Prepare your environment for Microsoft Surface Hub

This section contains an overview of setup dependencies and the setup process. Review the info in this section to help you prepare your environment and gather information needed to set up your Surface Hub.

Review infrastructure dependencies

Review these dependencies to make sure Surface Hub features will work in your IT infrastructure.

Dependency Purpose
Active Directory or Azure Active Directory (Azure AD)

The Surface Hub's uses an Active Directory or Azure AD account (called a device account) to access Exchange and Skype for Business services. The Surface Hub must be able to connect to your Active Directory domain controller or to your Azure AD tenant in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and Session Initiation Protocol (SIP) address.

You can also domain join or Azure AD join your Surface Hub to allow a group of authorized users to configure settings on the Surface Hub.
Exchange (Exchange 2013 or later, or Exchange Online) and Exchange ActiveSync

Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.

ActiveSync is used to sync the device account’s calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled.
Skype for Business (Lync Server 2013 or later, or Skype for Business Online) Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing.
If screen sharing on a Surface Hub fails and the error message An error occurred during the screen presentation is displayed, see Video Based Screen Sharing not working on Surface Hub for help.
Mobile device management (MDM) solution (Microsoft Intune, System Center Configuration Manager, or supported third-party MDM provider) If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See Manage settings with an MDM provider for details.
Microsoft Operations Managmement Suite (OMS) OMS is used to monitor the health of Surface Hub devices. See Monitor your Surface Hub for details.
Network and Internet access

In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred.

Dynamic IP: The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.

Proxy servers: If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings.

Additionally, note that Surface Hub requires the following open ports:

  • HTTPS: 443
  • HTTP: 80

Depending on your environment, access to additional ports may be needed:

Microsoft collects telemetry to help improve your Surface Hub experience. Add these sites to your allow list:

  • Telemetry client endpoint: https://vortex.data.microsoft.com/
  • Telemetry settings endpoint: https://settings.data.microsoft.com/

Work with other admins

Surface Hub interacts with a few different products and services. Depending on the size of your organization, there could be multiple people supporting different products in your environment. You'll want to include people who manage Exchange, Active Directory (or Azure Active Directory), mobile device management (MDM), and network resources in your planning and prep for Surface Hub deployments.

Create and verify device account

A device account is an Exchange resource account that Surface Hub uses to display its meeting calendar, join Skype for Business calls, and send email. See Create and test a device account for details.

After you've created your device account, there are a couple of ways to verify that it's setup correctly.

Prepare for first-run program

There are a few more item to consider before you start the first-run program.

Create provisioning packages (optional)

You can use provisioning packages to add certificates, customize settings and install apps. See Create provisioning packages for details. You can install provisioning packages at first-run.

Set up admin groups

Every Surface Hub can be configured locally using the Settings app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. See Admin group management for details on how admin groups are set up and managed. You will set up admins for the device at first run.

Review and complete Surface Hub setup worksheet (optional)

When you go through the first-run program for your Surface Hub, there's some information that you'll need to supply. The setup worksheet summarizes that info, and provides lists of environment-specific info that you'll need when you go through the first-run program. For more information, see Setup worksheet.

In this section

Topic Description

Create and test a device account

This topic introduces how to create and test the device account that Surface Hub uses to communicate with and Skype.

Create provisioning packages

For Windows 10, settings that use the registry or a content services platform (CSP) can be configured using provisioning packages. You can also add certificates during first run using provisioning.

Admin group management

Every Surface Hub can be configured individually by opening the Settings app on the device. However, to prevent people who are not administrators from changing the settings, the Settings app requires administrator credentials to open the app and change settings.

The Settings app requires local administrator credentials to open the app.