The rewarding deployment journey 1 of 2 Change Management Stakeholder buyin Technical education and readiness Complex deployment plans Goals for this Session Components amp stages of successful deployments ID: 930171
Download Presentation The PPT/PDF document "Deploying HoloLens 2 at Enterprise Scal..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Deploying HoloLens 2 at Enterprise Scale
Slide2The rewarding deployment journey (1 of 2) Change Management
Stakeholder buy-in
Technical education and readiness
Complex deployment plans
Slide3Goals for this SessionComponents & stages of successful deployments
Common themes
HoloLens 2 deployment deep-dive
Looking forward…
Slide4Components & Stages of Successful Deployments
Slide5Components & Stages (1 of 3)
Prepare
Solution
Scenario
Environment Considerations
Device Mgmt. Considerations
Device Management Lifecycle
Policies
Configure
Identity
Network & Connectivity
Security
Deploy
Enrollment
Application
Maintain
OS Updates
App Updates
Support & Troubleshooting
Slide6Common Themes (1 of 3)
Slide7Common Themes (2 of 3)Identify high-business-value solutions that can achieve scale.Simplicity can drive innovation and digital transformation.
Evaluate the product against business and scenario needs.
Large enterprise inter-communication can be rigid.
Proactively plan for support flows and end-user training.
Define clear success metrics to successfully move between stages (
Proof of Concept to Pilot to Production).
Slide8Common Themes (3 of 3)Leading adoption of Modern Device Management practices is key to success.Rethink deployment architecture to take advantage of cloud technologies to provide a new, hybrid, more flexible approach to device management.
Areas that often require special focus:
Security & Identity
Corporate Wi-Fi & Connectivity
Certificates
LicensingDevice sharing
Slide9HoloLens 2 Deployment Deep-Dive
Slide10Components & Stages (2 of 3)
Prepare
Solution
Scenario
Environment Considerations
Device Mgmt. Considerations
Device Management Lifecycle
Policies
Configure
Identity
Network & Connectivity
Security
Deploy
Enrollment
Application
Maintain
OS Updates
App Updates
Support & Troubleshooting
Slide11Environment Considerations
Prepare
Environment Considerations
Thermals:
HoloLens 2 is a passively cooled device. At ambient temperatures >27C, workload and user activity may impact device performance negatively
Lack of lighting, feature points, and shiny surfaces
may cause issues with hologram stability and hand tracking.
Outdoor/direct sunlight:
Difficulty to see holograms and potential loss of hand tracking.
Moving platforms:
Holograms will not be stable or will not persist in space.
Battery:
2-3hrs of active use. External battery packs are supported.
Learn more
Slide12Safety & Certifications
Prepare
Environment Considerations
HoloLens complies with the user-accessible surface temperature limits defined by the International Standards for Safety
(IEC 60950-1 and IEC 62368-1).
HoloLens has been tested and conforms to the basic impact protection requirements of
ANSI Z87.1, CSA Z94.3, and EN 166.
Meets the Federal Communications Commission (FCC), Industry Canada and European guidelines for RF exposure and Specific Absorption Rate. Complies with
CFR 1040.10 and 1040.11.
Learn more
Slide13Device Management
Prepare
Device Mgmt. Considerations
HoloLens 2 vs Desktop
Topic
Desktop
HoloLens 2
Device management
System Center Configuration Manager (SCCM),
Mobile Device Management (MDM)
Mobile Device Management (MDM)
Applications supported
Windows Apps, Win32, Universal Windows Platform (UWP)
Universal Windows Platform (UWP) only
Active Directory
Cloud & On-Prem
Cloud Only
CSPs & Policies
Yes
Some
PowerShell supported
Yes
No
Management consoles
(e.g.
CertMgr.msc
)
Yes
No
Direct Registry access
Yes
No
Antivirus
Yes
No*
* While traditional Antivirus is not supported, security features such as WDAC and BitLocker are embedded and controllable within the HoloLens product.
Slide14Device Management Solution
Prepare
Device Mgmt. Considerations
Stage/Environment
Cloud-connected
(recommended)
Offline
Configure
(Set up infrastructure and policies)
MDM configuration profiles & settings
(via Intune,
AirWatch, etc.)
Windows Configuration Designer (WCD)
Provisioning Packages
Deploy
(E
nroll devices and deploy policies
and apps)
MDM configuration profiles & settings
(via Intune,
AirWatch, etc.)
Windows Configuration Designer (WCD)
Provisioning Packages
Maintain
(Manage updates, re-deploy policies, and reset or retire devices)
MDM configuration profiles & settings
(via Intune,
AirWatch, etc.)
