deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 03:43:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

merge conflict

Browse Source
This commit is contained in:
Trudy Hakala
2016-10-12 13:59:36 -07:00
parent 2433741700 dd76a27d85
commit f914103225
4 changed files with 285 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

175
devices/surface-hub/install-apps-on-surface-hub.md
View File

@ -13,33 +13,25 @@ localizationpriority: medium
# Install apps on your Microsoft Surface Hub
You can install additional apps on your Surface Hub to fit your team or organization's needs. There are different methods for installing apps depending on if you are developing and testing an app, or deploying a released app. This topic describes methods for installing apps for either scenario.
You can install additional apps on your Surface Hub to fit your team or organization's needs. There are different methods for installing apps depending on whether you are developing and testing an app, or deploying a released app. This topic describes methods for installing apps for either scenario.
A few things to know about apps on Surface Hub:
- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp).
- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631).
- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.
- When submitting an app to the Windows Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub.
- You need admin credentials to install apps on your Surface Hub. Since the device is designed to be used in communal spaces like meeting rooms, people can't access the Windows Store to download and install apps.
There are a few different ways to install apps on your Surface Hub depending on whether you are testing apps, or deploying them. This table outlines supported the supported methods:
| Install method | Testing and <br> developing apps | Deploying <br> apps |
| -------------------------- | --------------------------- | -------------- |
| Developer mode | X | |
| Visual Studio | X | |
| Windows Store app | X | |
| Provisioning package | | X |
| Configuration manager | | X |
## Test and develop apps
While you're developing your own app, or evaluating apps to deploy to your organization, there are a few options for testing apps on Surface Hub.
## Develop and test apps
While you're developing your own app, there are a few options for testing apps on Surface Hub.
### Developer Mode
By default, Surfacve Hub only runs UWP apps that have been published to and signed by the Windows Store. Apps submitted to the Windows Store go through security and compliance tests as part of the app certification process, so this helps safeguard your Surface Hub against malicious apps.
By default, Surface Hub only runs UWP apps that have been published to and signed by the Windows Store. Apps submitted to the Windows Store go through security and compliance tests as part of the [app certification process](https://msdn.microsoft.com/en-us/windows/uwp/publish/the-app-certification-process), so this helps safeguard your Surface Hub against malicious apps.
By enabling developer mode, you can also install developer-signed UWP apps.
> [!NOTE]
> [!IMPORTANT]
> After developer mode has been enabled, you will need to reset the Surface Hub to disable it. Resetting the device removes all local user files and configurations and then reinstalls Windows.
**To turn on developer mode**
@ -49,10 +41,59 @@ By enabling developer mode, you can also install developer-signed UWP apps.
4. Select **Developer mode** and accept the warning prompt.
### Visual Studio
During development, the easiest way to test your app on a Surface Hub is using Visual Studio. Visual Studio's remote debugging feature helps discover issues in your app before deploying it broadly. For more information, see [Test Surface Hub apps using Visual Studio](https://msdn.microsoft.com/windows/uwp/debug-test-perf/test-surface-hub-apps-using-visual-studio).
During development, the easiest way to test your app on a Surface Hub is using Visual Studio. Visual Studio's remote debugging feature helps you discover issues in your app before deploying it broadly. For more information, see [Test Surface Hub apps using Visual Studio](https://msdn.microsoft.com/windows/uwp/debug-test-perf/test-surface-hub-apps-using-visual-studio).
### Provisioning package
Use Visual Studio to [create an app package](https://msdn.microsoft.com/library/windows/apps/hh454036.aspx) for your UWP app, signed using a test certificate. Then use Windows Imaging and Configuration Designer (ICD) to create a provisioning package containing the app package. For more information, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md).
## Submit apps to the Windows Store
Once an app is ready for release, developers need to submit and publish it to the Windows Store. For more information, see [Publish Windows apps](https://developer.microsoft.com/store/publish-apps).
During app submission, developers need to set **Device family availability** and **Organizational licensing** options to make sure the app will be available to run on Surface Hub.
**To set device family availability**
1. On the [Windows Dev Center](https://developer.microsoft.com), navigate to your app submission page.
2. Select **Packages**.
3. Under Device family availability, select these options:
- **Windows 10 Desktop** (other device families are optional)
- **Let Microsoft decide whether to make the app available to any future device families**
> ![Image showing Device family availability page - part of Windows Store app submission process.](images/sh-device-family-availability.png)
For more information, see [Device family availability](https://msdn.microsoft.com/windows/uwp/publish/upload-app-packages#device-family-availability).
**To set organizational licensing**
1. On the [Windows Dev Center](https://developer.microsoft.com), navigate to your app submission page.
2. Select **Pricing and availability**.
3. Under Organizational licensing, select **Allow disconnected (offline) licensing for organizations**.
> ![Image showing Organizational licensing page - part of Windows Store app submission process.](images/sh-org-licensing.png)
> [!NOTE]
> **Make my app available to organizations with Store-managed (online) licensing and distribution** is selected by default.
> [!NOTE]
> Developers can also publish line-of-business apps directly to enterprises without making them broadly available in the Store. For more information, see [Distribute LOB apps to enterprises](https://msdn.microsoft.com/windows/uwp/publish/distribute-lob-apps-to-enterprises).
For more information, see [Organizational licensing options](https://msdn.microsoft.com/windows/uwp/publish/organizational-licensing).
## Deploy released apps
There are several options for installing apps that have been released to the Windows Store, depending on whether you want to evaluate them on a few devices, or deploy them broadly to your organization.
To install released apps:
- Download the app using the Windows Store app, or
- Download the app package from the Windows Store for Business, and distribute it using a provisioning package or a supported MDM provider.
### Windows Store app
Use Windows Store app to browse and download apps to test them on your Surface Hub.
To evaluate apps released on the Windows Store, use the Windows Store app on the Surface Hub to browse and download apps.
> [!NOTE]
> Using the Windows Store app is not the recommended method of deploying apps at scale to your organization:
> - To download apps, you must sign in to the Windows Store app with a Microsoft account or organizational account. However, you can only connect an account to a maximum of 10 devices at once. If you have more than 10 Surface Hubs, you will need to create multiple accounts or remove devices from your account between app installations.
> - To install apps, you will need to manually sign in to the Windows Store app on each Surface Hub you own.
