deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Added kiosk mode and a step approach to the doc. Added in considerations for planning deployment

Browse Source
This commit is contained in:
Payge Winfield
2020-02-10 10:38:05 -08:00
parent 8e2947a31e
commit c9ad82809a
1 changed files with 47 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
devices/hololens/hololens-requirements.md
View File

@ -13,62 +13,67 @@ ms.date: 07/15/2019
# Deploy HoloLens in a commercial environment
You can deploy and configure HoloLens at scale in a commercial setting.
You can deploy and configure HoloLens at scale in a commercial setting. This article provides instructions for deploying HoloLens devices in a commercial environment. This guide assumes basic familiarity with HoloLens. Follow the [get started guide](hololens1-setup.md) to set up HoloLens for the first time.
This article includes:
## Overview of Deployment Steps
- Infrastructure requirements and recommendations for HoloLens management
- Tools for provisioning HoloLens
- Instructions for remote device management
- Options for application deployment
1. [Determine what features you need](hololens-requirements.md#step-1-determine-what-you-need)
1. [Determine what licenses you need](hololens-licenses-requirements.md)
1. [Configure your network for HoloLens](hololens-commercial-infrastructure.md).
1. This section includes bandwidth requirements, URL and Ports that need to be whitelisted on your firewall, Azure AD guidance, Mobile Device Management Guidance, app deployment/management guidance, and certificate guidance.
1. (Optional) [Configure HoloLens using a provisioning package](hololens-provisioning.md)
1. [Enroll Device](hololens-enroll-mdm.md)
1. [Set up ring based updates for HoloLens](hololens-updates.md)
1. [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
This guide assumes basic familiarity with HoloLens. Follow the [get started guide](hololens1-setup.md) to set up HoloLens for the first time.
## Step 1. Determine what you need
## Infrastructure for managing HoloLens
Before deploying the HoloLens in your environment, it is important to first determine what features, apps, and type of identities are needed.
HoloLens is, at its core, a Windows mobile device integrated with Azure. It works best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services.
### Type of Features
Critical cloud services include:
Your feature requirements will determine which HoloLens you need. One popular feature that we see deployed in customer environments frequently is Kiosk Mode. A list of HoloLens key features, and the editions of HoloLens that support them, can be found [here](hololens-commercial-features).
- Azure active directory (AAD)
- Windows Update (WU)
**What is Kiosk Mode?**
Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/enterprise-mobility-security/microsoft-intune) as an example, though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2.
Kiosk mode is a way to restrict the apps that a user has access to. This means that users will only be allowed to access certain apps.
HoloLens does support a limited set of cloud disconnected experiences.
**What Kiosk Mode do I require?**
## Initial set up at scale
There are two types of Kiosk Modes: Single app and multi-app. Single app kiosk mode allows user to only access one app while multi-app kiosk mode allows users to access multiple specified apps. To determine which kiosk mode is right for your corporation, the following two questions need to be answered:
The HoloLens out of box experience is great for setting up one or two devices or for experiencing HoloLens for the first time. If you're provisioning many HoloLens devices, however, selecting your language and settings manually for each device gets tedious and limits scale.
1. **Do different users who are require different experiences/restrictions?** Example, User A is a field service engineer who only needs access to Remote Assist. User B is a trainee who only needs access to guides… etc.
1. If yes, you will require the following:
1. Azure AD Accounts as the method of signing into the devices.
1. Multi-app kiosk mode.
1. If no, continue to question two
1. **Do you require a multi-app experience?**
1. If yes, Multi-app kiosk is mode is needed
1. If your answer to question 1 and 2 are both no, Single-app kiosk mode can be used
This section:
**How to set up Kiosk Mode**
- Introduces Windows provisioning using provisioning packages
- Walks through applying a provisioning package during first setup
There are two main ways ([provisioning packages](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) and [MDM](hololens-kiosk.md#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)) to deploy kiosk mode for HoloLens. These options will be discussed later in the document; however, you can use the links above to jump to the respective sections in this doc.
