* **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
* **Progress** While the task sequence is created, a progress bar is displayed on this page.
* **Confirmation** When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
2. Select the **Task Sequences** folder, right-click the new task sequence you created, and then click **Properties**.
3. Select the **Task Sequence** tab to view the steps that are included in the Standard Client Task Sequence template, as shown in Figure 10.
* **General Settings** Enter an identifier for the reference image task sequence in the **Task Sequence ID** field, a name for the reference image task sequence in the **Task Sequence Name** field, and any comments for the reference image task sequence in the **Task Sequence Comments** field, and then click **Next**.
>[!NOTE]
>The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
* **Select Template** Select **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
* **Select OS** Navigate to and select the Windows 10 image you imported with the Windows 10 installation files, and then click **Next**.
* **Specify Product Key** Click **Do Not Specify a Product Key at This Time**, and then click **Next**.
* **OS Settings** Enter a name, organization, and home page URL in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
* **Admin Password** Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
>[!NOTE]
>During creation of a reference image, any specified Administrator password will be automatically removed when the image is prepared for capture with Sysprep. During reference image creation, a password is not necessary, but is recommended to remain in line with best practices for production deployment environments.
* **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
* **Progress** While the task sequence is created, a progress bar is displayed on this page.
* **Confirmation** When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
3. Select the **Task Sequences** folder, right-click the new task sequence you created, and then click **Properties**.
4. Select the **Task Sequence** tab to view the steps that are included in the Standard Client Task Sequence template, as shown in Figure 10.
![Enable Windows Update in the reference image task sequence](images\surface-deploymdt-fig10.png "Enable Windows Update in the reference image task sequence")
![Enable Windows Update in the reference image task sequence](images/surface-deploymdt-fig10.png "Enable Windows Update in the reference image task sequence")
*Figure 10. Enable Windows Update in the reference image task sequence*
4. Select the **Windows Update (Pre-Application Installation)** option, located under the **State Restore** folder.
5. Click the **Options** tab, and then clear the **Disable This Step** check box.
6. Repeat Step 4 and Step 5 for the **Windows Update (Post-Application Installation)** option.
7. Click **OK** to apply changes to the task sequence, and then close the task sequence properties window.
5. Select the **Windows Update (Pre-Application Installation)** option, located under the **State Restore** folder.
6. Click the **Options** tab, and then clear the **Disable This Step** check box.
7. Repeat Step 4 and Step 5 for the **Windows Update (Post-Application Installation)** option.
8. Click **OK** to apply changes to the task sequence, and then close the task sequence properties window.
### Generate and import MDT boot media
@ -306,25 +306,25 @@ To update the MDT boot media, follow these steps:
1. Right-click the deployment share in the Deployment Workbench, and then click **Update Deployment Share** to start the Update Deployment Share Wizard, as shown in Figure 11.
![Generate boot images with the Update Deployment Share Wizard](images\surface-deploymdt-fig11.png "Generate boot images with the Update Deployment Share Wizard")
![Generate boot images with the Update Deployment Share Wizard](images/surface-deploymdt-fig11.png "Generate boot images with the Update Deployment Share Wizard")
*Figure 11. Generate boot images with the Update Deployment Share Wizard*
2. Use the Update Deployment Share Wizard to create boot images with the following process:
* **Options** Click **Completely Regenerate the Boot Images**, and then click **Next**.
>[!NOTE]
>Because this is the first time the newly created deployment share has been updated, new boot images will be generated regardless of which option you select on the **Options** page.
* **Summary** Review the specified options on this page before you click **Next** to begin generation of boot images.
* **Progress** While the boot images are being generated, a progress bar is displayed on this page.
* **Confirmation** When the boot images have been generated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
* **Options** Click **Completely Regenerate the Boot Images**, and then click **Next**.
>[!NOTE]
>Because this is the first time the newly created deployment share has been updated, new boot images will be generated regardless of which option you select on the **Options** page.
* **Summary** Review the specified options on this page before you click **Next** to begin generation of boot images.
* **Progress** While the boot images are being generated, a progress bar is displayed on this page.
* **Confirmation** When the boot images have been generated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
3. Confirm that boot images have been generated by navigating to the deployment share in File Explorer and opening the Boot folder. The following files should be displayed, as shown in Figure 12:
* **LiteTouchPE_x86.iso**
* **LiteTouchPE_x86.wim**
* **LiteTouchPE_x64.iso**
* **LiteTouchPE_x64.wim**
* **LiteTouchPE_x86.iso**
* **LiteTouchPE_x86.wim**
* **LiteTouchPE_x64.iso**
* **LiteTouchPE_x64.wim**
![Boot images in the Boot folder after Update Deployment Share Wizard completes](images\surface-deploymdt-fig12.png "Boot images in the Boot folder after Update Deployment Share Wizard completes")
![Boot images in the Boot folder after Update Deployment Share Wizard completes](images/surface-deploymdt-fig12.png "Boot images in the Boot folder after Update Deployment Share Wizard completes")
*Figure 12. Boot images displayed in the Boot folder after completion of the Update Deployment Share Wizard*
@ -334,21 +334,21 @@ To import the MDT boot media into WDS for PXE boot, follow these steps:
2. Expand **Servers** and your deployment server.
3. Click the **Boot Images** folder, as shown in Figure 13.
![Start the Add Image Wizard from the Boot Images folder](images\surface-deploymdt-fig13.png "Start the Add Image Wizard from the Boot Images folder")
![Start the Add Image Wizard from the Boot Images folder](images/surface-deploymdt-fig13.png "Start the Add Image Wizard from the Boot Images folder")
*Figure 13. Start the Add Image Wizard from the Boot Images folder*
4. Right-click the **Boot Images** folder, and then click **Add Boot Image** to open the Add Image Wizard, as shown in Figure 14.
![Import the LiteTouchPE_x86.wim MDT boot image](images\surface-deploymdt-fig14.png "Import the LiteTouchPE_x86.wim MDT boot image")
![Import the LiteTouchPE_x86.wim MDT boot image](images/surface-deploymdt-fig14.png "Import the LiteTouchPE_x86.wim MDT boot image")
*Figure 14. Import the LiteTouchPE_x86.wim MDT boot image*
5. The Add Image Wizard displays a series of steps, as follows:
* **Image File** Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, click **Open**, and then click **Next**.
* **Image Metadata** Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
* **Summary** Review your selections to import a boot image into WDS, and then click **Next**.
* **Task Progress** A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
* **Image File** Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, click **Open**, and then click **Next**.
* **Image Metadata** Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
* **Summary** Review your selections to import a boot image into WDS, and then click **Next**.
* **Task Progress** A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
>[!NOTE]
>Only the 32-bit boot image, LiteTouchPE_x86.wim, is required to boot from BIOS devices, including Generation 1 Hyper-V virtual machines like the reference virtual machine.
@ -379,7 +379,7 @@ Perform the reference image deployment and capture using the following steps:
1. Start your virtual machine and press the F12 key when prompted to boot to the WDS server via PXE, as shown in Figure 15.
![Start network boot by pressing the F12 key](images\surface-deploymdt-fig15.png "Start network boot by pressing the F12 key")
![Start network boot by pressing the F12 key](images/surface-deploymdt-fig15.png "Start network boot by pressing the F12 key")
*Figure 15. Start network boot by pressing the F12 key*
@ -387,18 +387,18 @@ Perform the reference image deployment and capture using the following steps:
3. Enter your MDT username and password, a user with rights to access the MDT deployment share over the network and with rights to write to the Captures folder in the deployment share.
4. After your credentials are validated, the Windows Deployment Wizard will start and process the boot and deployment share rules.
5. The Windows Deployment Wizard displays a series of steps, as follows:
* **Task Sequence** Select the task sequence you created for reference image creation (it should be the only task sequence available), and then click **Next**.
* **Computer Details** Leave the default computer name, workgroup name, and the **Join a Workgroup** option selected, and then click **Next**. The computer name and workgroup will be reset when the image is prepared by Sysprep and captured.
* **Move Data and Settings** Leave the default option of **Do Not Move User Data and Settings** selected, and then click **Next**.
* **User Data (Restore)** Leave the default option of **Do Not Restore User Data and Settings** selected, and then click **Next**.
* **Locale and Time** Leave the default options for language and time settings selected. The locale and time settings will be specified during deployment of the image to other devices. Click **Next**.
* **Capture Image** Click the **Capture an Image of this Reference Computer** option, as shown in Figure 16. In the **Location** field, keep the default location of the Captures folder. You can keep or change the name of the image file in the **File Name** field. When you are finished, click **Next**.
* **Task Sequence** Select the task sequence you created for reference image creation (it should be the only task sequence available), and then click **Next**.
* **Computer Details** Leave the default computer name, workgroup name, and the **Join a Workgroup** option selected, and then click **Next**. The computer name and workgroup will be reset when the image is prepared by Sysprep and captured.
* **Move Data and Settings** Leave the default option of **Do Not Move User Data and Settings** selected, and then click **Next**.
* **User Data (Restore)** Leave the default option of **Do Not Restore User Data and Settings** selected, and then click **Next**.
* **Locale and Time** Leave the default options for language and time settings selected. The locale and time settings will be specified during deployment of the image to other devices. Click **Next**.
* **Capture Image** Click the **Capture an Image of this Reference Computer** option, as shown in Figure 16. In the **Location** field, keep the default location of the Captures folder. You can keep or change the name of the image file in the **File Name** field. When you are finished, click **Next**.
![Capture an image of the reference machine](images\surface-deploymdt-fig16.png "Capture an image of the reference machine")
![Capture an image of the reference machine](images/surface-deploymdt-fig16.png "Capture an image of the reference machine")
*Figure 16. Use the Capture Image page to capture an image of the reference machine after deployment*
*Figure 16. Use the Capture Image page to capture an image of the reference machine after deployment*
* **Ready** You can review your selections by expanding **Details** on the **Ready** page. Click **Begin** when you are ready to perform the deployment and capture of your reference image.
* **Ready** You can review your selections by expanding **Details** on the **Ready** page. Click **Begin** when you are ready to perform the deployment and capture of your reference image.
6. Your reference task sequence will run with the specified options.
@ -427,14 +427,14 @@ To import the reference image for deployment, use the following steps:
1. Right-click the **Operating Systems** folder under your deployment share in the Deployment Workbench or the folder you created in when you imported Windows 10 installation files, and then click **Import Operating System** to start the Import Operating System Wizard.
2. Import the custom image with the Import Operating System Wizard by using the following steps:
* **OS Type** Select Custom Image File to specify that you are importing the Windows source files from installation media, and then click **Next**.
* **Image** Click **Browse**, and then navigate to and select the image file in the **Captures** folder in your deployment share. Select the **Move the Files to the Deployment Share Instead of Copying Them** checkbox if desired. Click **Next**.
* **Setup** Click **Setup Files are not Neededf**, and then click **Next**.
* **Destination** Enter a name for the new folder that will be created to hold the image file, and then click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the image is imported, a progress bar is displayed on this page.
* **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Operating System Wizard.
3. Expand the folder in which you imported the image to verify that the import completed successfully.
* **OS Type** Select Custom Image File to specify that you are importing the Windows source files from installation media, and then click **Next**.
* **Image** Click **Browse**, and then navigate to and select the image file in the **Captures** folder in your deployment share. Select the **Move the Files to the Deployment Share Instead of Copying Them** checkbox if desired. Click **Next**.
* **Setup** Click **Setup Files are not Neededf**, and then click **Next**.
* **Destination** Enter a name for the new folder that will be created to hold the image file, and then click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the image is imported, a progress bar is displayed on this page.
* **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Operating System Wizard.
3. Expand the folder in which you imported the image to verify that the import completed successfully.
>[!NOTE]
>You can import the reference image into the same deployment share that you used to create your reference image, or you could import the reference image into a new deployment share for deployment to your Surface devices. If you chose to create a new deployment share for deployment of your reference image, remember that you still need to import a full set of installation files from installation media.
@ -458,24 +458,24 @@ To import the Surface drivers (in this example, Surface Pro 4) into MDT, follow
* Microsoft Corporation
* Surface Pro 4
![Recommended folder structure for drivers](images\surface-deploymdt-fig17.png "Recommended folder structure for drivers")
![Recommended folder structure for drivers](images/surface-deploymdt-fig17.png "Recommended folder structure for drivers")
*Figure 17. The recommended folder structure for drivers*
4. Right-click the **Surface Pro 4** folder, and then click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 18.
![Progress page during drivers import](images\surface-deploymdt-fig18.png "Progress page during drivers import")
![Progress page during drivers import](images/surface-deploymdt-fig18.png "Progress page during drivers import")
*Figure 18. The Progress page during drivers import*
5. The Import Driver Wizard displays a series of steps, as follows:
* **Specify Directory** Click **Browse** and navigate to the folder where you extracted the Surface Pro 4 firmware and drivers in Step 1.
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the drivers are imported, a progress bar is displayed on this page.
* **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
6. Click the **Surface Pro 4** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 19.
* **Specify Directory** Click **Browse** and navigate to the folder where you extracted the Surface Pro 4 firmware and drivers in Step 1.
