Configure Your Network for HoloLens
This portion of the document will require the following people:
- Network Admin with permissions to make changes to the proxy/firewall
- Azure Active Directory Admin
- Mobile Device Manager Admin
HoloLens is, at its core, a Windows mobile device integrated with Azure. It works best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services.
Critical cloud services include:
- Azure active directory (AAD)
- Windows Update (WU)
Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure to manage HoloLens devices at scale. This guide uses Microsoft Intune as an example, though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2.
HoloLens does support a limited set of cloud disconnected experiences.
Wireless network EAP support
HoloLens Specific Network Requirements
Make sure that this list of endpoints are allowed on your network firewall. This will enable HoloLens to function properly.
Remote Assist Specific Network Requirements
- The recommended bandwidth for optimal performance of Remote Assist is 1.5Mbps. Detailed network requirements and additional information can be found here. (Please note, if you don't network have network speeds of at least 1.5Mbps, Remote Assist will still work. However, quality may suffer).
- Make sure that these ports and URLs are allowed on your network firewall. This will enable Microsoft Teams to function. The latest list can be found here.
- Learn more about the specific Network Requirements for Remote Assist.
- Learn more about how to prepare your organization's network for Microsoft Teams
Guides Specific Network Requirements
Guides only require network access to download and use the app.
Azure Active Directory Guidance
This step is only necessary if your company plans on managing the HoloLens.
Ensure that you have an Azure AD License. Please HoloLens Licenses Requirements for additional information.
If you plan on using Auto Enrollment, you will have to Configure Azure AD enrollment.
Ensure that your company's users are in Azure Active Directory (Azure AD). Instructions for adding users can be found here.
We suggest that users who need similar licenses are added to the same group.
Ensure that your company's users (or group of users) are assigned the necessary licenses. Directions for assigning licenses can be found here.
Only do this step if users are expected to enroll their HoloLens/Mobile device into you (There are three options) These steps ensure that your company's users (or a group of users) can add devices.
Option 1: Give all users permission to join devices to Azure AD. Sign in to the Azure portal as an administrator > Azure Active Directory > Devices > Device Settings > Set Users may join devices to Azure AD to All
Option 2: Give selected users/groups permission to join devices to Azure AD Sign in to the Azure portal as an administrator > Azure Active Directory > Devices > Device Settings > Set Users may join devices to Azure AD to Selected
Option 3: You can block all users from joining their devices to the domain. This means that all devices will need to be manually enrolled.
Mobile Device Manager Guidance
Ongoing device management
This step is only necessary if your company plans to manage the HoloLens.
Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely.
Compliance policies are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are non-compliant. For example, you can create a policy that requires Bitlocker be enabled.
This article talks about Intune's management tools for HoloLens.
Intune includes a feature called Update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed.
For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update.
Read more about configuring update rings with Intune.
Manage HoloLens applications through:
The Microsoft Store is the best way to distribute and consume applications on HoloLens. There is a great set of core HoloLens applications already available in the store or you can publish your own.
All applications in the store are available publicly to everyone, but if it isn't acceptable, checkout the Microsoft Store for Business.
Microsoft Store for Business
Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It also lets you deploy apps that are specific to your commercial environment but not to the world.
Application deployment and management via Intune or another mobile device management solution
Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for Intune app install.
not recommended Device Portal
Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use the device portal.
Read more about installing apps on HoloLens.
You can distribute certificates through your MDM provider. If your company requires certificates, Intune supports PKCS, PFX, and SCEP. It is important to understand which certificate is right for your company. Please visit here to determine which cert is best for you. If you plan to use certificates for HoloLens Authentication, PFX or SCEP may be right for you.
Steps for SCEP can be found here.
How to Upgrade to Holographics for Business Commercial Suite
Windows Holographics for Business (commercial suite) is only intended for HoloLens 1st gen devices. The profile will not be applied to HoloLens 2 devices.
Directions for upgrading to the commercial suite can be found here.
How to Configure Kiosk Mode Using Microsoft Intune
Sync Microsoft Store to Intune (Here).
Check your app settings
- Log into your Microsoft Store Business account
- Manage > Products and Services > Apps and Software > Select the app you want to sync > Private Store Availability > Select "Everyone" or "Specific Groups"
If you don't see the app you want, you will have to "get" the app by searching the store for your app. Click the "Search" bar in the upper right-hand corner > type in the name of the app > click on the app > select "Get".
- If you do not see your apps in Intune > Client Apps > Apps , you may have to sync your apps again.
You can configure different users to have different Kiosk Mode experiences by using "Azure AD" as the "User logon type". However, this option is only available in Multi-App kiosk mode. Multi-App kiosk mode will work with only one app as well as multiple apps.
For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, additional directions can be found here
Certificates and Authentication
Certificates can be deployed via you MDM (see "certificates" in the MDM Section). Certificates can also be deployed to the HoloLens through package provisioning. Please see HoloLens Provisioning for additional information.
Additional Intune Quick Links
- Create Profiles: Profiles allow you to add and configure settings that will be pushed to the devices in your organization.