Windows Holographic for Business device settings to allow or restrict features using Intune
This article describes the different settings you can control on Windows Holographic for Business devices, such as Microsoft Hololens. As part of your mobile device management (MDM) solution, use these settings to allow or disable features, control security, and more.
As an Intune administrator, you can create and assign these settings to your devices.
Before you begin
Create a Windows 10/11 device restrictions configuration profile.
When you create a Windows 10/11 device restrictions configuration profile, there are more settings than what's listed in this article. The settings in this article are supported on Windows Holographic for Business devices.
App Store
Auto-update apps from store: Block prevents updates from being automatically installed from the Microsoft Store. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow apps installed from the Microsoft Store to be automatically updated.
Trusted app installation: Choose if non-Microsoft Store apps can be installed, also known as sideloading. Sideloading is installing, and then running or testing an app that isn't certified by the Microsoft Store. For example, an app that is internal to your company only. Your options:
- Not configured (default): Intune doesn't change or update this setting.
- Block: Prevents sideloading. Non-Microsoft Store apps can't be installed.
- Allow: Allows sideloading. Non-Microsoft Store apps can be installed.
Developer unlock: Allow Windows developer settings, such as allowing sideloaded apps to be modified by users. Your options:
- Not configured (default): Intune doesn't change or update this setting.
- Block: Prevents developer mode and sideloading apps.
- Allow: Allows developer mode and sideloading apps.
Cellular and Connectivity
Bluetooth: Block prevents users from enabling Bluetooth. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Bluetooth on the device.
Bluetooth discoverability: Block prevents the device from being discoverable by other Bluetooth-enabled devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow other Bluetooth-enabled devices, such as a headset, to discover the device.
Bluetooth advertising: Block prevents the device from sending out Bluetooth advertisements. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow the device to send out Bluetooth advertisements.
Cloud and Storage
Microsoft account: Block prevents users from associating a Microsoft account with the device. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow adding and using a Microsoft account.
Control Panel and Settings
System time modification: Block prevents users from changing the date and time settings on the device. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to change these settings.
General
Manual unenrollment: Block prevents users from deleting the workplace account using the workplace control panel on the device. When set to Not configured (default), Intune doesn't change or update this setting.
Geolocation: Block prevents users from turning on location services on the device. When set to Not configured (default), Intune doesn't change or update this setting.
Cortana: Block disables the Cortana voice assistant on the device. When Cortana is off, users can still search to find items on the device. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Cortana.
Note
Microsoft deprecated the Windows Cortana standalone app. The Cortana productivity assistant is still available. For more information on deprecated features on Windows client, go to Deprecated features for Windows client.
Microsoft Edge Browser
Start experience > Allow pop-ups: Yes (default) allows pop-ups in the web browser. No prevents pop-up windows in the browser.
Favorites and search > Show search suggestions: Yes (default) allows your search engine to suggest sites as you type search phrases in the address bar. No prevents this feature.
Privacy and security > Allow Password Manager: Yes (default) allows Microsoft Edge to automatically use Password Manager, which allows users to save and manage passwords on the device. No prevents Microsoft Edge from using Password Manager.
Privacy and security > Cookies: Choose how cookies are handled in the web browser. Your options:
- Allow: Cookies are stored on the device.
- Block all cookies: Cookies aren't stored on the device.
- Block only third party cookies: Third party or partner cookies aren't stored on the device.
Privacy and security > Send do-not-track headers: Yes sends do-not-track headers to websites requesting tracking info (recommended). No (default) doesn't send headers that allow websites to track the user. Users can configure this setting.
Microsoft Defender SmartScreen
SmartScreen for Microsoft Edge: Require turns on Microsoft Defender SmartScreen, and prevents users from turning it off. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might turn on SmartScreen, and allow users to turn it on and off.
Password
Password: Require forces users to enter a password to access the device. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow access to devices without a password. Applies to local accounts only. Domain account passwords remain configured by Active Directory (AD) and Microsoft Entra ID.
Require password when device returns from idle state: Require forces users to enter a password to unlock the device after being idle. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not require a PIN or password after being idle.
Reporting and Telemetry
Share usage data: Choose the level of diagnostic data that's submitted. Your options:
- Not configured (default): Intune doesn't change or update this setting. No setting is forced. Users choose the level that's submitted. By default, the OS might not share any data.
- Security: Information that's required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Microsoft Defender
- Basic: Basic device information, including quality-related data, app compatibility, app usage data, and data from the Security level
- Enhanced: Additional insights, including how Windows, Windows Server, System Center, and apps are used, how they perform, advanced reliability data, and data from both the Basic and the Security levels
- Full: All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced level.
Search
Search location: Block prevents Windows Search from using the location. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow this feature.