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the drivers are imported, a progress bar is displayed on this page.
* **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
6. Click the **Surface Pro 4** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 19.
![Drivers for Surface Pro 4 imported and organized in the MDT deployment share](images\surface-deploymdt-fig19.png "Drivers for Surface Pro 4 imported and organized in the MDT deployment share")
![Drivers for Surface Pro 4 imported and organized in the MDT deployment share](images/surface-deploymdt-fig19.png "Drivers for Surface Pro 4 imported and organized in the MDT deployment share")
*Figure 19. Drivers for Surface Pro 4 imported and organized in the MDT deployment share*
@ -493,7 +493,7 @@ After you have downloaded the source files for your version of Office Click-to-R
1. Right-click the existing **Configuration.xml** file, and then click **Edit**.
2. This action opens the file in Notepad. Replace the existing text with the following:
```
```
<Configuration>
<Add OfficeClientEdition="32">
<Product ID="O365ProPlusRetail" >
@ -501,7 +501,7 @@ After you have downloaded the source files for your version of Office Click-to-R
</Product>
</Add>
<Display Level="None" AcceptEULA="TRUE" /> </Configuration>
```
```
3. Save the file.
@ -514,22 +514,22 @@ Now that the installation and configuration files are prepared, the application
1. Open the Deployment Workbench.
2. Expand the deployment share, right-click the **Applications** folder, and then click **New Application** to start the New Application Wizard, as shown in Figure 20.
![Enter the command and directory for Office 2016 Click-to-Run](images\surface-deploymdt-fig20.png "Enter the command and directory for Office 2016 Click-to-Run")
![Enter the command and directory for Office 2016 Click-to-Run](images/surface-deploymdt-fig20.png "Enter the command and directory for Office 2016 Click-to-Run")
*Figure 20. Enter the command and directory for Office 2016 Click-to-Run*
3. The New Application Wizard walks you through importing the Office 2016 Click-to-Run files, as follows:
* **Application Type** Click **Application with Source Files**, and then click **Next**.
* **Details** Enter a name for the application (for example, Office 2016 Click-to-Run) in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
* **Source** Click **Browse** to navigate to and select the folder where you downloaded the Office installation files with the Office Deployment Tool, and then click **Next**.
* **Destination** Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
* **Command Details** Enter the Office Deployment Tool installation command line:
* **Application Type** Click **Application with Source Files**, and then click **Next**.
* **Details** Enter a name for the application (for example, Office 2016 Click-to-Run) in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
* **Source** Click **Browse** to navigate to and select the folder where you downloaded the Office installation files with the Office Deployment Tool, and then click **Next**.
* **Destination** Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
* **Command Details** Enter the Office Deployment Tool installation command line:
`Setup.exe /configure configuration.xml`
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the installation files are imported, a progress bar is displayed on this page.
* **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the installation files are imported, a progress bar is displayed on this page.
* **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
4. You should now see the **Office 2016 Click-to-Run** item under the **Applications** folder in the Deployment Workbench.
@ -551,17 +551,17 @@ The next step in the process is to create the deployment task sequence. This tas
To create the deployment task sequence, follow these steps:
1. In the Deployment Workbench, under your Deployment Share, right-click the **Task Sequences** folder, and then click **New Task Sequence** to start the New Task Sequence Wizard.
2. Use these steps to create the deployment task sequence with the New Task Sequence Wizard:
* **General Settings** Enter an identifier for the deployment task sequence in the **Task Sequence ID** field, a name for the deployment task sequence in the **Task Sequence Name** field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, then click **Next**.
>[!NOTE]
>The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
* **Select Template** Click **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
* **Select OS** Navigate to and select the reference image that you imported, and then click **Next**.
* **Specify Product Key** Select the product key entry that fits your organization's licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
* **OS Settings** Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
* **Admin Password** Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
* **Progress** While the task sequence is being created, a progress bar is displayed on this page.
* **Confirmation** When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
* **General Settings** Enter an identifier for the deployment task sequence in the **Task Sequence ID** field, a name for the deployment task sequence in the **Task Sequence Name** field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, then click **Next**.
>[!NOTE]
>The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
* **Select Template** Click **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
* **Select OS** Navigate to and select the reference image that you imported, and then click **Next**.
* **Specify Product Key** Select the product key entry that fits your organization's licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
* **OS Settings** Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
* **Admin Password** Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
* **Progress** While the task sequence is being created, a progress bar is displayed on this page.
* **Confirmation** When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
After the task sequence is created it can be modified for increased automation, such as the installation of applications without user interaction, the selection of drivers, and the installation of Windows updates.
@ -573,7 +573,7 @@ After the task sequence is created it can be modified for increased automation,
6. Between the two **Windows Update** steps is the **Install Applications** step. Click the **Install Applications** step, and then click **Add**.
7. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 21.
![A new Install Application step in the deployment task sequence](images\surface-deploymdt-fig21.png "A new Install Application step in the deployment task sequence")
![A new Install Application step in the deployment task sequence](images/surface-deploymdt-fig21.png "A new Install Application step in the deployment task sequence")
*Figure 21. A new Install Application step in the deployment task sequence*
@ -584,22 +584,22 @@ After the task sequence is created it can be modified for increased automation,
12. Expand the **Preinstall** folder, and then click the **Enable BitLocker (Offline)** step.
13. Open the **Add** menu again and choose **Set Task Sequence Variable** from under the **General** menu.
14. On the **Properties** tab of the new **Set Task Sequence Variable** step (as shown in Figure 22), configure the following options:
* **Name** Set DriverGroup001
* **Task Sequence Variable** DriverGroup001
* **Value** Windows 10 x64\%Make%\%Model%
* **Name** Set DriverGroup001
* **Task Sequence Variable** DriverGroup001
* **Value** Windows 10 x64\%Make%\%Model%
![Configure a new Set Task Sequence Variable step in the deployment task sequence](images\surface-deploymdt-fig22.png "Configure a new Set Task Sequence Variable step in the deployment task sequence")
![Configure a new Set Task Sequence Variable step in the deployment task sequence](images/surface-deploymdt-fig22.png "Configure a new Set Task Sequence Variable step in the deployment task sequence")
*Figure 22. Configure a new Set Task Sequence Variable step in the deployment task sequence*
*Figure 22. Configure a new Set Task Sequence Variable step in the deployment task sequence*
15. Select the **Inject Drivers** step, the next step in the task sequence.
16. On the **Properties** tab of the **Inject Drivers** step (as shown in Figure 23), configure the following options:
* In the **Choose a selection profile** drop-down menu, select **Nothing**.
* Click the **Install all drivers from the selection profile** button.
* In the **Choose a selection profile** drop-down menu, select **Nothing**.
* Click the **Install all drivers from the selection profile** button.
![Configure deployment task sequence not to choose the drivers to inject into Windows](images\surface-deploymdt-fig23.png "Configure deployment task sequence not to choose the drivers to inject into Windows")
![Configure deployment task sequence not to choose the drivers to inject into Windows](images/surface-deploymdt-fig23.png "Configure deployment task sequence not to choose the drivers to inject into Windows")
*Figure 23. Configure the deployment task sequence not to choose the drivers to inject into Windows*
*Figure 23. Configure the deployment task sequence not to choose the drivers to inject into Windows*
17. Click **OK** to apply changes to the task sequence and close the task sequence properties window.
@ -617,20 +617,20 @@ To automate the boot media rules, follow these steps:
2. Click the **Rules** tab, and then click **Edit Bootstrap.ini** to open Bootstrap.ini in Notepad.
3. Replace the text of the Bootstrap.ini file with the following text:
```
[Settings]
Priority=Model,Default
```
[Settings]
Priority=Model,Default
[Surface Pro 4]
DeployRoot=\\STNDeployServer\DeploymentShare$
UserDomain=STNDeployServer
UserID=MDTUser
UserPassword=P@ssw0rd
SkipBDDWelcome=YES
[Surface Pro 4]
DeployRoot=\\STNDeployServer\DeploymentShare$
UserDomain=STNDeployServer
UserID=MDTUser
UserPassword=P@ssw0rd
SkipBDDWelcome=YES
[Surface Pro 4]
DeployRoot=\\STNDeployServer\DeploymentShare$
```
[Surface Pro 4]
DeployRoot=\\STNDeployServer\DeploymentShare$
```
4. Press Ctrl+S to save Bootstrap.ini, and then close Notepad.
@ -650,7 +650,7 @@ Rules used in the text shown in Step 3 include:
The bulk of the rules used to automate the MDT deployment process are stored in the deployment share rules, or the Customsettings.ini file. In this file you can answer and hide all of the prompts from the Windows Deployment Wizard, which yields a deployment experience that mostly consists of a progress bar that displays the automated actions occurring on the device. The deployment share rules are shown directly in the **Rules** tab of the deployment share properties, as shown in Figure 24.
![Deployment share rules configured for automation of the Windows Deployment Wizard](images\surface-deploymdt-fig24.png "Deployment share rules configured for automation of the Windows Deployment Wizard")
![Deployment share rules configured for automation of the Windows Deployment Wizard](images/surface-deploymdt-fig24.png "Deployment share rules configured for automation of the Windows Deployment Wizard")
*Figure 24. Deployment share rules configured for automation of the Windows Deployment Wizard*
@ -740,10 +740,10 @@ To update the MDT boot media, follow these steps:
1. Right-click the deployment share in the Deployment Workbench, and then click **Update Deployment Share** to start the Update Deployment Share Wizard.
2. The Update Deployment Share Wizard displays a series of steps, as follows:
* **Options** Choose between the **Completely Regenerate the Boot Images** or **Optimize the Boot Image Updating Process** options. Completely regenerating the boot images will take more time, but produces boot media that is not fragmented and does not contain out of date components. Optimizing the boot image updating process will proceed more quickly, but may result in longer load times when booting via PXE. Click **Next**.
* **Summary** Review the specified options on this page before you click **Next** to begin the update of boot images.
* **Progress** While the boot images are being updated a progress bar is displayed on this page.
* **Confirmation** When the boot images have been updated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
* **Options** Choose between the **Completely Regenerate the Boot Images** or **Optimize the Boot Image Updating Process** options. Completely regenerating the boot images will take more time, but produces boot media that is not fragmented and does not contain out of date components. Optimizing the boot image updating process will proceed more quickly, but may result in longer load times when booting via PXE. Click **Next**.
* **Summary** Review the specified options on this page before you click **Next** to begin the update of boot images.
* **Progress** While the boot images are being updated a progress bar is displayed on this page.
* **Confirmation** When the boot images have been updated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
To import the updated MDT boot media into WDS for PXE boot, follow these steps:
@ -752,17 +752,17 @@ To import the updated MDT boot media into WDS for PXE boot, follow these steps:
3. Click the **Boot Images** folder.
4. Right-click the existing MDT boot image, and then click **Replace Image** to open the Replace Boot Image Wizard.
5. Replace the previously imported MDT boot image with the updated version by using these steps in the Replace Boot Image Wizard:
* **Image File** Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, and then click **Open**. Click **Next**.
* **Available Images** Only one image should be listed and selected **LiteTouch Windows PE (x86)**, click **Next**.
* **Image Metadata** Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
* **Summary** Review your selections for importing a boot image into WDS, and then click **Next**.
* **Task Progress** A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Replace Boot Image Wizard.
* **Image File** Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, and then click **Open**. Click **Next**.
* **Available Images** Only one image should be listed and selected **LiteTouch Windows PE (x86)**, click **Next**.
* **Image Metadata** Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
* **Summary** Review your selections for importing a boot image into WDS, and then click **Next**.
* **Task Progress** A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Replace Boot Image Wizard.
6. Right-click the **Boot Images** folder, and then click **Add Image** to open the Add Image Wizard.
7. Add the new 64-bit boot image for 64-bit UEFI device compatibility with the Add Image Wizard , as follows:
* **Image File** Click **Browse** and navigate to the **Boot** folder in your deployment share, select **LiteTouchPE_x64.wim**, and then click **Open**. Click **Next**.
* **Image Metadata** Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
* **Summary** Review your selections to import a boot image into WDS, and then click **Next**.
* **Task Progress** A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
* **Image File** Click **Browse** and navigate to the **Boot** folder in your deployment share, select **LiteTouchPE_x64.wim**, and then click **Open**. Click **Next**.
* **Image Metadata** Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
* **Summary** Review your selections to import a boot image into WDS, and then click **Next**.
* **Task Progress** A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
>[!NOTE]
>Although it is a best practice to replace and update the boot images in WDS whenever the MDT deployment share is updated, for deployment to Surface devices the 32-bit boot image, LiteTouchPE_x86.wim, is not required. Only the 64-bit boot image is required for 64-bit UEFI devices.
@ -774,7 +774,7 @@ With all of the automation provided by the deployment share rules and task seque
>[!NOTE]
>For the deployment to require only a single touch, the Surface devices must be connected to a keyboard, connected to the network with a Microsoft Surface USB Ethernet Adapter or Surface Dock, and configured with PXE boot as the first boot option, as shown in Figure 25.
![Set boot priority for PXE boot](images\surface-deploymdt-fig25.png "Set boot priority for PXE boot")
![Set boot priority for PXE boot](images/surface-deploymdt-fig25.png "Set boot priority for PXE boot")
*Figure 25. Setting boot priority for PXE boot*