Advanced Recovery Companion (ARC), WCD, On-device
Slide15Identity – User Types
Configure
Identity
Cloud Authenticated User
(Recommended)
Azure Active Directory (
AAD
) Account
Microsoft Account (MSA)
Local Authenticated User
Local User – Can only be created during OOBE, using runtime provisioning packages.
Visitor / Guest – Can only be created using Assigned Access CSP (apply through MDM or PP). Only available when HoloLens is (Azure Active Directory)
AAD joined
.
Slide16Identity – Authentication
Configure
Identity
Web
PIN
Iris
FIDO 2
Auto-logon
Password
1
AAD
Supported
Required
2
Recommended
3
Supported
Supported
Not supported
MSA
Not supported
Required
2
Recommended
3
Not supported
Supported
Not supported
Local
Not supported
Not supported
Not supported
Not supported
Not supported
Supported
Accounts per Device
AAD
64
4
MSA
1
Local
1
1
Password
refers to inserting a password directly into the sign-in flow. Once PIN is set up, Password will no longer be available as an option. Entering password onto the web page displayed by the web method is not categorized as a password. Passwords across all cloud accounts are gradually being replaced by more secure authentication solutions.
2
Required
: Users are required to set up a PIN during device setup. If that process is interrupted, the user will be prompted to set up a PIN on subsequent sign-in attempts until it is set up.
3
Recommended
: Users are prompted to enroll in the Iris sign-in during setup with the option to skip.
4
Iris
: Biometric sign-in using Iris should be capped at 10 users for security purposes.
Slide17Network & Connectivity
Configure
Network & Connectivity
HoloLens Capabilities
WiFi
802.11ac (
WiFi
5)
Ethernet
Yes
(with USB-C adapter)
Bluetooth
5.0
VPN
Yes
Proxy
Yes
Corporate Network
Secure Offline
Azure Cloud
HoloLens User
(Scenario C)
HoloLens User
(Scenario B)
SCEP/PKCS
WiFi
Certificate
HoloLens User
(Scenario A)
Corp
WiFi
External
WiFi
Proxy Server
Firewall
Corp Resources
VPN
Azure Active Directory
Microsoft Account
Microsoft Intune
Office 365
Windows Update for Business
Microsoft Store for Business
Dynamics 365 Remote Assist
Dynamics 365 Guides
Slide18Security
Configure
Security
HoloLens 2 implements every standard for a highly secure modern device
Built-in protection at every layer, not just software.
Layering of independent security sub-components.
Mitigates against consistently changing computing security field.
HoloLens Capabilities
Always-enabled Device Encryption (
BitLocker
)
Trusted Platform Module (
TPM
)
Transport Layer Security (TLS) 1.2
Conditional Access
Windows Hello for Business
Windows Defender Smart Screen
UEFI Secure Boot
Windows Defender Application Control (
WDAC
)
Cert-based corporate
WiFi
access
VPN & Proxy support
Slide19Certificates
Configure
Security
File types:
.PFX
and
.CER
Protocols:
SCEP and PKCS
Stores:
User and Device
Primary use-cases:
Wi-Fi auth and VPN
Cert diagnostics:
Diagnostic logs and MDM report through the Settings app
Slide20Configuration Service Providers(aka Policies) (1 of 2)
Configure
Policies
A
configuration service provider (CSP)
is an interface to set, modify,
or delete configuration settings on a Windows device.
Think of them as individual components existing on an OS image that cover specific aspects, such as APIs and features.
CSP’s are the protocols, foundational blocks and bridges of device management.
They can be applied to target either a device or user.
HoloLens supports a specific set of
(CSPs)
and
policies
that can be deployed through MDM or provisioning packages. More CSPs are added incrementally.
Slide21Configuration Service Providers(aka Policies) (2 of 2)
Configure
Policies
Example:
AssingedAccess
CSP
is used to set the device to run in Kiosk M
ode.
When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app.
Slide22Components & Stages (3 of 3)
Prepare
Solution
Scenario
Environment Considerations
Device Mgmt. Considerations
Device Management Lifecycle
Policies
Configure
Identity
Network & Connectivity
Security
Deploy
Enrollment
Application
Maintain
OS Updates
App Updates
Support & Troubleshooting
Slide23Enrollment
Deploy
Enrollment
For Azure AD (AAD) accounts:
Auto-enrollment
during initial device setup (OOBE)
Bulk enrollment
using provisioning packages
User enrollment
using Settings App > Access Work or School > Connect
With
AutoPilot
[Coming soon]
:
Zero user interaction
if device has been pre-registered with Intune MDM server
For Microsoft Accounts (MSA):
Add Work Account flow
using Settings App > Access Work or School > Connect
For Local User:
MDM enrollment flow
using Settings App > Access Work or School > Enroll
Slide24Application Deployment
Deploy
Application
The following deployment methods are available:
MDM platform
Sync Microsoft Store for Business apps
Upload Line of Business (LOB) apps (using .appx files)
End-user download through Intune Company Portal
WCD Provisioning packages
for offline LOB apps
Direct on-device
for pre-installed apps
Slide25OS Update Management
Maintain
OS Updates
What?