**To browse the Windows Store on Surface Hub**
1. From your Surface Hub, start **Settings**.
@ -60,67 +101,67 @@ Use Windows Store app to browse and download apps to test them on your Surface H
3. Navigate to **This device** > **Apps & features**.
4. Select **Open Store**.
Downloading apps from the Store is not the recommended method of deploying apps at scale to your organization:
- Downloading apps from the Store requires you to sign in to the Store app with a Microsoft account or organizational account. However, you can only connect an account to a maximum of 10 devices at once. If you have more than 10 Surface Hubs, you will need to create multiple accounts or remove devices from your account between app installations.
- To install apps, you will need to manually sign in to the Store app on each Surface Hub you own.
### Provisioning package
Use Visual Studio to [create an app package](https://msdn.microsoft.com/library/windows/apps/hh454036.aspx) for your UWP app, signed using a test certificate. Then use Windows Imaging and Configuration Designer (WICD) to create a provisioning package containing the app package and license file. For more information, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md).
## Submit the app to the Windows Store
Once an app is ready for release, developers need to submit and publish it to the Windows Store. For more information, see [Publish Windows apps](https://developer.microsoft.com/store/publish-apps).
During app submission, developers need to set **Device family availability** and **Organizational licensing** options to make sure the app will be available to run on Surface Hub.
**To set device family availability**
- On Device familiy availability, select these options:
- **Windows 10 Desktop** (other device families are optional)
- **Let Microsoft decide whether to make the app available to any future device families**.
![Image showing Device family availability page - part of Windows Store app submission process.](images/sh-device-family-availability.png)
For more information, see [Device family availability](https://msdn.microsoft.com/windows/uwp/publish/upload-app-packages#device-family-availability).
**To set organizational licensing**
- On **Organizational licensing**, select **Allow disconnected (offline) licensing for organizations**.
![Image showing Organizational licensing page - part of Windows Store app submission process.](images/sh-org-licensing.png)
> [!NOTE]
> **Make my app available to organizations with Store-managed (online) volume licensing** is selected by default.
For more information, see [Organizational licensing options](https://msdn.microsoft.com/windows/uwp/publish/organizational-licensing).
Developers can also publish line-of-business apps directly to enterprises without making them broadly available in the Store. For more information, see [Distribute LOB apps to enterprises](https://msdn.microsoft.com/windows/uwp/publish/distribute-lob-apps-to-enterprises).
## Deploy apps to your organization
After you've tested your apps, and submitted them to Windows Store, there are a few options for deploying apps to your organization.
### Download apps from Windows Store for Business
### Download app packages from Windows Store for Business
To download the app package you need to install apps on your Surface Hub, visit the [Windows Store for Business](https://www.microsoft.com/business-store). The Store for Business is where you can find, acquire, and manage apps for the Windows 10 devices in your organization, including Surface Hub.
> [!NOTE]
> Currently, Surface Hub only supports offline-licensed apps available through Store for Business. App developers set offline-license avaialability when they submit apps.
> Currently, Surface Hub only supports offline-licensed apps available through the Store for Business. App developers set offline-license availability when they submit apps.
Find and acquire the app you want, then download the offline-licensed app package and the encoded license file. For more information, see [Download an offline-licensed app](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps#download-an-offline-licensed-app).
Find and acquire the app you want, then download:
- The offline-licensed app package (either an .appx or an .appxbundle)
- The *unencoded* license file (if you're using provisioning packages to install the app)
- The *encoded* license file (if you're using MDM to distribute the app)
- Any necessary dependency files
For more information, see [Download an offline-licensed app](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps#download-an-offline-licensed-app).
### Provisioning package
Use Windows Imaging and Configuration Designer (WICD) to create a provisioning package containing the app package and license file that you downloaded from the Store for Business. For more information, see Create provisioning packages to learn more.
You can manually install the offline-licensed apps that you downloaded from the Store for Business on a few Surface Hubs using provisioning packages. Use Windows Imaging and Configuration Designer (ICD) to create a provisioning package containing the app package and *unencoded* license file that you downloaded from the Store for Business. For more information, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md).
### System Center Configuration Manager
If your organization uses Configuration Manager SP1, System Center 2012 R2 Configuration Manager, or System Center Configuration Manager (current branch), you can use it to deploy apps remotely to Surface Hubs in your organization.
### Supported MDM provider
To deploy apps to a large number of Surface Hubs in your organization, use a supported MDM provider. The table below shows which MDM providers support deploying offline-licensed app packages.
1. Enroll your Surface Hubs to Configuration Manager. For more information, see [Enroll a Surface Hub into MDM](manage-settings-with-mdm-for-surface-hub.md).
2. Create and deploy a Configuration Manager application using your offline-licensed app package and encoded license file. For more information, see [Create and deploy an application with SCCM](https://technet.microsoft.com/library/mt595707.aspx). Use these tips for the Create Application wizard: <br>
- Choose to **Automatically detect information about this application from installation files, and choose Windows app package (*.appx, *.appxbundle)**.
- Point the location to a folder containing the offline-licensed app package and encoded license file that you downloaded from the Store for Business.
- Ensure that you provide an encoded license file.
- In the Summary page of the wizard, ensure that your license file was properly detected.
3. As needed, update the app by downloading a new package from the Store for Business, and publishing an application revision in Configuration Manager. For more information, see [Update and retire applications with SCCM](https://technet.microsoft.com/library/mt595704.aspx).
| MDM provider | Supports offline-licensed app packages |
|-----------------------------|----------------------------------------|
| On-premises MDM with System Center Configuration Manager (beginning in version 1602) | Yes |
| Hybrid MDM with System Center Configuration Manager and Microsoft Intune | Yes |
| Microsoft Intune standalone | No |
| Third-party MDM provider | Check to make sure your MDM provider supports deploying offline-licensed app packages. |
**To deploy apps remotely using System Center Configuration Manager (either on-prem MDM or hybrid MDM)**
> [!NOTE]
> If you are using System Center Configuration Manager (current branch), you can bypass the above steps by connecting the Store for Business to Configuration Manager. By doing so, you can synchronize the list of apps you've purchased with Configuration Manager, view these in the Configuration Manager console, and deploy them like you would any other app. For more information, see [Manage apps from the Windows Store for Business with SCCM](https://technet.microsoft.com/library/mt740630.aspx).
> These instructions are based on the current branch of System Center Configuration Manager.
