mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-12 04:27:23 +00:00
323b29e556
commit d6a8bce79e491a8a245a37a9e20e6a6bec4d325b
Merge: 0ab4e4e1 a7c70ad4
Author: jdeckerMS <jdecker@microsoft.com>
Date: Thu Mar 23 10:35:16 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 0ab4e4e119590e0e8cef691eee2b87180b07c5b3
Author: jdeckerMS <jdecker@microsoft.com>
Date: Thu Mar 23 10:29:48 2017 -0700
Jordan feedback
commit 4454eeadbebb5fccdbfb3b1d07e87d708fefbe87
Merge: 03444e15 ef670cb5
Author: jdeckerMS <jdecker@microsoft.com>
Date: Thu Mar 23 09:26:54 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 03444e15f5b51bd1bdf1e76745f62cbbed3b529d
Merge: 603408f3 660a6984
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 22 11:00:46 2017 -0700
Merge branch 'rs2' into jdrs2sh
commit 603408f38ecd99e6f7fce1f61a4f199918fd67c4
Merge: 6821f22f b96e1555
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 21 13:54:33 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 6821f22f07f1864bb0a5c8eda33f7daf4f9531bc
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 21 13:41:44 2017 -0700
change ICD references
commit 5804bc18db376fba16e8c863f5af8ffdd965359a
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 21 13:39:55 2017 -0700
rename file
commit 9268142c9b881b0e0ad4fc2a0d4dcfddc180a1b3
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 21 13:32:31 2017 -0700
update what's new
commit 503be68ec3a731434ca789df2da1f1c4783fdca7
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 21 13:30:48 2017 -0700
art
commit 93914a2cf2aef9622b172c8ea97a3c1d72544c6a
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 21 13:30:43 2017 -0700
Jordan updates
commit 27b1445ba4149fa78b7ec628870b19933307ba38
Merge: 9578dffe 6f0a1f7f
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 21 08:19:27 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 9578dffee198b0be16992368f571eed81f261818
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Mar 20 09:09:56 2017 -0700
new oobe image
commit 616c10e4e404574ecce7726fc76d7582c56b318e
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Mar 20 08:23:53 2017 -0700
get bulk token warning
commit 5600a6c7b320c4968686c07df90c62d8110764c9
Merge: cf29bb53 4b34636b
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Mar 20 08:22:02 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit cf29bb53ec1c6e45e068219a796b2a5b04347b15
Merge: 695ec39f a5ec4c4d
Author: jdeckerMS <jdecker@microsoft.com>
Date: Fri Mar 17 09:42:51 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 695ec39f81b6da46b442ce8e52c9d9b28d65434a
Author: jdeckerMS <jdecker@microsoft.com>
Date: Thu Mar 16 12:25:06 2017 -0700
delete
# Conflicts:
# devices/surface-hub/TOC.md
# devices/surface-hub/intro-to-surface-hub.md
# devices/surface-hub/surface-hub-administrators-guide.md
commit cc123f7aa0718efaa7cd355df4e3693afb073b9c
Merge: 6b7ddf3e 3c12e864
Author: jdeckerMS <jdecker@microsoft.com>
Date: Thu Mar 16 12:23:40 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 6b7ddf3e498d541c2dbb531dd132e7ec0f45eb9d
Merge: 278d14c4 032c25d4
Author: jdeckerMS <jdecker@microsoft.com>
Date: Thu Mar 16 11:34:53 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 278d14c462fa386e8979c4e998c464f2cdbf6a6c
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 15 10:26:22 2017 -0700
get bulk token
commit 005f12e3939f8134143314e95e6bc9f76db8c3de
Merge: 410e7508 1bff6ddd
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 15 10:25:19 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 410e750850a5037d843fe9d9c64a477d252ff10e
Merge: d2f94c8f 8eed0956
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 13:51:32 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit d2f94c8f9d73868dec86e472fe5ace87b7370ac3
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 13:27:23 2017 -0700
tweak
commit f629b4f1fd27fad24c258a7de903e6c18e85ec8c
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 12:44:21 2017 -0700
fix mdm enrollment
