Common Scenarios – Offline Secure HoloLens 2
This guide provides guidance for applying a sample Provisioning Package that will lock down a HoloLens 2 for use in secure environments with the following restrictions:
- Disable WiFi.
- Disable BlueTooth.
- Disable Microphones.
- Prevents adding or removing provisioning packages.
- No user can enable any of the above restricted components.
Windows 10 PC Setup
- Download the latest HoloLens 2 OS file directly to a PC.
- Support for this configuration is included in Build 19041.1117 and above.
- Download/Install the Advanced Recovery Companion(ARC) tool from the Microsoft Store to your PC
- Download/Install the latest Windows Configuration Designer (WCD) tool from the Microsoft Store to your PC.
- Download the OfflineSecureHL2_Sample folder with the project files to build the PPKG.
- Prepare your offline Line of Business application for PPKG deployment.
Build a Secure Configuration Provisioning Package
Launch the WCD tool on your PC.
Select File -> Open project.
- Navigate to the location of the previously saved OfflineSecureHL2_Sample folder, and select: OfflineSecureHL2_Sample.icdproj.xml
The project should open and you should now have a list of Available Customizations:
Configurations set in this provisioning package:
Item Setting Description Accounts / Users Local User Name & Password For these offline devices, a single user name and password will need to be set and shared by all users of the device. First Experience / HoloLens / SkipCalibration True Skips calibration during initial device setup only First Experience / HoloLens / SkipTraining True Skips device training during initial device setup First Experience / HoloLens / WiFi True Skips Wi-Fi config during initial device setup Policies/Connectivity/AllowBluetooth No Disables Bluetooth Policies/Experience/AllowCortana No Disables Cortana (to eliminate potential problems since the microphones are disabled) Policies/MixedReality/MicrophoneDisabled Yes Disables Microphone Policies/Privacy/LetAppsAccessLocation Force deny Prevents Apps from trying to access Location data (to eliminate potential problems since the Location tracking is disabled) Policies/Privacy/LetAppsAccessMicrophone Force deny Prevents Apps from trying to access Microphones (to eliminate potential problems since the Microphones are disabled) Policies/Security/AllowAddProvisioningPackage No Prevents anyone from adding provisioning packages that might attempt to override locked down policies. Policies/Security/AllowRemoveProvisioningPackage No Prevents anyone from removing this locked down provisioning package. Policies/System/AllowLocation No Prevents the device from trying to track location data. Policies/WiFi/AllowWiFi No Disables Wi-Fi
Under Runtime Settings, Select Accounts / Users / UserName: Holo.
Note the password and reset if desired.
Navigate to UniversalAppInstall / UserContextApp and configure the LOB app you will be deploying to these devices.
Once complete, select the “Export” button and follow all prompts until your provisioning package is created.
Connect the HL2 to your Windows 10 PC via USB cable.
Launch the ARC tool and select HoloLens 2
On the next screen select Manual package selection.
Navigate to the previously downloaded .ffu file, and select Open.
At the Warning page select Continue.
Wait for the ARC tool to complete the HoloLens 2 OS install.
Once the device completes the install and boots back up, from your PC navigate to File Explorer and copy the previously saved PPKG file over to the device folder.
On the HoloLens 2, press the following button combo to run the Provisioning Package: Tap Volume Down and Power Button at the same time.
You will be prompted to apply the Provisioning Package, select Confirm
Once the provisioning package completes select OK.
You should then be prompted to sign into the device with the shared local account and password.
If you forgot to change the password from the default for this package, it's
With this configuration, it is recommended to restart the process above and reflash the device with the ARC tool and apply a new PPKG to make any updates to the OS and/or application(s).