1. Enroll your Surface Hubs to System Center Configuration Manager. For more information, see [Enroll a Surface Hub into MDM](manage-settings-with-mdm-for-surface-hub.md#enroll-into-mdm).
2. Download the offline-licensed app package, the *encoded* license file, and any necessary dependency files from the Store for Business. For more information, see [Download an offline-licensed app](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps#download-an-offline-licensed-app). Place the downloaded files in the same folder on a network share.
3. In the **Software Library** workspace of the Configuration Manager console, click **Overview** > **Application Management** > **Applications**.
4. On the **Home** tab, in the **Create** group, click **Create Application**.
5. On the **General** page of the **Create Application Wizard**, select the **Automatically detect information about this application from installation files** check box.
6. In the **Type** drop-down list, select **Windows app package (\*.appx, \*.appxbundle)**.
7. In the **Location** field, specify the UNC path in the form \\server\share\\filename for the offline-licensed app package that you downloaded from the Store for Business. Alternatively, click **Browse** to browse to the app package.
8. On the **Import Information** page, review the information that was imported, and then click **Next**. If necessary, you can click **Previous** to go back and correct any errors.
9. On the **General Information** page, complete additional details about the app. Some of this information might already be populated if it was automatically obtained from the app package.
10. Click **Next**, review the application information on the Summary page, and then complete the Create Application Wizard.
11. Create a deployment type for the application. For more information, see [Create deployment types for the application](https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-applications#create-deployment-types-for-the-application).
12. Deploy the application to your Surface Hubs. For more information, see [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/apps/deploy-use/deploy-applications).
13. As needed, update the app by downloading a new package from the Store for Business, and publishing an application revision in Configuration Manager. For more information, see [Update and retire applications with System Center Configuration Manager](https://technet.microsoft.com/library/mt595704.aspx).
> [!NOTE]
> If you are using System Center Configuration Manager (current branch), you can bypass the above steps by connecting the Store for Business to System Center Configuration Manager. By doing so, you can synchronize the list of apps you've purchased with System Center Configuration Manager, view these in the Configuration Manager console, and deploy them like you would any other app. For more information, see [Manage apps from the Windows Store for Business with System Center Configuration Manager](https://technet.microsoft.com/library/mt740630.aspx).
## Summary
There are a few different ways to install apps on your Surface Hub depending on whether you are developing apps, evaluating apps on a small number of devices, or deploying apps broadly to your oganization. This table summarizes the supported methods:
| Install method | Developing apps | Evaluating apps on <br> a few devices | Deploying apps broadly <br> to your organization |
| -------------------------- | --------------- | ------------------------------------- | ---------------------- |
| Visual Studio | X | | |
| Provisioning package | X | X | |
| Windows Store app | | X | |
| Supported MDM provider | | | X |
## Related topics

248
devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
View File

@ -15,17 +15,24 @@ localizationpriority: medium
Surface Hub and other Windows 10 devices allow IT administrators to manage settings and policies using a mobile device management (MDM) provider. A built-in management component communicates with the management server, so there is no need to install additional clients on the device. For more information, see [Windows 10 mobile device management](https://msdn.microsoft.com/library/windows/hardware/dn914769.aspx).
Surface Hub has been validated with Microsofts first-party MDM providers: Microsoft Intune and System Center Configuration Manager (current branch). You can also manage Surface Hubs using any third-party provider that can communicate with Windows 10 using the MDM protocol.
Surface Hub has been validated with Microsofts first-party MDM providers:
- On-premises MDM with System Center Configuration Manager (beginning in version 1602)
- Hybrid MDM with System Center Configuration Manager and Microsoft Intune
- Microsoft Intune standalone
You can also manage Surface Hubs using any third-party MDM provider that can communicate with Windows 10 using the MDM protocol.
## <a href="" id="enroll-into-mdm"></a>Enroll a Surface Hub into MDM
You can enroll your Surface Hubs using automatic, bulk, or manual enrollment.
> [!NOTE]
> You can join your Surface Hub to Azure Active Directory (Azure AD) to manage admin groups on the device. However, Surface Hub does not currently support automatic MDM enrollment through Azure AD join. If your organization automatically enrolls Azure AD joined devices into MDM, you must disable this policy for Surface Hub before joining the device to Azure AD.
### Automatic enrollment
**To configure automatic enrollment**
- For information on configuring automatic enrollment, see [Azure Active Directory enrollment](https://docs.microsoft.com/intune/deploy-use/set-up-windows-phone-management-with-microsoft-intune#azure-active-directory-enrollment).
> You can join your Surface Hub to Azure Active Directory (Azure AD) to manage admin groups on the device. However, Surface Hub does not currently support automatic enrollment to Microsoft Intune through Azure AD join. If your organization automatically enrolls Azure AD joined devices into Intune, you must disable this policy for Surface Hub before joining the device to Azure AD.
> **To disable automatic enrollment for Microsoft Intune**
> 1. In the [Azure classic portal](https://manage.windowsazure.com/), navigate to the **Active Directory** node and select your directory.
> 2. Click the **Applications** tab, then click **Microsoft Intune**.
> 3. Under **Manage devices for these users**, click **Groups**.
> 4. Click **Select Groups**, then select the groups of users you want to automatically enroll into Intune. Do not include accounts that are used to enroll Surface Hubs into Intune.
> 5. Click the checkmark button, then click **Save**.
### Bulk enrollment
**To configure bulk enrollment**
@ -34,7 +41,7 @@ You can enroll your Surface Hubs using automatic, bulk, or manual enrollment.
- If you have an on-premises System Center Configuration Manager infrastructure, see [How to bulk enroll devices with On-premises Mobile Device Management in System Center Configuration Manager](https://technet.microsoft.com/library/mt627898.aspx).
### Manual enrollment
You can manually enroll with an MDM using **Settings** on your Surface Hub.
You can manually enroll with an MDM using the **Settings** app on your Surface Hub.
**To configure manual enrollment**
1. From your Surface Hub, open **Settings**.
@ -45,161 +52,174 @@ You can manually enroll with an MDM using **Settings** on your Surface Hub.
## Manage Surface Hub settings with MDM
You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings), and some [Windows 10 settings](#supported-windows-10-settings).
You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings), and some [Windows 10 settings](#supported-windows-10-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML.