commit 1dd74f9e7e353ba9ce5e71c8797cfa8cd02342a7
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 12:33:24 2017 -0700
add proxy
commit c71e5af71bc866f1a5fe9abefb82b5124fb957fd
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 12:03:09 2017 -0700
add install link
commit 0344deee4c68ae3c81529dc9cb602eec2af0b5c3
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 11:57:43 2017 -0700
stick
commit be7ed51e1fb7b1a578c8e843b56e701bcf90be9d
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 11:56:52 2017 -0700
resize art
commit 857be3cdfca07da3c5dfb470b3a3a3aee290a07c
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 11:55:09 2017 -0700
moved note to correct cell
commit a91ca3943b8c0454549a1c0c5455b919ed46de8c
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 11:52:21 2017 -0700
sync
commit 5bcf3c1db3c97d87ca60bfd4d688b908d4d9e518
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 11:43:25 2017 -0700
fix link
commit de7d60524a2e1ba0d5e1bc1074da9bf887fa6457
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 11:42:46 2017 -0700
add apps to provisioning
commit 67e14be35b30f4bfa45fb79815c25ef2317a171c
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 11:37:27 2017 -0700
sync to switch branches
commit c6b9d8dae5d29f441ea262323baaad5e41b2bc9f
Merge: 3260248b 4b13310a
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Mar 14 08:35:04 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 3260248b8a0511c081a5547419109f9380ea9b26
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Mar 13 08:56:25 2017 -0700
fix table for non-IE browsers
# Conflicts:
# windows/whats-new/images/wcd-options.png
commit a3ece5c8d4a6c37645f4aa5b39b582be855b98b9
Merge: 4ed80574 759b4a41
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Mar 13 08:53:34 2017 -0700
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 4ed80574020c1291ba4e853553330a7b84f21657
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 12:00:27 2017 -0800
fix typo
commit 7541a4507508822dcd51da773536b89a5a49f305
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 11:53:38 2017 -0800
fix table
commit 37254f098396342dd23115ea10885f121f5b9371
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 11:51:48 2017 -0800
resize art
commit a936a6c4768729fec66775528a31c64132fa4f8e
Merge: a217a9ae 9786c53a
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 11:50:43 2017 -0800
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit a217a9ae8e48af3b533eb421a716b5a580daecba
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 11:45:55 2017 -0800
sync
commit f09e8ae9e87db16b7ee6982864a1c4c2fc8ebcdc
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 11:39:34 2017 -0800
add image to index
commit 80a133370000b2b7ff8c9e1383aca7eb1769258a
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 11:30:34 2017 -0800
fix link
commit d8aa55211a62fecf56e6404146917b8e84b3c296
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 11:25:33 2017 -0800
tweak TOC, get rid of intro
commit 6415e3739e13f47f2d3a6355066015d0bcd4cc7a
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 11:16:33 2017 -0800
remove admin guide level from toc
commit 0d016720488e8aa1e3e0621b50596a66db8d232f
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 07:53:03 2017 -0800
release in change history
commit 67a8f585dd788db1a18247827b1f9d22378d5b9f
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 07:50:20 2017 -0800
add what's new
commit be5e195fc41d9ce94cd1b6189f0da25e9e50b9f2
Merge: e3e75663 8e80f0e1
Author: jdeckerMS <jdecker@microsoft.com>
Date: Wed Mar 8 07:40:34 2017 -0800
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit e3e756632b462d8a110b0538782bc22487e96d4b
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Feb 28 13:46:55 2017 -0800
end session
# Conflicts:
# windows/configure/windows-10-start-layout-options-and-policies.md
commit 0a9b86a2f6b69e5883fcdab48bb22f19cf1e6c32
Merge: 13e94977 4530d39f
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Feb 28 13:42:38 2017 -0800
