Merge pull request #331 from CoveMiner/surface-2s-update-vjokai

Surface 2s update vjokai

devices/surface-hub/surface-hub-2s-configure-with-powershell.md

@@ -10,5 +10,93 @@ audience: Admin
 ms.topic: article
 ms.localizationpriority: Normal
 ---
+# Configure Surface Hub 2S accounts via PowerShell
 
-# Configure Surface Hub 2S accounts via PowerShell
+## Connect to Exchange Online PowerShell
+
+ ```PowerShell
+ $365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential (Get-Credential) -Authentication Basic –AllowRedirection $ImportResults = Import-PSSession $365Session
+ ```
+
+## Create a new Room Mailbox
+
+ ```PowerShell
+New-Mailbox -MicrosoftOnlineServicesID account@YourDomain.com -Alias SurfaceHub2S -Name SurfaceHub2S -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString  -String "<Enter Strong Password>" -AsPlainText -Force) 
+```
+
+## Set Calendar Auto processing
+   ```PowerShell
+   Set-CalendarProcessing -Identity "account@YourDomain.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts   $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub"
+```
+## Assign a license
+
+```PowerShell
+Connect-MsolService
+Set-Msoluser -UserPrincipalName account@YourDomain.com -UsageLocation IE
+Set-MsolUserLicense -UserPrincipalName "account@YourDomain.com" -AddLicenses "contoso:MEETING_ROOM"
+```
+	 
+# Connecting to Skype for Business Online using PowerShell
+
+**Install prerequisites**
+
+- [Visual C++ 2017 Redistributable](https://aka.ms/vs/15/release/vc_redist.x64.exe)
+- [Skype for Business Online PowerShell Module](https://www.microsoft.com/en-us/download/confirmation.aspx?id=39366)
+
+```PowerShell
+ Import-Module LyncOnlineConnector
+ $SfBSession = New-CsOnlineSession -Credential (Get-Credential)
+ Import-PSSession $SfBSession -AllowClobber
+ Enable the Skype for Business meeting room
+ Enable-CsMeetingRoom -Identity account@YourDomain.com -RegistrarPoo(Get-CsTenant).Registrarpool -SipAddressType EmailAddress
+```
+	 
+# Configuring on-premises accounts using PowerShell
+## Connect to Exchange Server PowerShell
+
+> [!NOTE]
+> It is important that you know the FQDN of the Client Access service of the on-premises Exchange server.
+
+```PowerShell
+ $ExchServer = Read-Host "Please Enter the FQDN of your Exchange Server"
+  $ExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchServer/PowerShell/ -Authentication Kerberos -Credential (Get-Credential)
+  Import-PSSession $ExchSession
+```
+
+## Create the device account
+   ```PowerShell
+New-Mailbox -UserPrincipalName Hub01@contoso.com -Alias Hub01 -Name "Hub 01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
+```
+
+## Set automatic calendar processing
+ ```PowerShell
+Set-CalendarProcessing -Identity "HUB01@contoso.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts   $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub"
+   ```
+
+## Enable the Skype for Business object
+
+> [!NOTE]
+> It is important that you know the FQDN of the Skype for Business Registrar Pool.
+
+
+```PowerShell
+Enable-CsMeetingRoom -Identity Contoso\HUB01 -SipAddressType emailaddress -RegistrarPool SfbIEFE01.contoso.local
+```
+
+# Mobile Device Mailbox Policy
+
+You may need to create a new Mobile Device Mailbox Policy (also known as ActiveSync Policy) to allow your Surface Hub to connect to your online or on-premises environment.
+
+
+## Create a Surface Hub mobile device mailbox policy
+```PowerShell
+New-MobileDeviceMailboxPolicy -Name “Surface Hubs” -PasswordEnabled $false
+```
+
+## Additional settings
+
+It is recommended to add a MailTip to Surface Hub rooms so users remember to make the meeting a Skype for Business or Teams meeting:
+
+```PowerShell
+Set-Mailbox "Surface Hub 2S" -MailTip "This is a Surface Hub room. Please make sure this is a Microsoft Teams meeting." 
+```

devices/surface-hub/surface-hub-2s-deploy.md

@@ -11,4 +11,48 @@ ms.topic: article
 ms.localizationpriority: Normal
 ---
 
-# Deploy Surface Hub 2S
+# Deploy Surface Hub 2S
+
+## Deploy Surface Hub 2S with a provisioning package
+
+You can use Windows Configuration Designer (WCD) to create provisioning packages to automate the deployment process of Surface Hub 2S. Use provisioning packages to add certificates, configure proxies, set up device administrators and device accounts. You can also use provisioning packages in conjunction with a configuration file to deploy multiple Surface Hubs with a single USB thumb drive.
+
+### Install Windows Configuration Designer
+Install Windows Configuration Designer from the Windows Assessment and Deployment Kit (ADK) for Windows 10. Download and install the ADK for Windows 10, version 1703.
+
+### Add certificates
+You can import Certificate Authority certificates to Surface Hub 2S.
+To add certificates to Surface Hub 2S, you’ll need a copy of each certificate as X.509 in .cer format. You cannot import .crt, .pfx or other container formats.
+Certificates must be imported into Windows Configuration Designer and arranged by hierarchy:
+
+ ![Add certificates](images/sh2-wcd.png)
+
+
+### Configure proxy during OOBE
+In Windows Configuration Designer, go to the Configure proxy settings tab and enter the appropriate settings as shown below.
+
+ ![Configure proxy settings](images/sh2-proxy.png) 
+
+> **[*!NOTE*]
+> **When configuring proxy settings, turn off **Automatically detect settings** if you intend to use a setup script or a proxy server. You can use a setup script *or* a proxy server, not both.