### Supported Surface Hub CSP settings
You can configure the Surface Hub settings in the following table using MDM. The table also tells if the setting is supported on Microsoft Intune, System Center Configuration Manager (Configuration Manager), or SyncML.
You can configure the Surface Hub settings in the following table using MDM. The table also tells if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML.
For more information, see [Surface Hub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx).
For more information, see [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx).
| Setting | Supported CSPs | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| Setting | Node in the SurfaceHub CSP | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| -------------------- | -----------------------|-------------------------- | ---------------------------------------- | ------------------------- |
| Maintenance hours | MaintenanceHoursSimple/Hours/StartTime <br> MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes |
| Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes |
| Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes |
| Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes.<br> Use a custom setting.| Yes |
| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.<br> Use a custom setting.| Yes |
| Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID <br> MOMAgent/WorkspaceKey | Yes | Yes.<br> Use a custom setting.| Yes |
| Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes.<br> Use a custom setting. | Yes |
| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.<br> Use a custom setting. | Yes |
| Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID <br> MOMAgent/WorkspaceKey | Yes | Yes.<br> Use a custom setting. | Yes |
| Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.<br> Use a custom setting. | Yes |
| Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.<br> Use a custom setting. | Yes |
| Friendly name for wireless projection | Properties/FriendlyName | Yes. <br> Use a custom policy | Yes.<br> Use a custom setting.| Yes |
| Device account, including password rotation | Multiple | No | No | Yes |
| Friendly name for wireless projection | Properties/FriendlyName | Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
| Device account, including password rotation | DeviceAccount/\<name of policy\> <br> See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes |
Refer to documentation from your MDM provider to learn how to create and deploy SyncML.
> [!TIP]
You need to use a settings OMA URI to create a custom policy in Intune, or a custom setting in System Center Configuration Manager.
**To generate the OMA URI for any setting in the CSP documentation**
- Prepend the node path with path of the root node. <br>
For example, the OMA URI for the InBoxApps/WirelessProjection/Enabled setting in the SurfaceHub CSP is “./Vendor/MSFT/SurfaceHub/InBoxApps/WirelessProjection/Enabled”.
The data type is stated in the CSP documentation. The most common data types are:
- char (string)
- int (integer)
- bool (boolean)
Depending on the MDM provider that you use, you may set these settings using the SyncML nodes defined in the SurfaceHub CSP, or using a built-in user interface. Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub.
### Supported Windows 10 settings
In addition to Surface Hub specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference]().
In addition to Surface Hub specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://msdn.microsoft.com/en-us/library/windows/hardware/dn920025.aspx).
The following tables include info on Windows 10 settings have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table also tells if the setting is supported on Microsoft Intune, System Center Configuration Manager (Configuration Manager), or SyncML.
The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table also tells if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML.
#### Security settings
**Security settings**
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| -------- | -------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/\<name of policy\> <br> See [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx) | Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
| Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
| Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
| Setting | Details | CSP documentation reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| -------- | -------- | --------------------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | ./Vendor/MSFT/Policy/Config/Connectivity/AllowBluetooth| Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Various policies in the Policy CSP: ./Vendor/MSFT/Policy/Config/Bluetooth/<name of policy> | Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
| Allow camera | Keep this enabled for Skype for Business. | ./Vendor/MSFT/Policy/Config/Camera/AllowCamera| Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
| Allow location | Keep this enabled to support apps such as Maps.| ./Vendor/MSFT/Policy/Config/System/AllowLocation| Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | ./Vendor/MSFT/Policy/Config/System/AllowTelemetry| Yes. <br> Use a custom policy. | Yes.<br> Use a custom setting. | Yes |
#### Browser settings
**Browser settings**
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| -------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Allow search suggestions | Use to block search suggestions in the address bar| [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Allow SmartScreen | Keep this enabled to turn on SmartScreen | [Browser/AllowSmartScreen](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Prevent ignoring SmartScreen Filter warnings for websites | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Prevent ignoring SmartScreen Filter warnings for files | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Setting | Details | CSP documentation reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| -------- | ---------------- | --------------------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Homepages | Use to configure the default homepages in Microsoft Edge.| ./Vendor/MSFT/Policy/Config/Browser/Homepages | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. |./Vendor/MSFT/Policy/Config/Browser/AllowCookies | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Allow developer tools | Use to stop users from using F12 Developer Tools.| ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools| Yes. <br> Use a custom policy.| Yes. <br> Use a custom setting.| Yes |
| Allow Do Not Track | Use to enable Do Not Track headers. | ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Allow pop-ups | Use to block pop-up browser windows. | ./Vendor/MSFT/Policy/Config/Browser/AllowPopups | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Allow search suggestions| Use to block search suggestions in the address bar| ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar| Yes. <br> Use a custom policy.| Yes. <br> Use a custom setting.| Yes |
| Allow SmartScreen | Keep this enabled to turn on SmartScreen| ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen | Yes. <br> Use a custom policy.| Yes. <br> Use a custom setting.| Yes |
| Prevent ignoring SmartScreen Filter warnings for websites| For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites.| ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverride| Yes. <br> Use a custom policy.| Yes. <br> Use a custom setting.| Yes |
| Prevent ignoring SmartScreen Filter warnings for files| For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge.| ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles| Yes. <br> Use a custom policy.| Yes. <br> Use a custom setting.| Yes |
#### Windows Update settings
**Windows Update settings**
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_BranchReadinessLevel) | Yes. Use a custom policy. | Yes. Use a custom setting. | Yes |
| Defer feature updates| See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_PauseFeatureUpdates) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_PauseQualityUpdates) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes|
| Configure device to use WSUS| Use to connect your Surface Hub to WSUS instead of Windows Update see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_UpdateServiceUrl) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/\<name of policy\> <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Setting | Details | CSP documentation reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| ----------- | ---------------- | --------------------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business see Windows Updates.| ./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel | Yes. Use a custom policy.| Yes. Use a custom setting.| Yes |
