Windows Autopilot for HoloLens 2
When you set up HoloLens 2 devices for the Windows Autopilot program, your users can follow a simple process to provision the devices from the cloud.
This Autopilot program supports Autopilot self-deploying mode to provision HoloLens 2 devices as shared devices under your tenant. Self-deploying mode leverages the device's preinstalled OEM image and drivers during the provisioning process. A user can provision the device without putting the device on and going through the Out-of-the-box Experience (OOBE). To learn more about Windows Autopilot for Windows 10 click here.
When a user starts the Autopilot self-deploying process, the process completes the following steps:
- Join the device to Azure Active Directory (Azure AD).
Autopilot for HoloLens does not support Active Directory join or Hybrid Azure AD join.
- Use Azure AD to enroll the device in Microsoft Intune (or another MDM service).
- Download the device-targeted policies, user-targeted apps, certificates, and networking profiles.
- Provision the device.
- Present the sign-in screen to the user.
Windows Autopilot for HoloLens 2 Private Preview
Please follow the steps below to set up your environment for the private preview:
- Make sure that you meet the requirements for Windows Autopilot for HoloLens 2
- Enroll in the Windows Autopilot for HoloLens 2 private preview program
- Verify that your tenant is flighted (enrolled to participate in the program)
- Register your devices in Windows Autopilot
- Create a device group
- Create a deployment profile
- Verify the ESP configuration
- Configure a custom configuration profile for HoloLens devices (known issue)
- Verify the profile status of the HoloLens devices
1. Make sure that you meet the requirements for Windows Autopilot for HoloLens 2
Review the following sections of the Windows Autopilot requirements article:
Review the "Requirements" section of the Windows Autopilot Self-Deploying mode article. Your environment has to meet these requirements as well as the standard Windows Autopilot requirements. You do not have to review the "Step by step" and "Validation" sections of the article. The procedures later in this article provide corresponding steps that are specific to HoloLens. For information about how to register devices and configure profiles, see 4. Register devices in Windows Autopilot and 6. Create a deployment profile in this article. These sections provide steps that are specific to HoloLens.
Unlike other Windows Autopilot programs, Windows Autopilot for HoloLens 2 has specific operating system requirements. Autopilot relies on Windows Holographic version 2004 (build 19041.1103 or later) being pre-installed on HoloLens devices. Devices delivered until late August 2020 have Windows Holographic version 1903 pre-installed. Please contact your distributor to learn about when Autopilot-ready devices can be shipped to you. If you wish to participate to the private preview, please review instructions and requirements below.
If you wish to try the Autopilot preview, before you start the OOBE and provisioning process, make sure that the HoloLens devices meet the following requirements:
- You must manually install the latest OS (Windows Holographic version 2004 (build 19041.1103 or later) using the Advanced Recovery Companion (ARC). You can find instructions here.
- Your devices must be registered in Windows Autopilot. For information about how to register devices see 4. Register devices in Windows Autopilot.
- In the current release, devices need to be connected to the internet before turning on the HoloLens and initiating the Autopilot provisioning process. Connect your device to Ethernet using a "USB-C to Ethernet" adapter for wired internet connectivity.
- The devices are not already members of Azure AD, and are not enrolled in Intune (or another MDM system). The Autopilot self-deploying process completes these steps. To make sure that all the device-related information is cleaned up, check the Devices pages in both Azure AD and Intune Portals.
- To configure and manage the Autopilot self-deploying mode profiles, make sure that you have access to Microsoft Endpoint Manager admin center.
2. Enroll in the Windows Autopilot for HoloLens 2 program
To participate in the program, you must have your tenant enrolled to the Private Preview program to get the HoloLens-specific Intune UI controls for Autopilot. To do this, go to Windows Autopilot for HoloLens Private Preview request or use the following QR code to submit a request.
In this request, provide the following information:
- Tenant domain
- Tenant ID
- Number of HoloLens 2 devices that are participating in this evaluation
- Number of HoloLens 2 devices that you plan to deploy by using Autopilot self-deploying mode
3. Verify that your tenant is flighted
To verify that your tenant is flighted for the Autopilot program after you submit your request, follow these steps:
Sign in to Microsoft Endpoint Manager admin center.
Select Devices > Windows > Windows enrollment > Windows Autopilot deployment profiles > Create profile.
You should see a list that includes HoloLens. If this option is not present, use one of the Feedback options to contact us.
4. Register devices in Windows Autopilot
In the preparation phase, there are two primary ways you can register devices to Windows Autopilot:
- Contact your distributor or reseller when you place an order to have your devices registered or
- Retrieve the hardware hash (also known as the hardware ID) and register the device manually.
For more information on device registration please review the Adding devices to Autopilot documentation.
Retrieve a device hardware hash
The device can record its hardware hash in a CSV file during the OOBE process, or later when a device owner starts the diagnostic log collection process (described in the following procedure). Typically, the device owner is the first user to sign in to the device.
Start the HoloLens 2 device.
On the device, press the Power and Volume Down buttons at the same time and then release them. The device collects diagnostic logs and the hardware hash, and stores them in a set of .zip files.
Use a USB-C cable to connect the device to a computer.
On the computer, open File Explorer. Open This PC\<HoloLens device name>\Internal Storage\Documents, and locate the AutopilotDiagnostics.zip file.
The .zip file may not immediately be available. If the file is not ready yet you may see a HoloLensDiagnostics.temp file in the Documents folder. To update the list of files, refresh the window.
Extract the contents of the AutopilotDiagnostics.zip file.
In the extracted files, locate the CSV file that has a file name prefix of "DeviceHash." Copy that file to a drive on the computer where you can access it later.