+
+### Affiliate Surface Hub 2S with Azure Active Directory
+You can affiliate Surface Hub 2S with Azure Active Directory using a provisioning package:
+As an Azure Active Directory Global Administrator, you can join large numbers of new Windows devices to Azure Active Directory and Intune using a bulk token.
+ 
+To create a bulk token, give it a friendly name, configure the expiration date (maximum of 30 days) and use your Admin credentials to acquire the token as shown below:
+ 
+ ![Set up device admins](images/sh2-token.png) <br>
+ ![Set up device admins](images/sh2-token2.png)<br>
+ ![Set up device admins](images/sh2-token3.png) <br>
+
+### Provisioning multiple devices (.csv file)
+In addition to the provisioning package, you can use a Surface Hub configuration file to make it even easier to set up your devices. A Surface Hub configuration file contains a list of device accounts and friendly names for wireless projection. During first run, you’ll get an option to choose a device account and friendly name from a configuration file.
+
+### To create a Surface Hub configuration file
+
+1. Using Microsoft Excel or another CSV editor, create a CSV file named: **SurfaceHubConfiguration.csv**
+2. Enter a list of device accounts and friendly names in this format: **<DeviceAccountName>,<DeviceAccountPassword>,<FriendlyName>**
+3. Save the file to the root of the USB thumb drive where you copied the PPKG file.
+
+ ![Configuration file example](images/sh2-config-file.png)

devices/surface-hub/surface-hub-2s-prepare-environment.md

@@ -11,4 +11,38 @@ ms.topic: article
 ms.localizationpriority: Normal
 ---
 
-# Prepare your environment for Surface Hub 2S 
+# Prepare your environment for Surface Hub 2S
+
+## Office 365 readiness
+
+You may use Exchange and Skype for Business on-premises with Surface Hub 2S. However, if you use Exchange Online, Skype for Business Online, Microsoft Teams or Microsoft Whiteboard, and intend to manage Surface Hub 2S with Intune, first review the [Office 365 requirements for endpoints](https://docs.microsoft.com/en-us/office365/enterprise/office-365-endpoints).
+
+Office 365 endpoints help optimize your network by sending all trusted Office 365 network requests directly through your firewall, bypassing all additional packet level inspection or processing. This reduces latency and your perimeter capacity requirements.
+
+Microsoft regularly updates the Office 365 service with new features and functionality, which may alter required ports, URLs, and IP addresses.  To evaluate, configure, and stay up to date with changes, subscribe to the [Office 365 IP Address and URL Web service](https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service.
+
+## Device affiliation
+
+Use Device affiliation to manage user access to the Settings app on Surface Hub 2S.
+With the Windows 10 Team Edition operating system  —  that runs on SH2  —  only authorized users can  adjust settings via the settings app. Since choosing the affiliation can impact feature availability, plan appropriately to ensure users can access features as intended.
+
+> [!NOTE]
+> You can only set Device affiliation during the initial out-of-box experience (OOBE) setup. If you need to reset Device affiliation, you’ll have to repeat OOBE setup.
+
+## No affiliation
+
+No affiliation is like having Surface Hub 2S in a workgroup with a different local Administrator account on each Surface Hub 2S. If you choose No affiliation, you must locally save the [Bitlocker Key to a USB thumb drive](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-key-management-faq). You can still enroll the device with Intune, however only the local admin will be able to access the Settings app using the account credentials configured during OOBE. You can change the Administrator account password from the Settings app.
+
+## Active Directory Domain Services
+
+If you affiliate Surface Hub 2S with on-premises Active Directory Domain Services, you will need to manage access to the Settings app via a security group on your domain, ensuring that all SG members have permissions to change settings on Surface Hub 2S. Note also the following:
+
+- When Surface Hub 2S affiliates with your on-premises Active Directory Domain Services, the Bitlocker key is saved in the AD Schema and can be exported to a file.
+- Your organization’s Trusted Root CAs are pushed to the same container in Surface Hub 2S, which means you don’t need to import them using a provisioning package.
+- You can still enroll the device with Intune to centrally manage settings on your Surface Hub 2S.
+
+## Azure Active Directory
+
+When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S.
+
+If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s Bitlocker key will be automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and streamlined sign-on may not work.

devices/surface-hub/surface-hub-2s-quick-start.md

@@ -0,0 +1,15 @@
+---
+title: "Surface Hub 2S quick start guide"
+description: "View the Surface Hub 2S quick start guide included in the packaging."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: robmazz
+ms.author: robmazz
+audience: Admin
+ms.topic: article
+ms.localizationpriority: Normal
+---
+# Surface Hub 2S quick start guide
+
+Download the Surface Hub 2S quick start guide.