6.9 KiB
title, description, ms.assetid, keywords, ms.prod, ms.sitesec, author, ms.author, ms.topic, ms.date, ms.localizationpriority
| title | description | ms.assetid | keywords | ms.prod | ms.sitesec | author | ms.author | ms.topic | ms.date | ms.localizationpriority |
|---|---|---|---|---|---|---|---|---|---|---|
| Online deployment with Office 365 (Surface Hub) | This topic has instructions for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment. | D325CA68-A03F-43DF-8520-EACF7C3EDEC1 | device account for Surface Hub, online deployment | surface-hub | library | jdeckerms | jdecker | article | 02/21/2018 | medium |
Online deployment with Office 365 (Surface Hub)
This topic has instructions for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment.
If you have a pure, online (O365) deployment, then you can use the provided PowerShell scripts to create device accounts.
-
Start a remote PowerShell session on a PC and connect to Exchange.
Be sure you have the right permissions set to run the associated cmdlets.
Set-ExecutionPolicy RemoteSigned $org='contoso.microsoft.com' $cred=Get-Credential admin@$org $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection Import-PSSession $sess -
After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
If you're changing an existing resource mailbox:
Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)If you’re creating a new resource mailbox:
New-Mailbox -MicrosoftOnlineServicesID HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force) -
After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the PasswordEnabled property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
$easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false -AllowNonProvisionableDevices $TrueOnce you have a compatible policy, then you will need to apply the policy to the device account.
Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.Id -
Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the Exchange properties section.
Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!" -
Connect to Azure AD.
You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
Install-Module -Name AzureADYou need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
Import-Module AzureAD Connect-AzureAD -Credential $cred -
If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See Password management for more information.
Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration" -
Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the prerequisites for Skype for Business online.
Next, you can use
Get-AzureADSubscribedSkuto retrieve a list of available SKUs for your O365 tenant.Once you list out the SKUs, you'll need to assign the SkuId you want to the
$License.SkuIdvariable.Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US" Get-AzureADSubscribedSku | Select Sku*,*Units $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense $License.SkuId = SkuId You selected $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses $AssignedLicenses.AddLicenses = $License $AssignedLicenses.RemoveLicenses = @() Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses -
Enable the device account with Skype for Business. If the Skype for Business PowerShell module is not installed, download the Skype for Business Online Windows PowerShell Module.
-
Start by creating a remote PowerShell session from a PC.
Import-Module SkypeOnlineConnector $cssess=New-CsOnlineSession -Credential $cred Import-PSSession $cssess -AllowClobber
-
-
Next, if you aren't sure what value to use for the
RegistrarPoolparameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, alice@contoso.com):(Get-CsTenant).TenantPoolExtensionOR by setting a variable
$strRegistrarPool = (Get-CsTenant).TenantPoolExtension $strRegistrarPool = $strRegistrarPool[0].Substring($strRegistrarPool[0].IndexOf(':') + 1)
- Enable the Surface Hub account with the following cmdlet:
```PowerShell
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool yourRegistrarPool -SipAddressType EmailAddress
```
OR using the $strRegistarPool variable from above
```PowerShell
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool $strRegistrarPool -SipAddressType EmailAddress
```
For validation, you should be able to use any Skype for Business client (PC, Android, etc) to sign in to this account.