| Defer feature updates| See above. | ./Vendor/MSFT/Policy/Config/Update/ DeferFeatureUpdatesPeriodInDays| Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Defer quality updates See above. | ./Vendor/MSFT/Policy/Config/Update/DeferQualityUpdatesPeriodInDays| Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Pause feature updates| See above. | ./Vendor/MSFT/Policy/Config/PauseFeatureUpdates| Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Pause quality updates| See above. | ./Vendor/MSFT/Policy/Config/Update/PauseQualityUpdates| Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes|
| Configure device to use WSUS| Use to connect your Surface Hub to WSUS instead of Windows Update see Windows Updates. | ./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | Various policies in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx): <br>./Vendor/MSFT/Policy/Config/DeliveryOptimization/<name of policy>| Yes. <br> Use a custom policy.| Yes. <br> Use a custom setting.| Yes |
#### Windows Defender settings
**Windows Defender settings**
| Setting | Details | CSP documentation reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| ----------- | ---------------- | --------------------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Defender policies. |Use to configure various Defender settings, including a scheduled scan time. | Various policies in [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx): <br> ./Vendor/MSFT/Policy/Config/Defender/<name of policy>. | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Defender policies. |Use to configure various Defender settings, including a scheduled scan time. | Defender/\<name of policy\> <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes
| Defender status | Use to initiate a Defender scan, force a signature update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | No. | No. | Yes |
**Remote reboot settings**
#### Remote reboot settings
| Setting | Details | CSP documentation reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| ----------- | ---------------- | --------------------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Reboot the device immediately| Use in conjunction with OMS to minimize support costs see Monitoring.| ./Vendor/MSFT/Reboot/RebootNow| No| No| Yes |
| Reboot the device at a scheduled date and time| See above.| ./Vendor/MSFT/Reboot/Schedule/Single | Yes. <br> Use a custom policy.| Yes. <br> Use a custom setting.| Yes |
| Reboot the device daily at a scheduled date and time| See above.| ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent | Yes. <br> Use a custom policy.| Yes. <br> Use a custom setting.| Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Reboot the device immediately| Use in conjunction with OMS to minimize support costs see [Monitor your Microsoft Surface Hub](monitor-surface-hub). | ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx) | No | No | Yes |
| Reboot the device at a scheduled date and time| See above. | ./Vendor/MSFT/Reboot/Schedule/Single <br> See [Reboot CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
| Reboot the device daily at a scheduled date and time| See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent <br> See [Reboot CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx) | Yes. <br> Use a custom policy. | Yes. <br> Use a custom setting. | Yes |
**Certficate settings**
#### Certficate settings
| Setting | Details | CSP documentation reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| ----------- | ---------------- | --------------------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Install certificates | Use to deploy certificates to the Surface Hub. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) and [ClientCertificateInstall CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023.aspx) | Yes. <br> See [Secure resource access with certificate profiles](https://docs.microsoft.com/intune/deploy-use/secure-resource-access-with-certificate-profiles). | Yes. <br> See [How to create certificate profiles in Configuration Manager](https://technet.microsoft.com/library/dn270541.aspx). | Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Install certificates | Use to deploy certificates to the Surface Hub. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) <br> [ClientCertificateInstall CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023.aspx) | Yes. <br> See [Secure resource access with certificate profiles](https://docs.microsoft.com/intune/deploy-use/secure-resource-access-with-certificate-profiles). | Yes. <br> See [How to create certificate profiles in Configuration Manager](https://technet.microsoft.com/library/dn270541.aspx). | Yes |
**Log settings**
#### Log settings
| Setting | Details | CSP documentation reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| ----------- | ---------------- | --------------------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Log collection | Use to remotely collect ETW logs from Surface Hub.| [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) | No| No| Yes |
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML? |
| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- |
| Log collection | Use to remotely collect ETW logs from Surface Hub. | [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) | No | No | Yes |
<!-- ## Example: Manage Surface Hub settings with Micosoft Intune
### Generate OMA URIs for settings
You need to use a settings OMA URI to create a custom policy in Intune, or a custom setting in System Center Configuration Manager.
You can Use Intune to create a configuration policy from a template, or create a custom configuration policy to manage some Surface Hub settings.
**To generate the OMA URI for any setting in the CSP documentation**
1. In the CSP documentation, identify the root node of the CSP. Generally, this looks like `./Vendor/MSFT/<name of CSP>`. <br>
For example, the root node of the [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx) is `./Vendor/MSFT/SurfaceHub`.
2. Identify the node path for the setting you want to use. <br>
For example, the node path for the setting to enable wireless projection is `InBoxApps/WirelessProjection/Enabled`.
3. Append the node path to the root node to generate the OMA URI. <br>
For example, the OMA URI for the setting to enable wireless projection is `./Vendor/MSFT/SurfaceHub/InBoxApps/WirelessProjection/Enabled`.
The data type is also stated in the CSP documentation. The most common data types are:
- char (String)
- int (Integer)
- bool (Boolean)
## Example: Manage Surface Hub settings with Micosoft Intune
You can use Microsoft Intune to manage Surface Hub settings.
**To create a configuration policy from a template**
You'll use the **Windows 10 Team general configuration policy** as the template.
1. Access the Intune management portal at [https://manage.microsoft.com](https://manage.microsoft.com).
2. Sign in with your Intune administrator account.
3. On the left-hand navigation menu, click **Policy**.
4. In the Overview page, click **Add Policy**.
5. On **Select a template for the new policy**, expand **Windows**, select **General Configuration (Windows 10 Team and later)**, select **Create and Deploy a Custom Policy**, and then click **Create Policy**.
6. Configure your policy, then click **Save Policy**
7. When prompted, click **Yes** to deploy your new policy to a user or device group.
For more informration, see [Use groups to manage users and devices in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/use-groups-to-manage-users-and-devices-with-microsoft-intune).
1. On the [Intune management portal](https://manage.microsoft.com), sign in with your Intune administrator account.
2. On the left-hand navigation menu, click **Policy**.
3. In the Overview page, click **Add Policy**.
4. On **Select a template for the new policy**, expand **Windows**, select **General Configuration (Windows 10 Team and later)**, and then click **Create Policy**.
5. Configure your policy, then click **Save Policy**
6. When prompted, click **Yes** to deploy your new policy to a user or device group. For more information, see [Use groups to manage users and devices in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/use-groups-to-manage-users-and-devices-with-microsoft-intune).
**To create a custom configuration policy**
Youll need to create a custom policy to manage settings that are not available in the template.
1. Access the Intune management portal at [https://manage.microsoft.com](https://manage.microsoft.com).
2. Sign in with your Intune administrator account.
3. On the left-hand navigation menu, click **Policy**.
4. In the Overview page, click **Add Policy**.
5. On **Select a template for the new policy**, expand **Windows**, select **Custom Configuration (Windows 10 Desktop and Mobile and later)**, select **Create and Deploy a Custom Policy**, and then click **Create Policy**.