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 13e9497711b34daab936735edcfa87f13c89d006
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Feb 27 11:29:01 2017 -0800
resize art
commit 17d830dfde1174c95cb2bde7018fa1c85b8dcacc
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Feb 27 10:59:56 2017 -0800
delete file from images
commit 395946c6c9b54516461e79a232525e965632686d
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Feb 27 10:50:39 2017 -0800
fix link
commit c328942818f6e4b5d2bd2062724a90687b85926e
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Feb 27 10:40:29 2017 -0800
set up wizard table
commit 942af3c56e6e6f7736e1ea03d6801633237a9311
Merge: 6ce5c31d 819ba842
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Feb 27 10:03:16 2017 -0800
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 6ce5c31d127662010841791aa6498cd1606ed31e
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Feb 27 09:55:32 2017 -0800
change branches
commit a3c28ae9e83bde3c97dd2d9232ad430e08ae972b
Merge: b794a681 0a914cf9
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Feb 27 08:31:41 2017 -0800
Merge remote-tracking branch 'refs/remotes/origin/jdrs2icd' into jdrs2sh
commit b794a6819b1a3ad9deb834986a184f6b488497fa
Merge: af38dabf 2d1267b5
Author: jdeckerMS <jdecker@microsoft.com>
Date: Mon Feb 27 07:37:48 2017 -0800
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit af38dabf79f6b51971fbf3891d72be73f0f9035a
Author: jdeckerMS <jdecker@microsoft.com>
Date: Fri Feb 24 11:25:09 2017 -0800
changed all to End Session
# Conflicts:
# devices/surface-hub/index.md
commit 4e124566f0a01017232d6c2c6be95db15abf5db3
Merge: d07431ae 4b1663d8
Author: jdeckerMS <jdecker@microsoft.com>
Date: Fri Feb 24 11:18:06 2017 -0800
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit d07431ae706af0af4c6c44909c4e08b16b904ccc
Merge: 237cb29c 8bfa038e
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Feb 14 13:48:31 2017 -0800
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
commit 237cb29ce337e73ab6d707c1c06eaa89f5b49f3b
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Feb 7 15:06:27 2017 -0800
undo all
commit 5461ccb226a5ee079f07c59d719c52f3fefe2343
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Feb 7 07:53:02 2017 -0800
sync
commit 1e56393ac1a33ff3d1b5eb2183e1ece4e776a9a6
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Feb 7 07:41:45 2017 -0800
sync
commit 25ad8424a8f0dff551367cebedad18563e9d1081
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Feb 7 07:32:18 2017 -0800
iframe
commit 114cccfb75b3f27f46b67b5577d05a5de55662c1
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Feb 7 07:22:49 2017 -0800
try span
commit 03c4b1bb5aad5871b6808c2b7c48e0e71b6c10c7
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Feb 7 07:10:29 2017 -0800
remove test
commit 8a55ced11b6e8d4117d940ec73e2b045a0d7cf24
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Feb 7 06:59:19 2017 -0800
test compass video
commit f4ae742993fa9892f4d7c411fa87683697849cf7
Merge: dd9a3df0 94b855cd
Author: jdeckerMS <jdecker@microsoft.com>
Date: Tue Feb 7 06:55:10 2017 -0800
Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2sh
6.2 KiB
6.2 KiB
title, description, ms.assetid, keywords, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, author, localizationpriority
| title | description | ms.assetid | keywords | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | author | localizationpriority |
|---|---|---|---|---|---|---|---|---|---|
| Admin group management (Surface Hub) | Every Microsoft Surface Hub can be configured individually by opening the Settings app on the device. | FA67209E-B355-4333-B903-482C4A3BDCCE | admin group management, Settings app, configure Surface Hub | w10 | manage | library | surfacehub, security | jdeckerMS | medium |
Admin group management (Surface Hub)
Every Surface Hub can be configured locally using the Settings app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app.