67
devices/surface/docfx.json
View File

@ -1,40 +1,47 @@
{
"build": {
"content":
[
{
"files": ["**/**.md", "**/**.yml"],
"exclude": ["**/obj/**"]
}
],
"content": [
{
"files": [
"**/**.md",
"**/**.yml"
],
"exclude": [
"**/obj/**"
]
}
],
"resource": [
{
"files": ["**/images/**"],
"exclude": ["**/obj/**"]
}
{
"files": [
"**/images/**"
],
"exclude": [
"**/obj/**"
]
}
],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/surface/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "jdecker",
"ms.date": "05/09/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.surface",
"folder_relative_path_in_docset": "./"
}
}
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/surface/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "jdecker",
"ms.date": "05/09/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.surface",
"folder_relative_path_in_docset": "./"
}
}
},
"externalReference": [
],
"externalReference": [],
"template": "op.html",
"dest": "devices/surface",
"markdownEngineName": "dfm"
"markdownEngineName": "markdig"
}
}

34
devices/surface/enroll-and-configure-surface-devices-with-semm.md
View File

@ -37,13 +37,13 @@ To create a Surface UEFI configuration package, follow these steps:
2. Click **Start**.
3. Click **Configuration Package**, as shown in Figure 1.
![Create a package for SEMM enrollment](images\surface-ent-mgmt-fig1-uefi-configurator.png "Create a package for SEMM enrollment")
![Create a package for SEMM enrollment](images/surface-ent-mgmt-fig1-uefi-configurator.png "Create a package for SEMM enrollment")
*Figure 1. Select Configuration Package to create a package for SEMM enrollment and configuration*
4. Click **Certificate Protection** to add your exported certificate file with private key (.pfx), as shown in Figure 2. Browse to the location of your certificate file, select the file, and then click **OK**.
![Add the SEM certificate and Surface UEFI password to configuration package](images\surface-ent-mgmt-fig2-securepackage.png "Add the SEM certificate and Surface UEFI password to configuration package")
![Add the SEM certificate and Surface UEFI password to configuration package](images/surface-ent-mgmt-fig2-securepackage.png "Add the SEM certificate and Surface UEFI password to configuration package")
*Figure 2. Add the SEMM certificate and Surface UEFI password to a Surface UEFI configuration package*
@ -52,23 +52,23 @@ To create a Surface UEFI configuration package, follow these steps:
7. When you are prompted, enter and confirm your chosen password for Surface UEFI, and then click **OK**. If you want to clear an existing Surface UEFI password, leave the password field blank.
8. If you do not want the Surface UEFI package to apply to a particular device, on the **Choose which Surface type you want to target** page, click the slider beneath the corresponding Surface Book or Surface Pro 4 image so that it is in the **Off** position. (As shown in Figure 3.)
![Choose devices for package compatibility](images\surface-semm-enroll-fig3.png "Choose devices for package compatibility")
![Choose devices for package compatibility](images/surface-semm-enroll-fig3.png "Choose devices for package compatibility")
*Figure 3. Choose the devices for package compatibility*
9. Click **Next**.
10. If you want to deactivate a component on managed Surface devices, on the **Choose which components you want to activate or deactivate** page, click the slider next to any device or group of devices you want to deactivate so that the slider is in the **Off** position. (Shown in Figure 4.) The default configuration for each device is **On**. Click the **Reset** button if you want to return all sliders to the default position.
![Disable or enable Surface components](images\surface-ent-mgmt-fig3-enabledisable.png "Disable or enable Surface components")
![Disable or enable Surface components](images/surface-ent-mgmt-fig3-enabledisable.png "Disable or enable Surface components")
*Figure 4. Disable or enable individual Surface components*
*Figure 4. Disable or enable individual Surface components*
11. Click **Next**.
12. To enable or disable advanced options in Surface UEFI or the display of Surface UEFI pages, on the **Choose the advanced settings for your devices** page, click the slider beside the desired setting to configure that option to **On** or **Off** (shown in Figure 5). In the **UEFI Front Page** section, you can use the sliders for **Security**, **Devices**, and **Boot** to control what pages are available to users who boot into Surface UEFI. (For more information about Surface UEFI settings, see [Manage Surface UEFI settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).) Click **Build** when you have finished selecting options to generate and save the package.
![Control advanced Surface UEFI settings and Surface UEFI pages](images\surface-ent-mgmt-fig4-advancedsettings.png "Control advanced Surface UEFI settings and Surface UEFI pages")
![Control advanced Surface UEFI settings and Surface UEFI pages](images/surface-ent-mgmt-fig4-advancedsettings.png "Control advanced Surface UEFI settings and Surface UEFI pages")
*Figure 5. Control advanced Surface UEFI settings and Surface UEFI pages with SEMM*
*Figure 5. Control advanced Surface UEFI settings and Surface UEFI pages with SEMM*
13. In the **Save As** dialog box, specify a name for the Surface UEFI configuration package, browse to the location where you would like to save the file, and then click **Save**.
14. When the package is created and saved, the **Successful** page is displayed.
@ -76,7 +76,7 @@ To create a Surface UEFI configuration package, follow these steps:
>[!NOTE]
>Record the certificate thumbprint characters that are displayed on this page, as shown in Figure 6. You will need these characters to confirm enrollment of new Surface devices in SEMM. Click **End** to complete package creation and close Microsoft Surface UEFI Configurator.
![Display of certificate thumbprint characters](images\surface-ent-mgmt-fig5-success.png "Display of certificate thumbprint characters")
![Display of certificate thumbprint characters](images/surface-ent-mgmt-fig5-success.png "Display of certificate thumbprint characters")
*Figure 6. The last two characters of the certificate thumbprint are displayed on the Successful page*
@ -88,7 +88,7 @@ Now that you have created your Surface UEFI configuration package, you can enrol
## Enroll a Surface device in SEMM
When the Surface UEFI configuration package is executed, the SEMM certificate and Surface UEFI configuration files are staged in the firmware storage of the Surface device. When the Surface device reboots, Surface UEFI processes these files and begins the process of applying the Surface UEFI configuration or enrolling the Surface device in SEMM, as shown in Figure 7.
![SEMM process for configuration of Surface UEFI or enrollment](images\surface-semm-enroll-fig7.png "SEMM process for configuration of Surface UEFI or enrollment")
![SEMM process for configuration of Surface UEFI or enrollment](images/surface-semm-enroll-fig7.png "SEMM process for configuration of Surface UEFI or enrollment")
*Figure 7. The SEMM process for configuration of Surface UEFI or enrollment of a Surface device*
@ -100,12 +100,12 @@ To enroll a Surface device in SEMM with a Surface UEFI configuration package, fo
2. Select the **I accept the terms in the License Agreement** check box to accept the End User License Agreement (EULA), and then click **Install** to begin the installation process.
3. Click **Finish** to complete the Surface UEFI configuration package installation and restart the Surface device when you are prompted to do so.
4. Surface UEFI will load the configuration file and determine that SEMM is not enabled on the device. Surface UEFI will then begin the SEMM enrollment process, as follows:
* Surface UEFI will verify that the SEMM configuration file contains a SEMM certificate.
* Surface UEFI will prompt you to enter to enter the last two characters of the certificate thumbprint to confirm enrollment of the Surface device in SEMM, as shown in Figure 8.
* Surface UEFI will verify that the SEMM configuration file contains a SEMM certificate.
* Surface UEFI will prompt you to enter to enter the last two characters of the certificate thumbprint to confirm enrollment of the Surface device in SEMM, as shown in Figure 8.
![SEMM enrollment requires last two characters of certificate thumbprint](images\surface-semm-enroll-fig8.png "SEMM enrollment requires last two characters of certificate thumbprint")
![SEMM enrollment requires last two characters of certificate thumbprint](images/surface-semm-enroll-fig8.png "SEMM enrollment requires last two characters of certificate thumbprint")
*Figure 8. Enrollment in SEMM requires the last two characters of the certificate thumbprint*
*Figure 8. Enrollment in SEMM requires the last two characters of the certificate thumbprint*
* Surface UEFI will store the SEMM certificate in firmware and apply the configuration settings that are specified in the Surface UEFI configuration file.
@ -113,17 +113,17 @@ To enroll a Surface device in SEMM with a Surface UEFI configuration package, fo
You can verify that a Surface device has been successfully enrolled in SEMM by looking for **Microsoft Surface Configuration Package** in **Programs and Features** (as shown in Figure 9), or in the events stored in the **Microsoft Surface UEFI Configurator** log, found under **Applications and Services Logs** in Event Viewer (as shown in Figure 10).
![Verify enrollment of Surface device in SEMM in Programs and Features](images\surface-semm-enroll-fig9.png "Verify enrollment of Surface device in SEMM in Programs and Features")
![Verify enrollment of Surface device in SEMM in Programs and Features](images/surface-semm-enroll-fig9.png "Verify enrollment of Surface device in SEMM in Programs and Features")
*Figure 9. Verify the enrollment of a Surface device in SEMM in Programs and Features*
![Verify enrollment of Surface device in SEMM in Event Viewer](images\surface-semm-enroll-fig10.png "Verify enrollment of Surface device in SEMM in Event Viewer")
![Verify enrollment of Surface device in SEMM in Event Viewer](images/surface-semm-enroll-fig10.png "Verify enrollment of Surface device in SEMM in Event Viewer")
*Figure 10. Verify the enrollment of a Surface device in SEMM in Event Viewer*
You can also verify that the device is enrolled in SEMM in Surface UEFI while the device is enrolled, Surface UEFI will contain the **Enterprise management** page (as shown in Figure 11).
![Surface UEFI Enterprise management page](images\surface-semm-enroll-fig11.png "Surface UEFI Enterprise management page")
![Surface UEFI Enterprise management page](images/surface-semm-enroll-fig11.png "Surface UEFI Enterprise management page")
*Figure 11. The Surface UEFI Enterprise management page*
@ -138,6 +138,6 @@ If you have secured Surface UEFI with a password, users without the password who
If you have not secured Surface UEFI with a password or a user enters the password correctly, settings that are configured with SEMM will be dimmed (unavailable) and the text Some settings are managed by your organization will be displayed at the top of the page, as shown in Figure 12.
![Settings managed by SEMM disabled in Surface UEFI](images\surface-semm-enroll-fig12.png "Settings managed by SEMM disabled in Surface UEFI")
![Settings managed by SEMM disabled in Surface UEFI](images/surface-semm-enroll-fig12.png "Settings managed by SEMM disabled in Surface UEFI")
*Figure 12. Settings managed by SEMM will be disabled in Surface UEFI*

