Deploy HoloLens in a commercial environment

You can deploy and configure HoloLens at scale in a commercial setting.

This article includes:

  • Infrastructure requirements and recommendations for HoloLens management
  • Tools for provisioning HoloLens
  • Instructions for remote device management
  • Options for application deployment

This guide assumes basic familiarity with HoloLens. Follow the get started guide to set up HoloLens for the first time.

Infrastructure for managing HoloLens

HoloLens is, at its core, a Windows mobile device integrated with Azure. It works best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services.

Critical cloud services include:

  • Azure active directory (AAD)
  • Windows Update (WU)

Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure to manage HoloLens devices at scale. This guide uses Microsoft Intune as an example, though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2.

HoloLens does support a limited set of cloud disconnected experiences.

Initial set up at scale

The HoloLens out of box experience is great for setting up one or two devices or for experiencing HoloLens for the first time. If you're provisioning many HoloLens devices, however, selecting your language and settings manually for each device gets tedious and limits scale.

This section:

  • Introduces Windows provisioning using provisioning packages
  • Walks through applying a provisioning package during first setup

Create and apply a provisioning package

The best way to configure many new HoloLens device is with Windows provisioning. You can use it to specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in minutes.

A provisioning package (.ppkg) is a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device.

Upgrade to Windows Holographic for Business

  • HoloLens Enterprise license XML file

Some of the HoloLens configurations you can apply in a provisioning package:

  • Apply certificates to the device
  • Set up a Wi-Fi connection
  • Pre-configure out of box questions like language and locale
  • (HoloLens 2) bulk enroll in mobile device management
  • (HoloLens v1) Apply key to enable Windows Holographic for Business

Follow this guide to create and apply a provisioning package to HoloLens.

Set up user identity and enroll in device management

The last step in setting up HoloLens for management at scale is to enroll devices with mobile device management infrastructure. There are several ways to enroll:

  1. Bulk enrollment with a security token in a provisioning package.
    Pros: this is the most automated approach
    Cons: takes initial server-side setup
  2. Auto-enroll on user sign in.
    Pros: easiest approach
    Cons: users will need to complete set up after the provisioning package has been applied
  3. not recommended - Manually enroll post-setup.
    Pros: possible to enroll after set up
    Cons: most manual approach and devices aren't centrally manageable until they're manually enrolled.

Learn more about MDM enrollment here.

Ongoing device management

Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely.

This article outlines policies and capabilities HoloLens supports.

This article talks about Intune's management tools for HoloLens.

Push compliance policy via Intune

Compliance policies are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are non-compliant.

For example, you can create a policy that requires Bitlocker be enabled.

Create compliance policies with Intune.

Manage updates

Intune includes a feature called Update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed.

For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update.

Read more about configuring update rings with Intune.

Application management

Manage HoloLens applications through:

  1. Microsoft Store
    The Microsoft Store is the best way to distribute and consume applications on HoloLens. There is a great set of core HoloLens applications already available in the store or you can publish your own.
    All applications in the store are available publicly to everyone, but if it isn't acceptable, checkout the Microsoft Store for Business.

  2. Microsoft Store for Business
    Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It also lets you deploy apps that are specific to your commercial environment but not to the world.

  3. Application deployment and management via Intune or another mobile device management solution
    Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for Intune app install.

  4. not recommended Device Portal
    Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use the device portal.

Read more about installing apps on HoloLens.

Get support

Get support through the Microsoft support site.

File a support request.

Technical Reference

Wireless network EAP support

  • PEAP-MS-CHAPv2
  • PEAP-TLS
  • TLS
  • TTLS-CHAP
  • TTLS-CHAPv2
  • TTLS-MS-CHAPv2
  • TTLS-PAP
  • TTLS-TLS