6.1 KiB
title, description, ms.reviewer, manager, keyboards, ms.prod, ms.mktglfcycl, ms.sitesec, ms.localizationpriority, author, ms.author, ms.topic
| title | description | ms.reviewer | manager | keyboards | ms.prod | ms.mktglfcycl | ms.sitesec | ms.localizationpriority | author | ms.author | ms.topic | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Enable or block Windows Mixed Reality apps in the enterprise (Windows 10/11) | Learn how to enable Windows Mixed Reality apps in WSUS or block the Windows Mixed Reality portal in enterprises. | dansimp |
|
w10 | manage | library | medium | greg-lindsay | greglin | article |
Enable or block Windows Mixed Reality apps in enterprises
[!INCLUDE Applies to Windows client versions]
Windows Mixed Reality was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a Windows Feature on Demand (FOD). Features on Demand are Windows feature packages that can be added at any time. When a Windows client needs a new feature, it can request the feature package from Windows Update.
Organizations that use Windows Server Update Services (WSUS) must take action to enable Windows Mixed Reality. Any organization that wants to prohibit use of Windows Mixed Reality can block the installation of the Mixed Reality Portal.
Enable Windows Mixed Reality in WSUS
-
Check your version of Windows.
Note
You must be on at least Windows 10, version 1709, to run Windows Mixed Reality.
-
Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
-
Download the FOD .cab file:
- Windows 11, version 21H2
- Windows 10, version 2004
- Windows 10, version 1903 and 1909
- Windows 10, version 1809
- Windows 10, version 1803
- Windows 10, version 1709
Note
You must download the FOD .cab file that matches your operating system version.
-
Use
Dismto add Windows Mixed Reality FOD to the image.Dism /Online /Add-Package /PackagePath:(path)Note
On Windows 10 and 11, you must rename the FOD .CAB file to: Microsoft-Windows-Holographic-Desktop-FOD-Package
31bf3856ad364e35amd64~~.cab -
In Settings > Update & Security > Windows Update, select Check for updates.
-
IT admins can also create Side by side feature store (shared folder) to allow access to the Windows Mixed Reality FOD.
Block the Mixed Reality Portal
You can use the AppLocker configuration service provider (CSP) to block the Mixed Reality software.
In the following example, the Id can be any generated GUID and the Name can be any name you choose. Note that BinaryName="*" allows you to block any app executable in the Mixed Reality Portal package. Binary/VersionRange, as shown in the example, will block all versions of the Mixed Reality Portal app.
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
<Type xmlns="syncml:metinf">text/plain</Type>
</Meta>
<Data>
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>>
</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>