14
devices/surface/manage-surface-uefi-settings.md
View File

@ -15,7 +15,7 @@ ms.reviewer:
manager: dansimp
---
#Manage Surface UEFI settings
# Manage Surface UEFI settings
Current and future generations of Surface devices, including Surface Pro 4, Surface Book, and Surface Studio, use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the devices operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings.
@ -24,7 +24,7 @@ Current and future generations of Surface devices, including Surface Pro 4, Surf
You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot.
##PC information
## PC information
On the **PC information** page, detailed information about your Surface device is provided:
@ -52,7 +52,7 @@ You will also find detailed information about the firmware of your Surface devic
You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) for your device.
##Security
## Security
On the **Security** page of Surface UEFI settings, you can set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2):
@ -82,7 +82,7 @@ You can also enable or disable the Trusted Platform Module (TPM) device on the *
*Figure 4. Configure Surface UEFI security settings*
##Devices
## Devices
On the **Devices** page you can enable or disable specific devices and components of your Surface device. Devices that you can enable or disable on this page include:
@ -106,7 +106,7 @@ Each device is listed with a slider button that you can move to **On** (enabled)
*Figure 5. Enable and disable specific devices*
##Boot configuration
## Boot configuration
On the **Boot Configuration** page, you can change the order of your boot devices and/or enable or disable boot of the following devices:
@ -128,7 +128,7 @@ For the specified boot order to take effect, you must set the **Enable Alternate
You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE Network Boot** option, for example when performing a Windows deployment using PXE where the PXE server is configured for IPv4 only.
##About
## About
The **About** page displays regulatory information, such as compliance with FCC rules, as shown in Figure 7.
@ -136,7 +136,7 @@ The **About** page displays regulatory information, such as compliance with FCC
*Figure 7. Regulatory information displayed on the About page*
##Exit
## Exit
Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 8.

72
devices/surface/microsoft-surface-data-eraser.md
View File

@ -76,77 +76,77 @@ To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft
After the creation tool is installed, follow these steps to create a Microsoft Surface Data Eraser USB stick. Before you begin these steps, ensure that you have a USB 3.0 stick that is 4 GB or larger connected to the computer.
1. Start Microsoft Surface Data Eraser from the Start menu or Start screen.
1. Start Microsoft Surface Data Eraser from the Start menu or Start screen.
2. Click **Build** to begin the Microsoft Surface Data Eraser USB creation process.
2. Click **Build** to begin the Microsoft Surface Data Eraser USB creation process.
3. Click **Start** to acknowledge that you have a USB stick of at least 4 GB connected, as shown in Figure 1.
3. Click **Start** to acknowledge that you have a USB stick of at least 4 GB connected, as shown in Figure 1.
![Start the Microsoft Surface Data Eraser tool](images/dataeraser-start-tool.png "Start the Microsoft Surface Data Eraser tool")
![Start the Microsoft Surface Data Eraser tool](images/dataeraser-start-tool.png "Start the Microsoft Surface Data Eraser tool")
*Figure 1. Start the Microsoft Surface Data Eraser tool*
*Figure 1. Start the Microsoft Surface Data Eraser tool*
4. Select the USB drive of your choice from the **USB Thumb Drive Selection** page as shown in Figure 2, and then click **Start** to begin the USB creation process. The drive you select will be formatted and any existing data on this drive will be lost.
4. Select the USB drive of your choice from the **USB Thumb Drive Selection** page as shown in Figure 2, and then click **Start** to begin the USB creation process. The drive you select will be formatted and any existing data on this drive will be lost.
>[!NOTE]
>If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB.
 