6. Type a name for the policy.
7. Under OMA-URI Settings, click **Add**.
8. Complete the form to create a new setting, and then click **OK**.
9. Repeat Step 8 for each setting you want to configure with this policy.
10. Once you're done, click **Save Policy** and deploy it to a user or device group.
1. On the [Intune management portal](https://manage.microsoft.com), sign in with your Intune administrator account.
2. On the left-hand navigation menu, click **Policy**.
3. In the Overview page, click **Add Policy**.
4. On **Select a template for the new policy**, expand **Windows**, select **Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
5. Type a name and optional description for the policy.
6. Under OMA-URI Settings, click **Add**.
7. Complete the form to create a new setting, and then click **OK**.
8. Repeat Steps 6 and 7 for each setting you want to configure with this policy.
9. Once you're done, click **Save Policy** and deploy it to a user or device group.
## Example: Manage Surface Hub settings with System Center Configuration Manager
The current branch of System Center Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use System Center Configuration Manager to manage other devices in your organization, you can continue to use the administrative console as your single location for managing Surface Hubs.
System Center Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use System Center Configuration Manager to manage other devices in your organization, you can continue to use the Configuration Manager console as your single location for managing Surface Hubs.
> [!NOTE]
> These instructions are based on the current branch of System Center Configuration Manager.
**To create a configuration item for Surface Hub settings**:
1. Open the Configuration Manager console.
2. Under **Assets and Compliance**, expand **Compliance Settings**, and select **Configuration Items**.
3. Click **Create Configuration Item**.
4. Type a name and a description for the configuration item.
5. Under **Settings for devices managed without the Configuration Manager client**, select **Windows 8.1 and Windows 10**, and then click **Next**.
6. On **Supported Platforms**, select **Supported Platforms**, expand **Windows 10**, select **All Windows 10 Team and higher**, and then click **Next**.
7. On **Windows 10 team**, under **Device settings**, select **Windows 10 Team**. A new tab labelled **Windows 10 Team** will appear on the left-hand side. -->
**To create a configuration item for Surface Hub settings**
## Related topic
1. On the **Assets and Compliance** workspace of the Configuration Manager console, click **Overview** > **Compliance Settings** > **Configuration Items**.
2. On the **Home** tab, in the **Create** group, click **Create Configuration Item**.
3. On the **General** page of the Create Configuration Item Wizard, specify a name and optional description for the configuration item.
4. Under **Specify the type of configuration item that you want to create**, select **Windows 8.1 and Windows 10**.
5. Click **Categories** if you create and assign categories to help you search and filter configuration items in the Configuration Manager console.
6. On the **Supported Platforms** page, select **Windows 10** > **All Windows 10 Team and higher**. Unselect the other Windows platforms.
7. On the **Device Settings** page, under **Device settings groups**, select **Windows 10 Team**.
8. On the **Windows 10 Team** page, configure the settings you require.
9. You'll need to create custom settings to manage settings that are not available in the Windows 10 Team page. On the **Device Settings** page, select the check box **Configure additional settings that are not in the default setting groups**.
10. On the **Additional Settings** page, click **Add**.
11. On the **Browse Settings** dialog, click **Create Setting**.
12. On the **Create Setting** dialog, under the **General** tab, specify a name and optional description for the custom setting.
13. Under **Setting type**, select **OMA URI**.
14. Complete the form to create a new setting, and then click **OK**.
15. On the **Browse Settings** dialog, under **Available settings**, select the new setting you created, and then click **Select**.
16. On the **Create Rule** dialog, complete the form to specify a rule for the setting, and then click **OK**.
17. Repeat Steps 10 to 16 for each custom setting you want to add to the configuration item.
18. Once you're done, on the **Browse Settings** dialog, click **Close**.
19. Complete the wizard. <br> You can view the new configuration item in the **Configuration Items** node of the **Assets and Compliance** workspace.
For more information, see [Create configuration items for Windows 8.1 and Windows 10 devices managed without the System Center Configuration Manager client](https://docs.microsoft.com/en-us/sccm/compliance/deploy-use/create-configuration-items-for-windows-8.1-and-windows-10-devices-managed-without-the-client).
## Related topics
[Manage Microsoft Surface Hub](manage-surface-hub.md)

63
devices/surface-hub/monitor-surface-hub.md
View File

@ -13,58 +13,61 @@ localizationpriority: medium
# Monitor your Microsoft Surface Hub
Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS). The [Operations Management Suite](https://go.microsoft.com/fwlink/?LinkId=718138) is Microsoft's IT management solution that helps you manage and protect your entire IT infrastructure, including your Surface Hubs.
Surface Hub is offered as a Log Analytics solution in OMS, allowing you to collect and view usage and reliability data across all your Surface Hubs. Use the Surface Hub solution to:
- Inventory your Surface Hubs.
- View a snapshot of usage and reliability data for Skype meetings, wired and wireless projection, and apps on your Surface Hubs.
- Create custom alerts to respond quickly if your Surface Hubs report software or hardware issues.
## Add Surface Hub to Operations Management Suite
If you are already using OMS, you'll find Surface Hub solutions in the Solutions Gallery. Select the **Surface Hub** tile in the gallery, and then click **Add** in the solution's details page. If you're not using OMS, you'll need to add Surface Hub to the Solutions Gallery. For more information, see [Get Started with Updgrade Analytics](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-get-started).
**To add Surface Hub to Operations Management Suite**
1. **Sign in to Operations Management Suite (OMS)**. You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
2. **Create a new OMS workspace**. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select Create.
2. **Create a new OMS workspace**. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
3. **Link Azure subscription to your workspace**. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organizations Azure administrator.
> [!NOTE]
> If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
4. **Add Surface Hub solution**. In the Solutions Galler, select the Surface Hub tile in the gallery and then select **Add** on the solutions details page. The solution is now visible on your workspace.
> [!NOTE]
> If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
4. **Add Surface Hub solution**. In the Solutions Gallery, select the **Surface Hub** tile in the gallery and then select **Add** on the solutions details page. The solution is now visible on your workspace.
## Use the Surface Hub dashboard
From the **Overview** page in your OMS workspace, click the Surface Hub tile to see the Surface Hub dashboard. Use the dashboard to get a snapshot of usage and reliability data across your Surface Hubs.