Auto-Update (OTA)
Scheduled Updates
Paused or deferred Updates
How?
MDM (Windows Update for Business)
Provisioning Package
On-device
Release cadence
Major releases
twice a year
Servicing & security releases
once a month
Slide26App Update Management
Maintain
App Updates
The following app update methods are available:
Microsoft Store apps:
Allow auto-updates
Control updates through MDM
Offline LOB apps:
MDM re-deployment
Provisioning package manual re-deployment
Slide27Support & Troubleshooting
Maintain
Support & Troubleshooting
Define end-user support flows and develop manuals
Contact HoloLens support
Contact Intune (or 3P MDM) support
File bugs or feature requests using
FeedbackHub
Community channels: Stack Overflow and Slack
Slide28Common Scenarios (examples)
Stage
Topic
Scenario 1: Mobile device
Scenario 2: Appliance
Scenario 3: Secure environments
Configure
Identity
Azure AD
Azure AD
Local accounts
Configure
Application
Microsoft Store for Business
Line of Business
Line of Business
Configure
Network
Open internet and
Corp intranet
Corp intranet with access to Secure Cloud resources
Offline
Configure
Security
Certificates web token
Restrict applications
Disable Wi-Fi/Bluetooth/ microphone
Configure
User experience
Full experience
Kiosk mode
Full experience
Deploy & Maintain
Device management
Intune
Intune (or 3P)
Manual (No MDM)
Deploy & Maintain
OS updates
Windows Update for Business
Windows Update for Business
Manual (ARC)
Deploy & Maintain
Application updates
MDM (Microsoft Store for Business)
MDM (LOB)
Manual (Provisioning Package)
Slide29In Windows Holographic May 2020 Update
Pre-configure and seamlessly set up new devices for production, with
Windows
AutoPilot
Dark App Mode
for apps that support both dark and light modes, improving the viewing experience
Support for
FIDO2 Security Keys
to enable fast and secure authentication for shared devices
Seamlessly apply a
provisioning package from a USB
drive to your HoloLens
Enroll HoloLens
with your Mobile Device Management system using a
provisioning package
Support for additional
system voice commands
to control HoloLens, hands-free
Hand Tracking improvements
make buttons and 2D slate interactions more accurate
Check policies and apps
that are pushed to HoloLens in the Settings app
Expanded USB Ethernet capabilities enabling
support for 5G/LTE dongles
… And
performance and reliability improvements
across the product
Slide30AutopilotAutopilot for HoloLens 2 //
Scenario
Windows Autopilot self-deploying mode
enables a device to be deployed with zero user interaction.
Self-deploying mode
joins the device into Azure Active Directory, enrolls the device in Intune
(or another MDM service) and begins
applying all device targeted policies, applications, certificates, networking profiles, provision the device
and land the user to login screen.
Note:
Autopilot relies on HoloLens devices having the latest OS pre-installed before delivery to the end-customer. We will release communications when devices with the latest OS begin shipping.
Autopilot for HoloLens 2 //
Takeaways
IT/Enterprise
Reduce setup costs
Zero interactive OOBE
Scale device rollout
Comply with corporate policies and configuration
Simple device reuse/reset
End-User
Streamlined first experience
Personalized setup
Business-ready on first sign-in
Partners
Increase sales with cloud attach proposition
Meet customer need at scale
Build business opportunity and relationship with customers
Support customers with their Modern Deployment journey
Slide31Key take-aways
Slide32The rewarding deployment journey (2 of 2)Change Management
Stakeholder buy-in
Technical
education and
readiness
Complex deployment plans
Slide33A complete deployment plan includes:
Prepare
Solution
Scenario
Environment Considerations
Device Mgmt. Considerations
Configure
Identity
Network & Connectivity
Security
Policies
Deploy
Enrollment
Application
Maintain
OS Updates
App Updates
Support & Troubleshooting
Device Management Lifecycle
Slide34Modern Device ManagementLeading adoption of Modern Device Management practices is key to success.Rethink deployment architecture to take advantage of cloud technologies to provide a new, hybrid, more flexible approach to device management.
Areas that often require special focus:
Security & Identity
Corporate Wi-Fi & Connectivity
Certificates
LicensingDevice sharing
Slide35Thank you!