![USB thumb drive selection](images/dataeraser-usb-selection.png "USB thumb drive selection")
>[!NOTE]
>If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB.
![USB thumb drive selection](images/dataeraser-usb-selection.png "USB thumb drive selection")
*Figure 2. USB thumb drive selection*
*Figure 2. USB thumb drive selection*
5. After the creation process is finished, the USB drive has been formatted and all binaries are copied to the USB drive. Click **Success**.
5. After the creation process is finished, the USB drive has been formatted and all binaries are copied to the USB drive. Click **Success**.
6. When the **Congratulations** screen is displayed, you can eject and remove the thumb drive. This thumb drive is now ready to be inserted into a Surface device, booted from, and wipe any data on the device. Click **Complete** to finish the USB creation process, as shown in Figure 3.
6. When the **Congratulations** screen is displayed, you can eject and remove the thumb drive. This thumb drive is now ready to be inserted into a Surface device, booted from, and wipe any data on the device. Click **Complete** to finish the USB creation process, as shown in Figure 3.
![Surface Data Eraser USB creation process](images/dataeraser-complete-process.png "Surface Data Eraser USB creation process")
![Surface Data Eraser USB creation process](images/dataeraser-complete-process.png "Surface Data Eraser USB creation process")
*Figure 3. Complete the Microsoft Surface Data Eraser USB creation process*
*Figure 3. Complete the Microsoft Surface Data Eraser USB creation process*
7. Click **X** to close Microsoft Surface Data Eraser.
7. Click **X** to close Microsoft Surface Data Eraser.
## How to use a Microsoft Surface Data Eraser USB stick
After you create a Microsoft Surface Data Eraser USB stick, you can boot a supported Surface device from the USB stick by following this procedure:
1. Insert the bootable Microsoft Surface Data Eraser USB stick into the supported Surface device.
1. Insert the bootable Microsoft Surface Data Eraser USB stick into the supported Surface device.
2. Boot your Surface device from the Microsoft Surface Data Eraser USB stick. To boot your device from the USB stick follow these steps:
2. Boot your Surface device from the Microsoft Surface Data Eraser USB stick. To boot your device from the USB stick follow these steps:
a. Turn off your Surface device.
a. Turn off your Surface device.
b. Press and hold the **Volume Down** button.
b. Press and hold the **Volume Down** button.
c. Press and release the **Power** button.
c. Press and release the **Power** button.
d. Release the **Volume Down** button.
d. Release the **Volume Down** button.
>[!NOTE]
>If your device does not boot to USB using these steps, you may need to turn on the **Enable Alternate Boot Sequence** option in Surface UEFI. You can read more about Surface UEFI boot configuration in [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
>[!NOTE]
>If your device does not boot to USB using these steps, you may need to turn on the **Enable Alternate Boot Sequence** option in Surface UEFI. You can read more about Surface UEFI boot configuration in [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
3. When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed, as shown in Figure 4.
3. When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed, as shown in Figure 4.
![Booting the Microsoft Surface Data Eraser USB stick](images/data-eraser-3.png "Booting the Microsoft Surface Data Eraser USB stick")
![Booting the Microsoft Surface Data Eraser USB stick](images/data-eraser-3.png "Booting the Microsoft Surface Data Eraser USB stick")
*Figure 4. Booting the Microsoft Surface Data Eraser USB stick*
*Figure 4. Booting the Microsoft Surface Data Eraser USB stick*
4. Read the software license terms, and then close the Notepad file.
4. Read the software license terms, and then close the Notepad file.
5. Accept or decline the software license terms by typing **Accept** or **Decline**. You must accept the license terms to continue.
5. Accept or decline the software license terms by typing **Accept** or **Decline**. You must accept the license terms to continue.
6. The Microsoft Surface Data Eraser script detects the storage devices that are present in your Surface device and displays the details of the native storage device. To continue, press **Y** (this action runs Microsoft Surface Data Eraser and removes all data from the storage device) or press **N** (this action shuts down the device without removing data).
6. The Microsoft Surface Data Eraser script detects the storage devices that are present in your Surface device and displays the details of the native storage device. To continue, press **Y** (this action runs Microsoft Surface Data Eraser and removes all data from the storage device) or press **N** (this action shuts down the device without removing data).
>[!NOTE]
>The Microsoft Surface Data Eraser tool will delete all data, including Windows operating system files required to boot the device, in a secure and unrecoverable way. To boot a Surface device that has been wiped with Microsoft Surface Data Eraser, you will first need to reinstall the Windows operating system. To remove data from a Surface device without removing the Windows operating system, you can use the **Reset your PC** function. However, this does not prevent your data from being recovered with forensic or data recovery capabilities. See [Recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options) for more information.
>[!NOTE]
>The Microsoft Surface Data Eraser tool will delete all data, including Windows operating system files required to boot the device, in a secure and unrecoverable way. To boot a Surface device that has been wiped with Microsoft Surface Data Eraser, you will first need to reinstall the Windows operating system. To remove data from a Surface device without removing the Windows operating system, you can use the **Reset your PC** function. However, this does not prevent your data from being recovered with forensic or data recovery capabilities. See [Recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options) for more information.
![Partition to be erased is displayed](images/sda-fig5-erase.png "Partition to be erased is displayed")
![Partition to be erased is displayed](images/sda-fig5-erase.png "Partition to be erased is displayed")
*Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser*
*Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser*
7. If you pressed **Y** in step 6, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.
7. If you pressed **Y** in step 6, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.
8. Click the **Yes** button to continue erasing data on the Surface device.
8. Click the **Yes** button to continue erasing data on the Surface device.
>[!NOTE]
>When you run Surface Data Eraser on the Surface Data Eraser USB drive, a log file is generated in the **SurfaceDataEraserLogs** folder.

115
devices/surface/step-by-step-surface-deployment-accelerator.md
View File

@ -47,94 +47,94 @@ The tool installs in the SDA program group, as shown in Figure 2.
>[!NOTE]
>At this point, the tool has not yet prepared any deployment environment or downloaded any materials from the Internet.
 
## Create a deployment share
The following steps show you how to create a deployment share for Windows 10 that supports Surface 3, Surface Pro 3, Surface Pro 4, Surface Book, the Surface Firmware Tool, the Surface Asset Tag Tool, and Office 365. As you follow the steps below, make the selections that are applicable for your organization. For example, you could choose to deploy Windows 10 to Surface Book only, without any of the Surface apps.
The following steps show you how to create a deployment share for Windows 10 that supports Surface 3, Surface Pro 3, Surface Pro 4, Surface Book, the Surface Firmware Tool, the Surface Asset Tag Tool, and Office 365. As you follow the steps below, make the selections that are applicable for your organization. For example, you could choose to deploy Windows 10 to Surface Book only, without any of the Surface apps.
>[!NOTE]
>SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice.
>SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice.
 
1. Open the SDA wizard by double-clicking the icon in the **Surface Deployment Accelerator** program group on the Start screen.
2. On the **Welcome** page, click **Next** to continue.
1. Open the SDA wizard by double-clicking the icon in the **Surface Deployment Accelerator** program group on the Start screen.
3. On the **Verify System** page, the SDA wizard verifies the prerequisites required for an SDA deployment share. This process also checks for the presence of the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 and the Microsoft Deployment Toolkit (MDT) 2013 Update 2. If these tools are not detected, they are downloaded and installed automatically. Click **Next** to continue.
2. On the **Welcome** page, click **Next** to continue.
>[!NOTE]
>As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows:
> * Deployment tools
> * User State Migration Tool (USMT)
> * Windows Preinstallation Environment (WinPE)</br></br>
3. On the **Verify System** page, the SDA wizard verifies the prerequisites required for an SDA deployment share. This process also checks for the presence of the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 and the Microsoft Deployment Toolkit (MDT) 2013 Update 2. If these tools are not detected, they are downloaded and installed automatically. Click **Next** to continue.
>[!NOTE]
>As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
> [!NOTE]
> As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows:
> * Deployment tools
> * User State Migration Tool (USMT)
> * Windows Preinstallation Environment (WinPE)</br></br>
>
> [!NOTE]
> As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
4. On the **Windows 8.1** page, to create a Windows 10 deployment share, do not select the **Would you like to support Windows 8.1** check box. Click **Next** to continue.
4. On the **Windows 8.1** page, to create a Windows 10 deployment share, do not select the **Would you like to support Windows 8.1** check box. Click **Next** to continue.
5. On the **Windows 10** page, to create a Windows 10 deployment share, select the **Would you like to support Windows 10** check box. Supply the following information before you click **Next** to continue:
5. On the **Windows 10** page, to create a Windows 10 deployment share, select the **Would you like to support Windows 10** check box. Supply the following information before you click **Next** to continue:
- **Configure Deployment Share for Windows 10**
- **Configure Deployment Share for Windows 10**
- **Local Path** Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3.
- **Local Path** Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3.
- **Share Name** Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**.
- **Share Name** Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**.
- **Windows 10 Deployment Services**
- **Windows 10 Deployment Services**
- Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot.
- Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot.
- **Windows 10 Source Files**
- **Windows 10 Source Files**
- **Local Path** Specify or browse to the root directory of Windows 10 installation files. If you have an ISO file, mount it and browse to the root of the mounted drive. You must have a full set of source files, not just **Install.wim**.
- **Local Path** Specify or browse to the root directory of Windows 10 installation files. If you have an ISO file, mount it and browse to the root of the mounted drive. You must have a full set of source files, not just **Install.wim**.
![Specify Windows 10 deployment share options](images/sdasteps-fig3.png "Specify Windows 10 deployment share options")
![Specify Windows 10 deployment share options](images/sdasteps-fig3.png "Specify Windows 10 deployment share options")
*Figure 3. Specify Windows 10 deployment share options*
*Figure 3. Specify Windows 10 deployment share options*
6. On the **Configure** page, select the check box next to each device or app that you want to include in your deployment share. Note that Surface Pro 4 and Surface Book only support Windows 10 and are not available for the deployment of Windows 8.1. The Surface Firmware Tool is only applicable to Surface 3 and Surface Pro 3 and cannot be selected unless Surface 3 or Surface Pro 3 drivers are selected, as shown in Figure 4. Click **Next** to continue.
6. On the **Configure** page, select the check box next to each device or app that you want to include in your deployment share. Note that Surface Pro 4 and Surface Book only support Windows 10 and are not available for the deployment of Windows 8.1. The Surface Firmware Tool is only applicable to Surface 3 and Surface Pro 3 and cannot be selected unless Surface 3 or Surface Pro 3 drivers are selected, as shown in Figure 4. Click **Next** to continue.
![Firmware tool selection](images/sdasteps-fig4-select.png "Firmware tool selection")
![Firmware tool selection](images/sdasteps-fig4-select.png "Firmware tool selection")
*Figure 4. Selecting Surface Firmware Tool requires Surface Pro 3 drivers*
*Figure 4. Selecting Surface Firmware Tool requires Surface Pro 3 drivers*
>[!NOTE]
>You cannot select both Surface 3 and Surface 3 LTE models at the same time.
>[!NOTE]
>You cannot select both Surface 3 and Surface 3 LTE models at the same time.
7. On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes:
7. On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes:
- Download of Windows ADK
- Download of Windows ADK
- Installation of Windows ADK
- Installation of Windows ADK
- Download of MDT
- Download of MDT
- Installation of MDT
- Installation of MDT
- Download of Surface apps and drivers
- Download of Surface apps and drivers
- Creation of the deployment share
- Creation of the deployment share
- Import of Windows installation files into the deployment share
- Import of Windows installation files into the deployment share
- Import of the apps and drivers into the deployment share
- Import of the apps and drivers into the deployment share
- Creation of rules and task sequences for Windows deployment
- Creation of rules and task sequences for Windows deployment
![The installatin progress window](images/sdasteps-fig5-installwindow.png "The installatin progress window")
![The installatin progress window](images/sdasteps-fig5-installwindow.png "The installatin progress window")
*Figure 5. The Installation Progress window*
>[!NOTE]
>The following error message may be hit while Installing the latest ADK or MDT: "An exception occurred during a WebClient request.". This is due to incompatibility between SDA and BITS. Here is the workaround for this:
*Figure 5. The Installation Progress window*
>[!NOTE]
>The following error message may be hit while Installing the latest ADK or MDT: "An exception occurred during a WebClient request.". This is due to incompatibility between SDA and BITS. Here is the workaround for this:
```
In the following two PowerShell scripts:
%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
```
In the following two PowerShell scripts:
%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
Edit the $BITSTransfer variable in the input parameters to $False as shown below:
@ -147,7 +147,7 @@ Param(
[string]$BITSTransfer = $False
)
```
8. When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices.
### Optional: Create a deployment share without an Internet connection
@ -170,7 +170,7 @@ If you are unable to connect to the Internet with your deployment server, or if
>[!NOTE]
>The **Copy from a Local Directory** check box is only available in SDA version 1.90.0221 or later.
 
### <a href="" id="optional"></a>Optional: Prepare offline USB media
@ -179,7 +179,7 @@ You can use USB media to perform an SDA deployment if your Surface device is una
>[!NOTE]
>The offline media files for the complete SDA deployment share are approximately 9 GB in size. Your USB drive must be at least 9 GB in size. A 16 GB USB drive is recommended.
 
Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](https://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
@ -211,7 +211,7 @@ Before you can create bootable media files within the MDT Deployment Workbench o
>[!NOTE]
>You can format your USB drive with FAT32 from Disk Management, but you must still use DiskPart to set the partition as active for the drive to boot properly.
 
After you have prepared the USB drive for boot, the next step is to generate offline media from the SDA deployment share. To create this media, follow these steps:
@ -264,7 +264,6 @@ After you have prepared the USB drive for boot, the next step is to generate off
18. Press **Ctrl+A** to select all of the text in the window, then press **Ctrl+V** to paste the text from the SDA deployment share Bootstrap.ini file.
19. Delete the following lines from the Bootstrap.ini as shown in Figure 11, and then save the file:
```
UserID=
UserDomain=
@ -356,7 +355,7 @@ To perform a deployment from the SDA deployment share, follow this process on th
### Boot the Surface device from the network
To boot the Surface device from the network, the Microsoft Surface Deployment Accelerator wizard must have been run on a Windows Server 2012 R2 or later environment that was configured with the Windows Deployment Services (WDS). WDS must have been configured to respond to network boot (PXE boot) requests and the boot files must have been imported into WDS. The SDA wizard will import these file automatically if the **Import boot media into the local Windows Deployment Service** check box was selected on the page for the version of Windows you intend to deploy.
To boot the Surface device from the network, the Microsoft Surface Deployment Accelerator wizard must have been run on a Windows Server 2012 R2 or later environment that was configured with the Windows Deployment Services (WDS). WDS must have been configured to respond to network boot (PXE boot) requests and the boot files must have been imported into WDS. The SDA wizard will import these file automatically if the **Import boot media into the local Windows Deployment Service** check box was selected on the page for the version of Windows you intend to deploy.
To boot the Surface device from the network, you must also use a Microsoft Surface Ethernet Adapter or the Ethernet port on a Microsoft Surface Dock. Third-party Ethernet adapters are not supported for network boot (PXE boot). A keyboard is also required. Both the Microsoft Surface Type Cover and keyboards connected via USB to the device or dock are supported.
@ -366,7 +365,7 @@ To instruct your Surface device to boot from the network, start with the device
2. Press **Enter** when prompted by the dialog on the screen. This prompt indicates that your device has found the WDS PXE server over the network.
3. If you have configured more than one deployment share on this device, you will be prompted to select between the boot images for each deployment share. For example, if you created both a Windows 10 and a Windows 8.1 deployment share, you will be prompted to choose between these two options.
3. If you have configured more than one deployment share on this device, you will be prompted to select between the boot images for each deployment share. For example, if you created both a Windows 10 and a Windows 8.1 deployment share, you will be prompted to choose between these two options.
4. Enter the domain credentials that you use to log on to the server where SDA is installed when you are prompted, as shown in Figure 14.
@ -416,9 +415,9 @@ To run the Deploy Microsoft Surface task sequence:
8. When the deployment task sequence completes, a **Success** window is displayed. Click **Finish** to complete the deployment and begin using your Surface device.
 