Click into each view on the dashboard to see detailed data, modify the query as desired, export the data to Power BI, and create alerts.
From the **Overview** page in your OMS workspace, click the Surface Hub tile to see the Surface Hub dashboard. Use the dashboard to get a snapshot of usage and reliability data across your Surface Hubs. Click into each view on the dashboard to see detailed data, modify the query as desired, and create alerts.
> [!NOTE]
> Most of these views show data for the past 30 days, but this is subject to your subscription's data retention policy.
**Active Surface Hubs**
Use this view to get an inventory of all your Surface Hubs. Once connected to OMS, each Surface Hub periodically sends a "heartbeat" event to the server. This view shows Surface Hubs that have reported a heartbeat in the past 24 hours.
**Skype meetings**
Use this view to get usage data for Skype over the past 30 days. The graph shows the total number of Skype Meetings started across your Surface Hubs, and a breakdown between scheduled meetings, ad hoc meetings, and PSTN calls.
**Wireless projection**
Use this view to get usage and reliability data for wireless projection over the past 30 days. The graph shows the total number of wireless connections across all your Surface Hubs, which provides an indication whether people in your organization are using this feature. If it's a low number, it may suggest a need to provide training to help people in your organization learn how to wirelessly connect to a Surface Hub.
Also, the graph shows a breakdown of successful and unsuccessful connections. If you see a high number of unsuccessful connections, devices may not properly support wireless projection using Miracast. For best performance,Microsoft suggests that devices run a WDI Wi-Fi driver and a WDDM 2.0 graphics driver. Use the details view to learn if wireless projection problems are common.
Also, the graph shows a breakdown of successful and unsuccessful connections. If you see a high number of unsuccessful connections, devices may not properly support wireless projection using Miracast. For best performance, Microsoft suggests that devices run a WDI Wi-Fi driver and a WDDM 2.0 graphics driver. Use the details view to learn if wireless projection problems are common with particular devices.
When a connection fails, users can also do the following if they are using a Windows laptop or phone:
- Remove the paired device from Settings > Devices > Connected devices, then try to connect again.
- Remove the paired device from **Settings** > **Devices** > **Connected devices**, then try to connect again.
- Reboot the device.
**Wired projection**
Use this view to get usage and reliability data for wired projection over the past 30 days. If the graph shows a high number of unsuccessful connections, it may indicate a connectivity issue in your audio-visual pipeline. For example, if you use a HDMI repeater or a center-of-room control panel, they may need to be restarted.
**Application usage**
Use this view to get usage data for apps on your Surface Hubs over the past 30 days. The data comes from app launches on your Surface Hubs not including Skype for Business. This view helps you understand which Surface Hub apps are the most valuable in your organization. If you are deploying new line-of-business apps in your environment, this can also help you understand how often they are being used.
Use this view to get usage data for apps on your Surface Hubs over the past 30 days. The data comes from app launches on your Surface Hubs, not including Skype for Business. This view helps you understand which Surface Hub apps are the most valuable in your organization. If you are deploying new line-of-business apps in your environment, this can also help you understand how often they are being used.
**Application Crashes**
Use this view to get reliability data for apps on your Surface Hubs over the past 30 days. The data comes from app crashes on your Surface Hubs. This view helps you detect and notify app developers of poorly behaving in-box and line-of-business apps.
**Sample Queries**
Use this to create custom alerts based on a recommended set of queries. Alerts help you respond quickly if your Surface Hubs report software or hardware issues. For more inforamtion, see [Set up alerts using sample queries](#set-up-alerts-with-sample-queries).
## Set up alerts with sample queries
@ -77,36 +80,36 @@ This table describes the sample queries in the Surface Hub solution:
| Alert type | Impact | Recommended remediation | Details |
| ---------- | ------ | ----------------------- | ------- |
| Software | Error | **Reboot the device**. <br> Reboot manually, or using Reboot CSP. <br> Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions: <br> - A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive. <br> - The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the telemetry reporting system. |
| Software | Error | **Check your Exchange service**. <br> Verify: <br> - The service is available <br> - The device account password is up to date see [Password management](password-management-for-surface-hub-device-accounts.md) for details.| Triggers when there's an error syncing the device calendar with Exchange. |
| Software | Error | **Check your Skype for Business service**. <br> Verify: <br> - The service is available <br> - The device account password is up to date see [Password management](password-management-for-surface-hub-device-accounts.md) for details. <br> - The domain name for Skype for Business is properly configured.| Triggers when Skype fails to sign in. |
| Software | Error | **Reset the device**. <br> This takes some time, so you should take the device offline. <br> For more information, see [Device reset](device-reset-surface-hub.md).| Triggers when there is an error cleaning up user and app data at the end of a session. When this operation repeatedly fails, the device is locked to protect user data. You must reset the device to continue. |
| Hardware | Warning | **None**. Indicates negligible impact to functionality.| Triggers when there is an error with any of the following hardware components: <br> - Virtual pen slots <br> - NFC driver <br> - USB hub driver <br> - Bluetooth driver <br> - Proximity sensor <br> - Graphical performance (video card driver) <br> - Mismatched hard drive <br> - No keyboard/mouse detected |
| Hardware | Warning | **Contact Microsoft support**. Indicates impact to core functionality (such as Skype, projection, touch, and internet connectivity). <br> **Note** Some events, including heartbeat, include the devices serial number that you can use when contacting support.| Triggers when there is an error with any of the following hardware components. <br> **Components that affect Skype**: <br> - Speaker driver <br> - Microphone driver <br> - Camera driver <br> **Components that affect wired and wireless projection**: <br> - Wired touchback driver <br> - Wired ingest driver <br> - Wireless adapter driver <br> - Wi-Fi Direct error <br> **Other components**: <br> - Touch digitizer driver <br> - Network adapter error (not reported to OMS)|
| Software | Error | **Reboot the device**. <br> Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx). <br> Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions: <br> - A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive. <br> - The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the telemetry reporting system. |
| Software | Error | **Check your Exchange service**. <br> Verify: <br> - The service is available. <br> - The device account password is up to date see [Password management](password-management-for-surface-hub-device-accounts.md) for details.| Triggers when there's an error syncing the device calendar with Exchange. |
| Software | Error | **Check your Skype for Business service**. <br> Verify: <br> - The service is available. <br> - The device account password is up to date see [Password management](password-management-for-surface-hub-device-accounts.md) for details. <br> - The domain name for Skype for Business is properly configured - see [Configure a domain name](use-fully-qualified-domain-name-surface-hub.md). | Triggers when Skype fails to sign in. |
| Software | Error | **Reset the device**. <br> This takes some time, so you should take the device offline. <br> For more information, see [Device reset](device-reset-surface-hub.md).| Triggers when there is an error cleaning up user and app data at the end of a session. When this operation repeatedly fails, the device is locked to protect user data. You must reset the device to continue. |
| Hardware | Warning | **None**. Indicates negligible impact to functionality.| Triggers when there is an error with any of the following hardware components: <br> - Virtual pen slots <br> - NFC driver <br> - USB hub driver <br> - Bluetooth driver <br> - Proximity sensor <br> - Graphical performance (video card driver) <br> - Mismatched hard drive <br> - No keyboard/mouse detected |
| Hardware | Error | **Contact Microsoft support**. <br> Indicates impact to core functionality (such as Skype, projection, touch, and internet connectivity). <br> **Note** Some events, including heartbeat, include the devices serial number that you can use when contacting support.| Triggers when there is an error with any of the following hardware components. <br> **Components that affect Skype**: <br> - Speaker driver <br> - Microphone driver <br> - Camera driver <br> **Components that affect wired and wireless projection**: <br> - Wired touchback driver <br> - Wired ingest driver <br> - Wireless adapter driver <br> - Wi-Fi Direct error <br> **Other components**: <br> - Touch digitizer driver <br> - Network adapter error (not reported to OMS)|