### Create and apply a provisioning package
### Apps
The best way to configure many new HoloLens device is with Windows provisioning. You can use it to specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in minutes.
This deployment guide will cover the following types of apps:
A [provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) (.ppkg) is a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device.
1. Remote Assist
2. Guides
3. Customer Apps
### Upgrade to Windows Holographic for Business
Each step in this document will include instructions for each specific app.
- HoloLens Enterprise license XML file
### Type of identity
Some of the HoloLens configurations you can apply in a provisioning package:
Determine the type of identity that will be used to sign into the device.
- Apply certificates to the device
- Set up a Wi-Fi connection
- Pre-configure out of box questions like language and locale
- (HoloLens 2) bulk enroll in mobile device management
- (HoloLens v1) Apply key to enable Windows Holographic for Business
1. **Local Accounts:** This account is local to the device (like a local admin account on a windows PC). This will allow only 1 user to log into the device.
2. **MSA:** This will be a personal account (like outlook, hotmail, gmail, yahoo, etc.) This will allow only 1 user to log into the device.
3. **Azure Active Directory (Azure AD) accounts:** This is an account created in Azure AD. This grants your corporation the ability to manage the HoloLens device. This will allow multiple users to log into the HoloLens 1st Gen Commercial Suite/the HoloLens 2 device.
Follow [this guide](https://docs.microsoft.com/hololens/hololens-provisioning) to create and apply a provisioning package to HoloLens.
### Set up user identity and enroll in device management
The last step in setting up HoloLens for management at scale is to enroll devices with mobile device management infrastructure. There are several ways to enroll:
### Determine your enrollment method
1. Bulk enrollment with a security token in a provisioning package.
Pros: this is the most automated approach
@ -80,66 +85,19 @@ The last step in setting up HoloLens for management at scale is to enroll device
Pros: possible to enroll after set up
Cons: most manual approach and devices aren't centrally manageable until they're manually enrolled.
Learn more about MDM enrollment [here](hololens-enroll-mdm.md).
More information can be found [here](hololens-enroll-mdm.md)
## Ongoing device management
### Determine if you need a provisioning package
Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely.
There are two methods to configure a HoloLens device (Provisioning packages and MDMs). We suggest using your MDM to configure you HoloLens device, however, there are some scenarios where using a provisioning package is the better choice:
This article outlines [policies and capabilities HoloLens supports](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#hololens).
1. You want to skip the Out of Box Experience (OOBE)
1. You are having trouble deploying certificate in a complex network. The majority of the time you can deploy certificates using MDM (even in complex environments). However, some scenarios require certificates to be deployed through the provisioning package.
[This article](https://docs.microsoft.com/intune/windows-holographic-for-business) talks about Intune's management tools for HoloLens.
### Push compliance policy via Intune
[Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are non-compliant.
For example, you can create a policy that requires Bitlocker be enabled.
[Create compliance policies with Intune](https://docs.microsoft.com/intune/compliance-policy-create-windows).
### Manage updates
Intune includes a feature called Update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed.
For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update.
Read more about [configuring update rings with Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure).
## Application management
Manage HoloLens applications through:
1. Microsoft Store
The Microsoft Store is the best way to distribute and consume applications on HoloLens. There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/windows/uwp/publish/).
All applications in the store are available publicly to everyone, but if it isn't acceptable, checkout the Microsoft Store for Business.
1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/)
Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It also lets you deploy apps that are specific to your commercial environment but not to the world.
1. Application deployment and management via Intune or another mobile device management solution
Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy).
1. _not recommended_ Device Portal
Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use the device portal.
Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps).
## Next Step: [Determine what licenses you need](hololens-licenses-requirements.md)
## Get support
Get support through the Microsoft support site.
[File a support request](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f).
## Technical Reference
### Wireless network EAP support
- PEAP-MS-CHAPv2
- PEAP-TLS
- TLS
- TTLS-CHAP
- TTLS-CHAPv2
- TTLS-MS-CHAPv2
- TTLS-PAP
- TTLS-TLS