 

6
devices/surface/support-solutions-surface.md
View File

@ -28,7 +28,7 @@ These are the top Microsoft Support solutions for common issues experienced when
- [Cracked screen and physical damage](https://www.microsoft.com/surface/support/warranty-service-and-recovery/surface-is-damaged)
##Device cover or keyboard issues
## Device cover or keyboard issues
- [Troubleshoot your Surface Type Cover or keyboard](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-surface-keyboards)
- [Troubleshoot problems with Surface Keyboard, Surface Ergonomic Keyboard, and Microsoft Modern Keyboard with Fingerprint ID](https://www.microsoft.com/surface/support/touch-mouse-and-search/surface-keyboard-troubleshooting)
@ -56,10 +56,10 @@ These are the top Microsoft Support solutions for common issues experienced when
 
 

4
devices/surface/surface-enterprise-management-mode.md
View File

@ -214,9 +214,7 @@ valid.
machines that have it?**
If you want SEMM reset or recovery to work, the certificate needs to be
valid and not expired. You can use the current valid ownership
certificate to sign a package that updates to a new certificate for
ownership. You do not need to create a reset package.
valid and not expired.
**Can bulk reset packages be created for each surface that we order? Can
one be built that resets all machines in our environment?**

46
devices/surface/unenroll-surface-devices-from-semm.md
View File

@ -29,7 +29,7 @@ The Surface UEFI reset package is the primary method you use to unenroll a Surfa
Reset packages are created specifically for an individual Surface device. To begin the process of creating a reset package, you will need the serial number of the device you want to unenroll, as well as the SEMM certificate used to enroll the device. You can find the serial number of your Surface device on the **PC information** page of Surface UEFI, as shown in Figure 1. This page is displayed even if Surface UEFI is password protected and the incorrect password is entered.
![Serial number of Surface device is displayed](images\surface-semm-unenroll-fig1.png "Serial number of Surface device is displayed")
![Serial number of Surface device is displayed](images/surface-semm-unenroll-fig1.png "Serial number of Surface device is displayed")
*Figure 1. The serial number of the Surface device is displayed on the Surface UEFI PC information page*
@ -42,20 +42,20 @@ To create a Surface UEFI reset package, follow these steps:
2. Click **Start**.
3. Click **Reset Package**, as shown in Figure 2.
![Select Reset Package to create a package to unenroll Surface device from SEMM](images\surface-semm-unenroll-fig2.png "Select Reset Package to create a package to unenroll Surface device from SEMM")
![Select Reset Package to create a package to unenroll Surface device from SEMM](images/surface-semm-unenroll-fig2.png "Select Reset Package to create a package to unenroll Surface device from SEMM")
*Figure 2. Click Reset Package to create a package to unenroll a Surface device from SEMM*
4. Click **Certificate Protection** to add your SEMM certificate file with private key (.pfx), as shown in Figure 3. Browse to the location of your certificate file, select the file, and then click **OK**.
![Add the SEMM certificate to Surface UEFI reset package](images\surface-semm-unenroll-fig3.png "Add the SEMM certificate to Surface UEFI reset package")
![Add the SEMM certificate to Surface UEFI reset package](images/surface-semm-unenroll-fig3.png "Add the SEMM certificate to Surface UEFI reset package")
*Figure 3. Add the SEMM certificate to a Surface UEFI reset package*
5. Click **Next**.
6. Type the serial number of the device you want to unenroll from SEMM (as shown in Figure 4), and then click **Build** to generate the Surface UEFI reset package.
![Create a Surface UEFI reset package with serial number of Surface device](images\surface-semm-unenroll-fig4.png "Create a Surface UEFI reset package with serial number of Surface device")
![Create a Surface UEFI reset package with serial number of Surface device](images/surface-semm-unenroll-fig4.png "Create a Surface UEFI reset package with serial number of Surface device")
*Figure 4. Use the serial number of your Surface device to create a Surface UEFI reset package*
@ -64,7 +64,7 @@ To create a Surface UEFI reset package, follow these steps:
Run the Surface UEFI reset package Windows Installer (.msi) file on the Surface device to unenroll the device from SEMM. The reset package will require a reboot to perform the unenroll operation. After the device has been unenrolled, you can verify the successful removal by ensuring that the **Microsoft Surface Configuration Package** item in **Programs and Features** (shown in Figure 5) is no longer present.
![Screen that shows device is enrolled in SEMM](images\surface-semm-unenroll-fig5.png "Screen that shows device is enrolled in SEMM")
![Screen that shows device is enrolled in SEMM](images/surface-semm-unenroll-fig5.png "Screen that shows device is enrolled in SEMM")
*Figure 5. The presence of the Microsoft Surface Configuration Package item in Programs and Features indicates that the device is enrolled in SEMM*
@ -80,7 +80,7 @@ To initiate a Recovery Request, follow these steps:
2. Type the Surface UEFI password if you are prompted to do so.
3. Click the **Enterprise management** page, as shown in Figure 6.
![Enterprise Management page](images\surface-semm-unenroll-fig6.png "Enterprise Management page")
![Enterprise Management page](images/surface-semm-unenroll-fig6.png "Enterprise Management page")
*Figure 6. The Enterprise management page is displayed in Surface UEFI on devices enrolled in SEMM*
@ -90,17 +90,17 @@ To initiate a Recovery Request, follow these steps:
>A Recovery Request expires two hours after it is created. If a Recovery Request is not completed in this time, you will have to restart the Recovery Request process.
6. Select **SEMM Certificate** from the list of certificates displayed on the **Choose a SEMM reset key** page (shown in Figure 7), and then click or press **Next**.
![Select SEMM certificate for your Recovery Request](images\surface-semm-unenroll-fig7.png "Select SEMM certificate for your Recovery Request")
![Select SEMM certificate for your Recovery Request](images/surface-semm-unenroll-fig7.png "Select SEMM certificate for your Recovery Request")
*Figure 7. Choose SEMM Certificate for your Recovery Request (Reset Request)*
7. On the **Enter SEMM reset verification code** page you can click the **QR Code** or **Text** buttons to display your Recovery Request (Reset Request) as shown in Figure 8, or the **USB** button to save your Recovery Request (Reset Request) as a file to a USB drive, as shown in Figure 9.
![Recovery Request displayed as a QR Code](images\surface-semm-unenroll-fig8.png "Recovery Request displayed as a QR Code")
![Recovery Request displayed as a QR Code](images/surface-semm-unenroll-fig8.png "Recovery Request displayed as a QR Code")
*Figure 8. A Recovery Request (Reset Request) displayed as a QR Code*
![Save a recovery request to a USB drive](images\surface-semm-unenroll-fig9.png "Save a recovery request to a USB drive")
![Save a recovery request to a USB drive](images/surface-semm-unenroll-fig9.png "Save a recovery request to a USB drive")
*Figure 9. Save a Recovery Request (Reset Request) to a USB drive*
@ -114,43 +114,43 @@ To initiate a Recovery Request, follow these steps:
9. Click **Start**.
10. Click **Recovery Request**, as shown in Figure 10.
![Start process to approve a Recovery Request](images\surface-semm-unenroll-fig10.png "Start process to approve a Recovery Request")
![Start process to approve a Recovery Request](images/surface-semm-unenroll-fig10.png "Start process to approve a Recovery Request")
*Figure 10. Click Recovery Request to begin the process to approve a Recovery Request*
*Figure 10. Click Recovery Request to begin the process to approve a Recovery Request*
11. Click **Certificate Protection** to authenticate the Recovery Request with the SEMM certificate.
12. Browse to and select your SEMM certificate file, and then click **OK**.
13. When you are prompted to enter the certificate password as shown in Figure 11, type and confirm the password for the certificate file, and then click **OK**.
![Type password for SEMM certificate](images\surface-semm-unenroll-fig11.png "Type password for SEMM certificate")
![Type password for SEMM certificate](images/surface-semm-unenroll-fig11.png "Type password for SEMM certificate")
*Figure 11. Type the password for the SEMM certificate*
*Figure 11. Type the password for the SEMM certificate*
14. Click **Next**.
15. Enter the Recovery Request (Reset Request), and then click **Generate** to create a reset verification code (as shown in Figure 12).
![Enter the recovery request](images\surface-semm-unenroll-fig12.png "Enter the recovery request")
![Enter the recovery request](images/surface-semm-unenroll-fig12.png "Enter the recovery request")
*Figure 12. Enter the Recovery Request (Reset Request)*
*Figure 12. Enter the Recovery Request (Reset Request)*
* If you displayed the Recovery Request (Reset Request) as text on the Surface device being reset, use the keyboard to type the Recovery Request (Reset Request) in the provided field.
* If you displayed the Recovery Request (Reset Request) as a QR Code and then used a messaging or email application to send the code to the computer with Microsoft Surface UEFI Configurator, copy and paste the code into the provided field.
* If you saved the Recovery Request (Reset Request) as a file to a USB drive, click the **Import** button, browse to and select the Recovery Request (Reset Request) file, and then click **OK**.
* If you displayed the Recovery Request (Reset Request) as text on the Surface device being reset, use the keyboard to type the Recovery Request (Reset Request) in the provided field.
* If you displayed the Recovery Request (Reset Request) as a QR Code and then used a messaging or email application to send the code to the computer with Microsoft Surface UEFI Configurator, copy and paste the code into the provided field.
* If you saved the Recovery Request (Reset Request) as a file to a USB drive, click the **Import** button, browse to and select the Recovery Request (Reset Request) file, and then click **OK**.
16. The reset verification code is displayed in Microsoft Surface UEFI Configurator, as shown in Figure 13.
![Display of the reset verification code](images\surface-semm-unenroll-fig13.png "Display of the reset verification code")
![Display of the reset verification code](images/surface-semm-unenroll-fig13.png "Display of the reset verification code")
*Figure 13. The reset verification code displayed in Microsoft Surface UEFI Configurator*
*Figure 13. The reset verification code displayed in Microsoft Surface UEFI Configurator*
* Click the **Share** button to send the reset verification code by email.
* Click the **Share** button to send the reset verification code by email.
17. Enter the reset verification code in the provided field on the Surface device (shown in Figure 8), and then click or press **Verify** to reset the device and unenroll the device from SEMM.
18. Click or press **Restart now** on the **SEMM reset successful** page to complete the unenrollment from SEMM, as shown in Figure 14.
![Example display of successful unenrollment from SEMM](images\surface-semm-unenroll-fig14.png "Example display of successful unenrollment from SEMM")
![Example display of successful unenrollment from SEMM](images/surface-semm-unenroll-fig14.png "Example display of successful unenrollment from SEMM")
*Figure 14. Successful unenrollment from SEMM*
*Figure 14. Successful unenrollment from SEMM*
19. Click **End** in Microsoft Surface UEFI Configurator to complete the Recovery Request (Reset Request) process and close Microsoft Surface UEFI Configurator.