**To set up an alert**:
**To set up an alert**
1. From the Surface Hub solution, select one of the sample queries.
2. Modify the query as desired. See Log Analytics search reference to learn more.
3. Click **Alert** at the top of the page to open the **Add Alert Rule** screen. See Alerts in Log Analytics for details on the options to configure the alert.
3. Click **Alert** at the top of the page to open the **Add Alert Rule** screen. See [Alerts in Log Analytics](https://azure.microsoft.com/en-us/documentation/articles/log-analytics-alerts/) for details on the options to configure the alert.
4. Click **Save** to complete the alert rule. It will start running immediately.
## Enroll your Surface Hub
For Surface Hub to connect to and register with the OMS service, it must have access to the port number of your domains and the URLs. This table list the ports that OMS needs. For more information, see [Configure proxy and firewall settings in Log Analytics](https://azure.microsoft.com/documentation/articles/log-analytics-proxy-firewall/).
| Agent resource | Ports | Bypass HTTPS insepction? |
| -------------------------- | ----- | ------------------------ |
| *.ods.opinsights.azure.com | 443 | Yes |
| *.oms.opinsights.azure.com | 443 | Yes |
| *.blob.core.windows.net | 443 | Yes |
| ods.systemcenteradvisor.com | 443 | No |
| Agent resource | Ports | Bypass HTTPS inspection? |
| --------------------------- | ----- | ------------------------ |
| *.ods.opinsights.azure.com | 443 | Yes |
| *.oms.opinsights.azure.com | 443 | Yes |
| *.blob.core.windows.net | 443 | Yes |
| ods.systemcenteradvisor.com | 443 | No |
The Microsoft Monitoring Agent, used to connect devicnstall any additional clients to connect Surface Hub to OMS.
The Microsoft Monitoring Agent, used to connect devices to OMS, is integrated with the Surface Hub operating system, so there is no need to install additional clients to connect Surface Hub to OMS.
Once your OMS workspace is set up, there are several ways to enroll your Surface Hub devices:
- [Settings app](#enroll-using-the-settings-app)
- [Provisioning package](#enroll-using-a-provisioning-package)
- [Management solution](#enroll-using-a-management-solution), such as Microsoft Intune and Configuration Manager
- [MDM provider](#enroll-using-a-mdm-provider), such as Microsoft Intune and Configuration Manager
You'll need the workspace ID and primary key of your OMS workspace. You can get these from the OMS portal.
@ -127,7 +130,7 @@ A confirmation dialog will appear telling you whether or not the OMS configurati
### Enroll using a provisioning package
You can use a provisioning package to enroll your Surface Hub. For more infomation, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md).
### Enroll using a management solution
### Enroll using a MDM provider
You can enroll Surface Hub into OMS using the SurfaceHub CSP. Intune and Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. For more information, see [Manage Surface Hub settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md).
## Related topics

10
devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md
View File

@ -43,7 +43,7 @@ You'll create the provisioning package on a PC running Windows 10, save the pack
## Supported items for Surface Hub provisioning packages
Currently, you can add these items to provisioning packages for Surface Hub:
- **Certificates** - You can add certificates, if needed, to support Microsoft Exchange and UWP apps downloaded from the Windows Store for Business.
- **Certificates** - You can add certificates, if needed, to authenticate to Microsoft Exchange.
- **Universal Windows Platform (UWP) apps** - You can install UWP apps. This can be an offline-licensed app from the Windows Store for Business, or an app created by an in-house dev.
- **Policies** - Surface Hub supports a subset of the policies in the [Policy configuration service provider](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). Some of those policies can be configured with ICD.
- **Settings** - You can configure any setting in the [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx).
@ -57,21 +57,21 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
2. Click **Advanced provisioning**.
![ICD start options](images/ICDstart-option.PNG)
![ICD start options](images/ICDstart-option.PNG)
3. Name your project and click **Next**.
4. Select **Common to Windows 10 Team edition**, click **Next**, and then click **Finish**.
![ICD new project](images/icd-new-project.png)
![ICD new project](images/icd-new-project.png)
5. In the project, under **Available customizations**, select **Common Team edition settings**.
![ICD common settings](images/icd-common-settings.png)
![ICD common settings](images/icd-common-settings.png)
### Add a certificate to your package
You can use provisioning packages to install certificates that will allow the device to authenticate to Microsoft Exchange, or to install apps downloaded from the Windows Store.
You can use provisioning packages to install certificates that will allow the device to authenticate to Microsoft Exchange.
> [!NOTE]
> Provisioning packages can only install certificates to the device (local machine) store, and not to the user store. If your organization requires that certificates must be installed to the user store, use Mobile Device Management (MDM) to deploy these certificates. See your MDM solution documentation for details.