The data in the CSV file should use the following header and line format:
Device Serial Number,Windows Product ID,Hardware Hash,Group Tag,Assigned User <serialNumber>,<ProductID>,<hardwareHash>,<optionalGroupTag>,<optionalAssignedUser>
Register the device in Windows Autopilot
In Microsoft Endpoint Manager Admin Center, select Devices > Windows > Windows enrollment, and then select Devices > Import under Windows Autopilot Deployment Program.
Under Add Windows Autopilot devices, select the DeviceHash CSV file, select Open, and then select Import.
After the import finishes, select Devices > Windows > Windows enrollment > Devices > Sync. The process might take a few minutes to complete, depending on how many devices are being synchronized. To see the registered device, select Refresh.
5. Create a device group
In Microsoft Endpoint Manager admin center, select Groups > New group.
For Group type, select Security, and then enter a group name and description.
For Membership type, select either Assigned or Dynamic Device.
Do one of the following:
If you selected Assigned for Membership type in the previous step, select Members, and then add Autopilot devices to the group. Autopilot devices that aren't yet enrolled are listed by using the device serial number as the device name.
If you selected Dynamic Devices for Membership type in the previous step, select Dynamic device members, and then enter code in Advanced rule that resembles the following:
- If you want to create a group that includes all of your Autopilot devices, type:
(device.devicePhysicalIDs -any _ -contains "[ZTDId]")
- Intune's group tag field maps to the OrderID attribute on Azure AD devices. If you want to create a group that includes all of your Autopilot devices that have a specific group tag (the Azure AD device OrderID), you must type:
(device.devicePhysicalIds -any _ -eq "[OrderID]:179887111881")
- If you want to create a group that includes all your Autopilot devices that have a specific Purchase Order ID, type:
(device.devicePhysicalIds -any _ -eq "[PurchaseOrderId]:76222342342")
These rules target attributes that are unique to Autopilot devices.
- If you want to create a group that includes all of your Autopilot devices, type:
Select Save, and then select Create.
6. Create a deployment profile
In Microsoft Endpoint Manager admin center, select Devices > Windows > Windows enrollment > Windows Autopilot deployment profiles > Create profile > HoloLens.
Enter a profile name and description, and then select Next.
On the Out-of-box experience (OOBE) page, most of the settings are pre-configured to streamline OOBE for this evaluation. Optionally, you can configure the following settings:
- Language (Region): Select the language for OOBE. We recommend that you select a language from the list of supported languages for HoloLens 2.
- Automatically configure keyboard: To make sure that the keyboard matches the selected language, select Yes.
- Apply device name template: To automatically set the device name during OOBE, select Yes and then enter the template phrase and placeholders in Enter a name For example, enter a prefix and
%RAND:4%—a placeholder for a four-digit random number.
If you use a device name template, the OOBE process restarts the device one additional time after it applies the device name and before it joins the device to Azure AD. This restart enables the new name to take effect.
After you configure the settings, select Next.
On the Scope tags page, optionally add the scope tags that you want to apply to this profile. For more information about scope tags, see Use role-based access control and scope tags for distributed IT. When finished, select Next.
On the Assignments page, select Selected groups for Assign to.
Under SELECTED GROUPS, select + Select groups to include.
In the Select groups to include list, select the device group that you created for the Autopilot HoloLens devices, and then select Next.
If you want to exclude any groups, select Select groups to exclude, and select the groups that you want to exclude.
On the Review + Create page, review the settings and then select Create to create the profile.
7. Verify the ESP configuration
The Enrollment Status Page (ESP) displays the status of the complete device configuration process that runs when an MDM managed user signs into a device for the first time. Make sure that your ESP configuration resembles the following, and verify that the assignments are correct.
8. Verify the profile status of the HoloLens devices
In Microsoft Endpoint Manager Admin Center, select Devices > Windows > Windows enrollment > Devices.
Verify that the HoloLens devices are listed, and that their profile status is Assigned.
It may take a few minutes for the profile to be assigned to the device.
Windows Autopilot for HoloLens 2 User Experience
Once the above instructions are completed, your HoloLens 2 users will go through the following experience to provision their HoloLens devices:
As mentioned, in the current release, devices need to be connected to the internet before turning on the HoloLens and initiating the Autopilot provisioning process. Connect your device to Ethernet using "USB-C to Ethernet" adapters for wired internet connectivity or "USB-C to Wifi" adapters for wireless internet connectivity.
You must connect the device to the network before the Out-of-the-Box-Experience (OOBE) starts. The device determines whether it is provisioning as an Autopilot device while on the first OOBE screen. If the device cannot connect to the network, or if you choose not to provision the device as an Autopilot device, you cannot change to Autopilot provisioning at a later time. Instead, you would have to start this procedure over in order to provision the device as an Autopilot device.
The device should automatically start OOBE. Do not interact with OOBE. Instead sit, back and relax! Let HoloLens 2 detect network connectivity and allow it complete OOBE automatically. The device may restart during OOBE. The OOBE screens should resemble the following.
At the end of OOBE, you can sign in to the device by using your user name and password.
- You cannot install applications that use the device security context.
To provide feedback or report issues, use one of the following methods:
Use the Feedback Hub app. You can find this app on a HoloLens-connected computer. In Feedback Hub, select the Enterprise Management > Device category.
When you provide feedback or report an issue, provide a detailed description. If applicable, include screenshots and logs.
Send an email message to firstname.lastname@example.org. For the email subject, enter <Tenant> Autopilot for HoloLens 2 evaluation feedback (where <Tenant> is the name of your Intune tenant).
Provide a detailed description in your message. However, unless Support personnel specifically request it, do not include data such as screenshots or logs. Such data might include private or personally identifiable information (PII).