6
devices/surface/update.md
View File

@ -25,7 +25,7 @@ Find out how to download and manage the latest firmware and driver updates for y
| [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)| Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.|
| [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)| Explore the available options to manage firmware and driver updates for Surface devices.|
| [Surface Dock Updater](surface-dock-updater.md)| Get a detailed walkthrough of Microsoft Surface Dock Updater.|
 
## Related topics
@ -33,9 +33,9 @@ Find out how to download and manage the latest firmware and driver updates for y
[Surface for IT pros blog](http://blogs.technet.com/b/surface/)
 
 

72
devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
View File

@ -72,28 +72,28 @@ In the import process example shown in the [Deploy Windows 10 to Surface devices
2. Extract the contents of the Surface Pro 3 firmware and driver pack archive file to a temporary folder. Keep the driver files separate from other drivers or files.
3. Open the Deployment Workbench and expand the Deployment Shares node and your deployment share.
4. If you have not already created a folder structure by operating system version, you should do so next. Under the **Windows 10 x64** folder, create a new folder for Surface Pro 3 drivers named **Surface Pro 3**. Your Out-of-Box Drivers folder should resemble the following structure:
* WinPE x86
* WinPE x64
* Windows 10 x64
* Microsoft Corporation
* Surface Pro 4
* Surface Pro 3
* WinPE x86
* WinPE x64
* Windows 10 x64
* Microsoft Corporation
* Surface Pro 4
* Surface Pro 3
5. Right-click the **Surface Pro 3** folder, and then click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1.
![Import Surface Pro 3 drivers for Windows 10](images\surface-upgrademdt-fig1.png "Import Surface Pro 3 drivers for Windows 10")
![Import Surface Pro 3 drivers for Windows 10](images/surface-upgrademdt-fig1.png "Import Surface Pro 3 drivers for Windows 10")
*Figure 1. Import Surface Pro 3 drivers for Windows 10*
*Figure 1. Import Surface Pro 3 drivers for Windows 10*
6. The Import Driver Wizard displays a series of steps, as follows:
- **Specify Directory** Click **Browse** and navigate to the folder where you extracted the Surface Pro 3 firmware and drivers in Step 1.
- **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
- **Progress** While the drivers are imported, a progress bar is displayed on this page.
- **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Drivers Wizard.
- **Specify Directory** Click **Browse** and navigate to the folder where you extracted the Surface Pro 3 firmware and drivers in Step 1.
- **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
- **Progress** While the drivers are imported, a progress bar is displayed on this page.
- **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Drivers Wizard.
7. Select the **Surface Pro 3** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 2.
![Drivers for Surface Pro 3 imported and organized in the MDT deployment share](images\surface-upgrademdt-fig2.png "Drivers for Surface Pro 3 imported and organized in the MDT deployment share")
![Drivers for Surface Pro 3 imported and organized in the MDT deployment share](images/surface-upgrademdt-fig2.png "Drivers for Surface Pro 3 imported and organized in the MDT deployment share")
*Figure 2. Drivers for Surface Pro 3 imported and organized in the MDT deployment share*
*Figure 2. Drivers for Surface Pro 3 imported and organized in the MDT deployment share*
### Import applications
@ -109,17 +109,17 @@ Create the upgrade task sequence with the following process:
1. In the Deployment Workbench under your Deployment Share, right-click the **Task Sequences** folder, and then click **New Task Sequence** to start the New Task Sequence Wizard.
2. Use these steps to create the deployment task sequence with the New Task Sequence Wizard:
- **General Settings** Enter an identifier for the deployment task sequence in the Task Sequence ID field, a name for the deployment task sequence in the Task Sequence Name field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, and then click **Next**.
>[!NOTE]
>The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
- **Select Template** Select **Standard Client Upgrade Task Sequence** from the drop-down menu, and then click **Next**.
- **Select OS** Navigate to and select the Windows image that you imported, and then click **Next**.
- **Specify Product Key** Select the product key entry that fits your organizations licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
- **OS Settings** Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
- **Admin Password** Select **Use the Specified Local Administrator Password** and enter a password in the provided fields, and then click **Next**.
- **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
- **Progress** While the task sequence is being created, a progress bar is displayed on this page.
- **Confirmation** When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete New Task Sequence Wizard.
- **General Settings** Enter an identifier for the deployment task sequence in the Task Sequence ID field, a name for the deployment task sequence in the Task Sequence Name field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, and then click **Next**.
>[!NOTE]
>The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
- **Select Template** Select **Standard Client Upgrade Task Sequence** from the drop-down menu, and then click **Next**.
- **Select OS** Navigate to and select the Windows image that you imported, and then click **Next**.
- **Specify Product Key** Select the product key entry that fits your organizations licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
- **OS Settings** Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
- **Admin Password** Select **Use the Specified Local Administrator Password** and enter a password in the provided fields, and then click **Next**.
- **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
- **Progress** While the task sequence is being created, a progress bar is displayed on this page.
- **Confirmation** When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete New Task Sequence Wizard.
After the task sequence is created, you can modify some additional settings to provide additional automation of the task sequence and require less interaction during deployment. Follow these steps to modify the task sequence:
@ -131,9 +131,9 @@ After the task sequence is created, you can modify some additional settings to p
6. Between the two Windows Update steps is an **Install Applications** step. Select that step and then click **Add**.
7. Hover the mouse over **General** under the **Add** menu, and then choose **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
![A new Install Application step in the deployment task sequence](images\surface-upgrademdt-fig3.png "A new Install Application step in the deployment task sequence")
![A new Install Application step in the deployment task sequence](images/surface-upgrademdt-fig3.png "A new Install Application step in the deployment task sequence")
*Figure 3. A new Install Application step in the deployment task sequence*
*Figure 3. A new Install Application step in the deployment task sequence*
8. On the **Properties** tab of the new **Install Application** step, enter **Install Surface App** in the **Name** field.
9. Select **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
@ -142,22 +142,22 @@ After the task sequence is created, you can modify some additional settings to p
12. Open the **Add** menu again and choose **Set Task Sequence Variable** from under the **General** menu.
13. On the **Properties** tab of the new **Set Task Sequence Variable** step (as shown in Figure 4) configure the following options:
- **Name** Set DriverGroup001
- **Task Sequence Variable** DriverGroup001
- **Value** Windows 10 x64\%Make%\%Model%
- **Name** Set DriverGroup001
- **Task Sequence Variable** DriverGroup001
- **Value** Windows 10 x64\%Make%\%Model%
![Configure a new Set Task Sequence Variable step in the deployment task sequence](images\surface-upgrademdt-fig4.png "Configure a new Set Task Sequence Variable step in the deployment task sequence")
![Configure a new Set Task Sequence Variable step in the deployment task sequence](images/surface-upgrademdt-fig4.png "Configure a new Set Task Sequence Variable step in the deployment task sequence")
*Figure 4. Configure a new Set Task Sequence Variable step in the deployment task sequence*
*Figure 4. Configure a new Set Task Sequence Variable step in the deployment task sequence*
14. Select the **Inject Drivers** step, the next step in the task sequence.
15. On the **Properties** tab of the **Inject Drivers** step (as shown in Figure 5) configure the following options:
* In the **Choose a selection profile** drop-down menu, select **Nothing**.
* Click the **Install all drivers from the selection profile** button.
* In the **Choose a selection profile** drop-down menu, select **Nothing**.
* Click the **Install all drivers from the selection profile** button.
![Configure the deployment task sequence to not install drivers](images\surface-upgrademdt-fig5.png "Configure the deployment task sequence to not install drivers")
![Configure the deployment task sequence to not install drivers](images/surface-upgrademdt-fig5.png "Configure the deployment task sequence to not install drivers")
*Figure 5. Configure the deployment task sequence to not install drivers*
*Figure 5. Configure the deployment task sequence to not install drivers*
16. Click **OK** to apply changes to the task sequence and close the task sequence properties window.