Admin Group Management
You can set up administrator accounts for the device in one of three ways:
- Create a local admin account
- Domain join the device to Active Directory (AD)
- Azure Active Directory (Azure AD) join the device
Create a local admin account
To create a local admin, choose to use a local admin during first run. This will create a single local admin account on the Surface Hub with the username and password of your choice. Use these credentials to open the Settings app.
Note that the local admin account information is not backed by any directory service. We recommend you only choose a local admin if the device does not have access to Active Directory (AD) or Azure Active Directory (Azure AD). If you decide to change the local admin’s password, you can do so in Settings. However, if you want to change from using the local admin account to using a group from your domain or Azure AD tenant, then you’ll need to reset the device and go through the first-time program again.
Domain join the device to Active Directory (AD)
You can domain join the Surface Hub to your AD domain to allow users from a specified security group to configure settings. During first run, choose to use Active Directory Domain Services. You'll need to provide credentials that are capable of joining the domain of your choice, and the name of an existing security group. Anyone who is a member of that security group can enter their credentials and unlock Settings.
What happens when you domain join your Surface Hub?
Surface Hubs use domain join to:
- Grant admin rights to members of a specified security group in AD.
- Backup the device's BitLocker recovery key by storing it under the computer object in AD. See Save your BitLocker key for details.
- Synchronize the system clock with the domain controller for encrypted communication
Surface Hub does not support applying group policies or certificates from the domain controller.
Note
If your Surface Hub loses trust with the domain (for example, if you remove the Surface Hub from the domain after it is domain joined), you won't be able to authenticate into the device and open up Settings. If you decide to remove the trust relationship of the Surface Hub with your domain, reset the device first.
Azure Active Directory (Azure AD) join the device
You can Azure AD join the Surface Hub to allow IT pros from your Azure AD tenant to configure settings. During first run, choose to use Microsoft Azure Active Directory. You will need to provide credentials that are capable of joining the Azure AD tenant of your choice. After you successfully Azure AD join, the appropriate people will be granted admin rights on the device.
By default, all global administrators will be given admin rights on an Azure AD joined Surface Hub. With Azure AD Premium or Enterprise Mobility Suite (EMS), you can add additional administrators:
- In the Azure classic portal, click Active Directory, and then click the name of your organization's directory.
- On the Configure page, under Devices > Additional administrators on Azure AD joined devices, click Selected.
- Click Add, and select the users you want to add as administrators on your Surface Hub and other Azure AD joined devices.
- When you have finished, click the checkmark button to save your change.
What happens when you Azure AD join your Surface Hub?
Surface Hubs use Azure AD join to:
- Grant admin rights to the appropriate users in your Azure AD tenant.
- Backup the device's BitLocker recovery key by storing it under the account that was used to Azure AD join the device. See Save your BitLocker key for details.
Important
Surface Hub does not currently support automatic enrollment to Microsoft Intune through Azure AD join. If your organization automatically enrolls Azure AD joined devices into Intune, you must disable this policy for Surface Hub before joining the device to Azure AD.
Which should I choose?
If your organization is using AD or Azure AD, we recommend you either domain join or Azure AD join, primarily for security reasons. People will be able to authenticate and unlock Settings with their own credentials, and can be moved in or out of the security groups associated with your domain.
| Option | Requirements | Which credentials can be used to access the Settings app? |
|---|---|---|
| Create a local admin account | None | The user name and password specified during first run |
| Domain join to Active Directory (AD) | Your organization uses AD | Any AD user from a specific security group in your domain |
| Azure Active Directory (Azure AD) join the device | Your organization uses Azure AD Basic | Global administrators only |
| Your organization uses Azure AD Premium or Enterprise Mobility Suite (EMS) | Global administrators and additional administrators |