Configure Your Network for HoloLens

This portion of the document will require the following people:

  1. Network Admin with permissions to make changes to the proxy/firewall
  2. Azure Active Directory Admin
  3. Mobile Device Manager Admin

Infrastructure Requirements

HoloLens is, at its core, a Windows mobile device integrated with Azure. It works best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services.

Critical cloud services include:

  • Azure active directory (AAD)
  • Windows Update (WU)

Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure to manage HoloLens devices at scale. This guide uses Microsoft Intune as an example, though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2.

HoloLens does support a limited set of cloud disconnected experiences.

Wireless network EAP support

  • PEAP-MS-CHAPv2
  • PEAP-TLS
  • TLS
  • TTLS-CHAP
  • TTLS-CHAPv2
  • TTLS-MS-CHAPv2
  • TTLS-PAP
  • TTLS-TLS

HoloLens Specific Network Requirements

Make sure that this list of endpoints are allowed on your network firewall. This will enable HoloLens to function properly.

Remote Assist Specific Network Requirements

  1. The recommended bandwidth for optimal performance of Remote Assist is 1.5Mbps. Detailed network requirements and additional information can be found here. (Please note, if you don't network have network speeds of at least 1.5Mbps, Remote Assist will still work. However, quality may suffer).
  2. Make sure that these ports and URLs are allowed on your network firewall. This will enable Microsoft Teams to function. The latest list can be found here.

Guides Specific Network Requirements

Guides only require network access to download and use the app.

Azure Active Directory Guidance

Note

This step is only necessary if your company plans on managing the HoloLens.

  1. Ensure that you have an Azure AD License. Please HoloLens Licenses Requirements for additional information.

  2. If you plan on using Auto Enrollment, you will have to Configure Azure AD enrollment.

  3. Ensure that your company's users are in Azure Active Directory (Azure AD). Instructions for adding users can be found here.

  4. We suggest that users who need similar licenses are added to the same group.

    1. Create a Group
    2. Add users to groups
  5. Ensure that your company's users (or group of users) are assigned the necessary licenses. Directions for assigning licenses can be found here.

  6. Only do this step if users are expected to enroll their HoloLens/Mobile device into you (There are three options) These steps ensure that your company's users (or a group of users) can add devices.

    1. Option 1: Give all users permission to join devices to Azure AD. Sign in to the Azure portal as an administrator > Azure Active Directory > Devices > Device Settings > Set Users may join devices to Azure AD to All

    2. Option 2: Give selected users/groups permission to join devices to Azure AD Sign in to the Azure portal as an administrator > Azure Active Directory > Devices > Device Settings > Set Users may join devices to Azure AD to Selected Image that shows Configuration of Azure AD Joined Devices

    3. Option 3: You can block all users from joining their devices to the domain. This means that all devices will need to be manually enrolled.

Mobile Device Manager Guidance

Ongoing device management

Note

This step is only necessary if your company plans to manage the HoloLens.

Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely.

  1. CSPs (Configuration Service Providers) allows you to create and deploy management settings for the devices on your network. A list of CSPs for HoloLens can be found here.

  2. Compliance policies are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are non-compliant. For example, you can create a policy that requires Bitlocker be enabled.

  3. Create Compliance Policy.

  4. Conditional Access allows/denies mobile devices and mobile applications from accessing company resources. Two documents you may find helpful are Plan your CA Deployment and Best Practices.

  5. This article talks about Intune's management tools for HoloLens.

  6. Create a device profile

Manage updates

Intune includes a feature called Update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed.

For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update.

Read more about configuring update rings with Intune.

Application management

Manage HoloLens applications through:

  1. Microsoft Store
    The Microsoft Store is the best way to distribute and consume applications on HoloLens. There is a great set of core HoloLens applications already available in the store or you can publish your own.
    All applications in the store are available publicly to everyone, but if it isn't acceptable, checkout the Microsoft Store for Business.

  2. Microsoft Store for Business
    Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It also lets you deploy apps that are specific to your commercial environment but not to the world.

  3. Application deployment and management via Intune or another mobile device management solution
    Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for Intune app install.

  4. not recommended Device Portal
    Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use the device portal.

Read more about installing apps on HoloLens.

Certificates

You can distribute certificates through your MDM provider. If your company requires certificates, Intune supports PKCS, PFX, and SCEP. It is important to understand which certificate is right for your company. Please visit here to determine which cert is best for you. If you plan to use certificates for HoloLens Authentication, PFX or SCEP may be right for you.

Steps for SCEP can be found here.

How to Upgrade to Holographics for Business Commercial Suite

Note

Windows Holographics for Business (commercial suite) is only intended for HoloLens 1st gen devices. The profile will not be applied to HoloLens 2 devices.

Directions for upgrading to the commercial suite can be found here.

How to Configure Kiosk Mode Using Microsoft Intune

  1. Sync Microsoft Store to Intune (Here).

  2. Check your app settings

    1. Log into your Microsoft Store Business account
    2. Manage > Products and Services > Apps and Software > Select the app you want to sync > Private Store Availability > Select "Everyone" or "Specific Groups"

      Note

      If you don't see the app you want, you will have to "get" the app by searching the store for your app. Click the "Search" bar in the upper right-hand corner > type in the name of the app > click on the app > select "Get".

    3. If you do not see your apps in Intune > Client Apps > Apps , you may have to sync your apps again.
  3. Create a device profile for Kiosk mode

Note

You can configure different users to have different Kiosk Mode experiences by using "Azure AD" as the "User logon type". However, this option is only available in Multi-App kiosk mode. Multi-App kiosk mode will work with only one app as well as multiple apps.

Image that shows Configuration of Kiosk Mode in Intune

For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, additional directions can be found here

Certificates and Authentication

Certificates can be deployed via you MDM (see "certificates" in the MDM Section). Certificates can also be deployed to the HoloLens through package provisioning. Please see HoloLens Provisioning for additional information.

  1. Create Profiles: Profiles allow you to add and configure settings that will be pushed to the devices in your organization.