32
devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
View File

@ -33,10 +33,10 @@ Before you begin the process outlined in this article, it is expected that you a
* [System Center Configuration Manager application deployment](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications)
* Certificate management
>[!Note]
>You will also need access to the certificate that you intend to use to secure SEMM. For details about the requirements for this certificate, see [Surface Enterprise Management Mode certificate requirements](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode#surface-enterprise-management-mode-certificate-requirements).
>It is very important that this certificate be kept in a safe location and properly backed up. If this certificate becomes lost or unusable, it is not possible to reset Surface UEFI, change managed Surface UEFI settings, or remove SEMM from an enrolled Surface device.
> [!Note]
> You will also need access to the certificate that you intend to use to secure SEMM. For details about the requirements for this certificate, see [Surface Enterprise Management Mode certificate requirements](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode#surface-enterprise-management-mode-certificate-requirements).
>
> It is very important that this certificate be kept in a safe location and properly backed up. If this certificate becomes lost or unusable, it is not possible to reset Surface UEFI, change managed Surface UEFI settings, or remove SEMM from an enrolled Surface device.
#### Download Microsoft Surface UEFI Manager
@ -395,7 +395,7 @@ To add the SEMM Configuration Manager scripts to Configuration Manager as an app
- Click **Microsoft Surface UEFI Manager** from the list of **Available Applications** and the MSI deployment type, and then click **OK** to close the **Specify Required Application** window.
* Keep the **Auto Install** check box selected if you want Microsoft Surface UEFI Manager installed automatically on devices when you attempt to enable SEMM with the Configuration Manager scripts. Click **OK** to close the **Add Dependency** window.
* Keep the **Auto Install** check box selected if you want Microsoft Surface UEFI Manager installed automatically on devices when you attempt to enable SEMM with the Configuration Manager scripts. Click **OK** to close the **Add Dependency** window.
* Click **Next** to proceed.
@ -405,11 +405,11 @@ To add the SEMM Configuration Manager scripts to Configuration Manager as an app
* **Completion** Confirmation of the deployment type creation is displayed when the process is complete. Click **Close** to finish the Create Deployment Type Wizard.
* **Summary** The information that you entered throughout the Create Application Wizard is displayed. Click **Next** to create the application.
- **Summary** The information that you entered throughout the Create Application Wizard is displayed. Click **Next** to create the application.
* **Progress** A progress bar and status as the application is added to the Software Library is displayed on this page.
- **Progress** A progress bar and status as the application is added to the Software Library is displayed on this page.
* **Completion** Confirmation of the successful application creation is displayed when the application creation process is complete. Click **Close** to finish the Create Application Wizard.
- **Completion** Confirmation of the successful application creation is displayed when the application creation process is complete. Click **Close** to finish the Create Application Wizard.
After the script application is available in the Software Library of Configuration Manager, you can distribute and deploy SEMM using the scripts you prepared to devices or collections. If you have configured the Microsoft Surface UEFI Manager assemblies as a dependency that will be automatically installed, you can deploy SEMM in a single step. If you have not configured the assemblies as a dependency, they must be installed on the devices you intend to manage before you enable SEMM.
@ -419,11 +419,11 @@ Alternatively, you can configure the application installation to reboot automati
Removal of SEMM from a device deployed with Configuration Manager using these scripts is as easy as uninstalling the application with Configuration Manager. This action starts the ResetSEMM.ps1 script and properly unenrolls the device with the same certificate file that was used during the deployment of SEMM.
>[!NOTE]
>Microsoft Surface recommends that you create reset packages only when you need to unenroll a device. These reset packages are typically valid for only one device, identified by its serial number. You can, however, create a universal reset package that would work for any device enrolled in SEMM with this certificate.
>We strongly recommend that you protect your universal reset package as carefully as the certificate you used to enroll devices in SEMM. Please remember that just like the certificate itself this universal reset package can be used to unenroll any of your organizations Surface devices from SEMM.
>When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package the device will prompt for the certificate thumbprint before ownership is taken.
>For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken.
> [!NOTE]
> Microsoft Surface recommends that you create reset packages only when you need to unenroll a device. These reset packages are typically valid for only one device, identified by its serial number. You can, however, create a universal reset package that would work for any device enrolled in SEMM with this certificate.
>
> We strongly recommend that you protect your universal reset package as carefully as the certificate you used to enroll devices in SEMM. Please remember that just like the certificate itself this universal reset package can be used to unenroll any of your organizations Surface devices from SEMM.
>
> When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package the device will prompt for the certificate thumbprint before ownership is taken.
>
> For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken.

54
devices/surface/using-the-sda-deployment-share.md
View File

@ -84,16 +84,16 @@ To import drivers for a peripheral device:
6. Click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1.
![Provide the location of your driver files](images\using-sda-driverfiles-fig1.png "Provide the location of your driver files")
![Provide the location of your driver files](images/using-sda-driverfiles-fig1.png "Provide the location of your driver files")
*Figure 1. Provide the location of your driver files*
*Figure 1. Provide the location of your driver files*
7. The Import Drivers Wizard presents a series of steps:
- **Specify Directory** Click **Browse** and navigate to the folder where you stored the drivers in Step 1.
- **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
- **Progress** While the drivers are imported, a progress bar is displayed on this page.
- **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
- **Specify Directory** Click **Browse** and navigate to the folder where you stored the drivers in Step 1.
- **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
- **Progress** While the drivers are imported, a progress bar is displayed on this page.
- **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
8. Repeat Steps 5-7 for each Surface model on which you would like to include this driver.
@ -110,44 +110,44 @@ As with drivers, the SDA deployment share can be pre-configured with apps like t
In the previous example for including drivers for a POS system, you would also need to include POS software for processing transactions and recording the input from the barcode scanner and credit card reader. To import an application and prepare it for installation on your Surface devices during Windows deployment:
1. Download the application installation files or locate the installation media for your application.
1. Download the application installation files or locate the installation media for your application.
2. Determine the command line instruction for silent installation, usually provided by the developer of the application. For Windows Installer files (.msi), see [Standard Installer Command-Line Options](https://msdn.microsoft.com/library/windows/desktop/aa372024) in the Windows Dev Center.
2. Determine the command line instruction for silent installation, usually provided by the developer of the application. For Windows Installer files (.msi), see [Standard Installer Command-Line Options](https://msdn.microsoft.com/library/windows/desktop/aa372024) in the Windows Dev Center.
3. Open the MDT Deployment Workbench.
3. Open the MDT Deployment Workbench.
4. Expand the **Deployment Shares** node and expand the SDA deployment share.
4. Expand the **Deployment Shares** node and expand the SDA deployment share.
5. Expand the **Applications** folder.
5. Expand the **Applications** folder.
6. Click **New Application** to start the New Application Wizard, as shown in Figure 2.
6. Click **New Application** to start the New Application Wizard, as shown in Figure 2.
![Provide the command to install your application](images\using-sda-installcommand-fig2.png "Provide the command to install your application")
![Provide the command to install your application](images/using-sda-installcommand-fig2.png "Provide the command to install your application")
*Figure 2: Provide the command to install your application*
*Figure 2: Provide the command to install your application*
7. Follow the steps of the New Application Wizard:
7. Follow the steps of the New Application Wizard:
- **Application Type** Click **Application with Source Files**, and then click **Next**.
- **Details** Enter a name for the application in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
- **Source** Click **Browse** to navigate to and select the folder with the application installation files procured in Step 1, and then click **Next**.
- **Destination** Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
- **Command Details** Enter the silent command-line instruction, for example `setup.msi /quiet /norestart`
- **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
- **Progress** While the installation files are imported, a progress bar is displayed on this page.
- **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
- **Application Type** Click **Application with Source Files**, and then click **Next**.
- **Details** Enter a name for the application in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
- **Source** Click **Browse** to navigate to and select the folder with the application installation files procured in Step 1, and then click **Next**.
- **Destination** Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
- **Command Details** Enter the silent command-line instruction, for example `setup.msi /quiet /norestart`
- **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
- **Progress** While the installation files are imported, a progress bar is displayed on this page.
- **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
8. Click the **Task Sequences** folder, right-click **1 - Deploy Microsoft Surface**, and then click **Properties**.
8. Click the **Task Sequences** folder, right-click **1 - Deploy Microsoft Surface**, and then click **Properties**.
9. Click the **Task Sequence** tab to view the steps that are included in the new task sequence.
9. Click the **Task Sequence** tab to view the steps that are included in the new task sequence.
10. Select the **Windows Update (Pre-Application Installation)** step, and then click **Add**.
11. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
![A new Install Application step for Sample POS App](images\using-sda-newinstall-fig3.png "A new Install Application step for Sample POS App")
![A new Install Application step for Sample POS App](images/using-sda-newinstall-fig3.png "A new Install Application step for Sample POS App")
*Figure 3. A new Install Application step for Sample POS App*
*Figure 3. A new Install Application step for Sample POS App*
12. On the **Properties** tab of the new **Install Application** step, enter **Install - Sample POS App** in the **Name** field, where *Sample POS App* is the name of your app.

8
devices/surface/wake-on-lan-for-surface-devices.md
View File

@ -48,10 +48,10 @@ To enable WOL support on Surface devices, a specific driver for the Surface Ethe
You can run this Microsoft Windows Installer (.msi) file on a Surface device to install the Surface WOL driver, or you can distribute it to Surface devices with an application deployment solution, such as System Center Configuration Manager. To include the Surface WOL driver during deployment, you can install the .msi file as an application during the deployment process. You can also extract the Surface WOL driver files to include them in the deployment process. For example, you can include them in your Microsoft Deployment Toolkit (MDT) deployment share. You can read more about Surface deployment with MDT in [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/deploy-windows-10-to-surface-devices-with-mdt).
>[!NOTE]
>During the installation of SurfaceWOL.msi, the following registry key is set to a value of 1, which allows easy identification of systems where the WOL driver has been installed. If you chose to extract and install these drivers separately during deployment, this registry key will not be configured and must be configured manually or with a script.
>**HKLM\SYSTEM\CurrentControlSet\Control\Power AllowSystemRequiredPowerRequests**
> [!NOTE]
> During the installation of SurfaceWOL.msi, the following registry key is set to a value of 1, which allows easy identification of systems where the WOL driver has been installed. If you chose to extract and install these drivers separately during deployment, this registry key will not be configured and must be configured manually or with a script.
>
> **HKLM\SYSTEM\CurrentControlSet\Control\Power AllowSystemRequiredPowerRequests**
To extract the contents of SurfaceWOL.msi, use the MSIExec administrative installation option (**/a**), as shown in the following example, to extract the contents to the C:\WOL\ folder: