Edit

Share via


Enroll HoloLens in MDM

You can manage multiple Microsoft HoloLens devices simultaneously using solutions like Microsoft Intune. You'll be able to manage settings, select apps to install, and set security configurations tailored to your organization's need. See Manage devices running Windows Holographic with Microsoft Intune, the configuration service providers (CSPs) that are supported in Windows Holographic, and the policies supported by Windows Holographic for Business.

Note

Mobile device management (MDM), including the VPN, Bitlocker, and kiosk mode features, is only available when you upgrade to Windows Holographic for Business.

Requirements

Your organization will need to have Mobile Device Management (MDM) set up in order to manage HoloLens devices. Your MDM provider can be Microsoft Intune or a third party provider that uses Microsoft MDM APIs.

Enrollment per scenario

Depending on what stage you are in your deployment we have the following recommendations:

  • For multi-user shared devices being deployed in production it's suggested you use Autopilot.
  • For multi-user shared devices that are being initially part of a pilot program, Microsoft Entra join during OOBE should be sufficient.
  • For a proof of concept joining a device via the Settings menu may suit your needs if you don't need multiple users per device.

Different ways to enroll

Depending on the type of identity chosen either during OOBE or post sign-in, there are different methods of enrollment.

Note

If your tenant is in a GCC High enviorment you will be unable to select "sign in from another device". You'll need to manually enter your user credentials.

For Multi-User Shared Devices

  • If Identity is Microsoft Entra ID and device has been pre-registered with Intune MDM server with specific configuration profile assigned to it, then Microsoft Entra join and automatic MDM enrollment will occur during OOBE.
  • If Identity is Microsoft Entra ID, the during OOBE device can enroll.
    • For Microsoft Entra ID, automatic MDM enrollment only occurs if Microsoft Entra ID has been configured with enrollment URLs.

For Single User Devices

  • If Identity is Microsoft Entra ID, then either during OOBE or Settings App -> Access Work or School -> Connect button.
    • For Microsoft Entra ID, automatic MDM enrollment only occurs if Microsoft Entra ID has been configured with enrollment URLs.
  • If Identity is MSA, then using Settings App -> Access Work or School -> Connect button.
    • Also called Add Work Account (AWA) flow.
  • If Identity is Local User, then using Settings App -> Access Work or School -> Enroll only in device management link.
    • Also called pure MDM enrollment flow.

Once the device is enrolled with your MDM server, the Settings app will now reflect that the device is enrolled in device management.

Auto-enrollment in MDM

If your organization has an Azure Premium subscription, is using Microsoft Entra ID and an MDM solution that accepts a Microsoft Entra token for authentication (currently, only supported in Microsoft Intune and AirWatch), your IT admin can configure Microsoft Entra ID to automatically allow MDM enrollment after the user signs in with their Microsoft Entra account. Learn how to configure Microsoft Entra enrollment and Microsoft Entra integration with MDM for detailed background information.

When auto-enrollment is enabled, no extra manual enrollment is needed. When the user signs in with a Microsoft Entra account, the device is enrolled in MDM after completing the first-run experience.

When a device is Microsoft Entra joined it may affect who considered the device owner.

Unenroll HoloLens from Intune

Depending on the enrollment method, unenrolling your device may not be available.

If your device was enrolled with a Microsoft Entra account or Autopilot, it can’t be unenrolled from Intune. If you wish to unjoin HoloLens from Microsoft Entra or rejoin it to a different to Microsoft Entra tenant, you must reset/reflash the device.

If your device was enrolled from an MSA account that added a work account or from a Local account that enrolled only in device management, then you may unenroll the device. Open the Start menu and then select Settings App -> Access Work or School -> YourAccount -> Disconnect button.

Enrollment troubleshooting

Ensure device is successfully connected to Internet before attempting enrollment post OOBE

Once user has signed-in, ensure internet connection by browsing to any internet facing website on device.

Ensure that Microsoft Entra join is not disabled in your Microsoft Entra tenant

Refer to Configure your device settings for information about the available options in Azure portal.

Ensure valid license is assigned to the user

Refer to Troubleshoot Windows device enrollment problems in Microsoft Intune specifically following sections, that is, Check device type restrictions and Assign a valid license to the user.

Ensure that MDM enrollment isn't blocked for Windows devices

In order for enrollment to succeed you'll need to make sure that your HoloLens devices can enroll. Since HoloLens is considered a Windows device, there will need to be no enrollment restrictions that could block your deployment. Review this list of restrictions and ensure you'll be able to enroll your devices.