Bewerken

Delen via


Policy CSP - MixedReality

Tip

This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

Logo of Windows Insider.

Important

This CSP contains some settings that are under development and only applicable for Windows Insider Preview builds. These settings are subject to change and may have dependencies on other features or services in preview.

These policies are only supported on Microsoft HoloLens 2. They're not supported on HoloLens (first gen) Development Edition or HoloLens (first gen) Commercial Suite devices.

AADGroupMembershipCacheValidityInDays

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 [10.0.19041] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays

This policy controls for how many days, Microsoft Entra group membership cache is allowed to be used for Assigned Access configurations targeting Microsoft Entra groups for signed in user. Once this policy is set only then cache is used otherwise not. In order for this policy to take effect, user must sign-out and sign-in with Internet available at least once before the cache can be used for subsequent 'disconnected' sessions.

Steps to use this policy correctly:

  1. Create a device configuration profile for kiosk, which targets Microsoft Entra groups. Assign it to the HoloLens devices.
  2. Create a custom OMA URI-based device configuration. Set this policy value to the chosen number of days greater than zero (0). Then assign the configuration to the HoloLens devices.
    • The URI value should be entered in OMA-URI text box as ./Device/Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays
    • The value can be any integer in the allowed range.
  3. Enroll the HoloLens devices. Verify that both configurations apply to the device.
  4. When internet is available, sign in as a Microsoft Entra user. Once the user signs-in, and Microsoft Entra group membership is confirmed successfully, the cache will be created.
  5. You can now take the HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days.
  6. Steps 4 and 5 can be repeated for any other Microsoft Entra user. The key point is that any Microsoft Entra user must sign-in at least once to a device while on the internet. Then we can determine that they're a member of a Microsoft Entra group to which the kiosk configuration is targeted.

Note

Until you do step 4 for a Microsoft Entra user, the user will experience failure behavior similar to a disconnected environment.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Allowed Values Range: [0-60]
Default Value 0

AllowCaptivePortalBeforeLogon

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ [10.0.20348] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowCaptivePortalBeforeLogon

This policy controls whether the device will display the captive portal flow on the HoloLens sign in screen's network selection page when a captive portal network is detected. Displaying the captive portal flow is disabled by default to reduce the potential of gaining unauthorized access to the device through the browser.

This opt-in policy can help with the setup of new devices in new areas or new users. The captive portal allows a user to enter credentials to connect to the Wi-Fi access point. If enabled, sign in will implement similar logic as OOBE to display captive portal if necessary.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Displaying captive portal isn't allowed.
1 Displaying captive portal is allowed.

AllowLaunchUriInSingleAppKiosk

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ [10.0.20348] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowLaunchUriInSingleAppKiosk

By default, launching applications via Launcher API (Launcher Class (Windows. System) - Windows UWP applications | Microsoft Docs) is disabled in single app kiosk mode. To enable applications to launch in single app kiosk mode on HoloLens devices, set the policy value to true.

Enable this policy to allow for other apps to be launched within a single app kiosk. This behavior may be useful if you want to launch the Settings app to calibrate your device or change your Wi-Fi.

For more information on the Launcher API, see Launcher Class (Windows.System) - Windows UWP applications.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Applications aren't allowed to be launched with Launcher API, when in single app kiosk mode.
1 Applications are allowed to be launched with Launcher API, when in single app kiosk mode.

AutoLogonUser

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ [10.0.20348] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser

This policy controls whether a user will be automatically logged on. When the policy is set to a non-empty value, it specifies the email address of the auto-logon user. The specified user must logon to the device at least once to enable auto-logon.

Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. In this case, you can pick up a device and immediately use remote assist. It also allows you to rapidly distribute HoloLens devices and have users speed up sign-in.

The string value is the email address of the user to automatically sign in.

On a device where you configure this policy, the user specified in the policy needs to sign in at least once. Subsequent reboots of the device after the first sign-in will have the specified user automatically signed in. Only a single auto-logon user is supported. Once enabled, the automatically signed-in user can't manually sign out. To sign in as a different user, first disable this policy.

Note

  • Some events such as major OS updates may require the specified user to sign in to the device again to resume auto-logon behavior.
  • Auto-logon is only supported for Microsoft accounts and Microsoft Entra users.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

AutomaticDisplayAdjustment

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 [10.0.19041] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/AutomaticDisplayAdjustment

This policy controls if the HoloLens displays will be automatically adjusted for your eyes to improve hologram visual quality when a user wears the device. When this feature is enabled, a new user upon wearing the device won't be prompted to calibrate and yet the displays will be adjusted to suite them automatically. However if an immersive application is launched that depends on eye tracking interactions, the user will be prompted to perform the calibration.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 1

Allowed values:

Value Description
0 Disabled.
1 (Default) Enabled.

AutoUnlock

Scope Editions Applicable OS
✅ Device
✅ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows Insider Preview
./User/Vendor/MSFT/Policy/Config/MixedReality/AutoUnlock
./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoUnlock

This policy controls whether a signed-in user will be prompted for credentials when returning to the device after the device has entered suspended state. This policy is available both for the device as well as the user scope. When enabled for the device scope, auto unlock will be enabled for all users on the device. When enabled for the user scope, only the specific user will have auto unlock enabled.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) User will be prompted for credentials.
1 User won't be prompted for credentials.

BrightnessButtonDisabled

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 [10.0.19041] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/BrightnessButtonDisabled

This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it's used with other buttons as combination for other purposes.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Brightness can be changed with press of brightness button.
1 Brightness can't be changed with press of brightness button.

ConfigureDeviceStandbyAction

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows Insider Preview
./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureDeviceStandbyAction

This policy setting controls device maintenance action during standby.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Not configured.
1 Logoff users.
2 Reboot device.

ConfigureDeviceStandbyActionTimeout

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows Insider Preview
./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureDeviceStandbyActionTimeout

This policy setting controls when to start maintenance action after device enters standby. The timeout value is in hours.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Allowed Values Range: [1-168]
Default Value 8

ConfigureMovingPlatform

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ [10.0.20348] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureMovingPlatform

This policy controls the behavior of moving platform feature on HoloLens 2, that is, whether it's turned off / on or it can be toggled by a user. It should only be used by customers who intend to use HoloLens 2 in moving environments with low dynamic motion. Please refer to HoloLens 2 Moving Platform Mode for background information.

For more information, see Moving platform mode on low dynamic motion moving platforms.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Last set user's preference. Initial state is OFF and after that user's preference is persisted across reboots and is used to initialize the system.
1 Moving platform is disabled and can't be changed by user.
2 Moving platform is enabled and can't be changed by user.

ConfigureNtpClient

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ [10.0.20348] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureNtpClient

This policy setting specifies a set of parameters for controlling the Windows NTP Client.

  • If you enable this policy setting, you can specify the following parameters for the Windows NTP Client.

  • If you disable or don't configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters.

NtpServer.

The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of "dnsName,flags" where "flags" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is "time.windows.com,0x09".

Type.

This value controls the authentication that W32time uses. The default value is NT5DS.

CrossSiteSyncFlags.

This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client shouldn't attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value isn't set. The default value is 2 decimal (0x02 hexadecimal).

ResolvePeerBackoffMinutes.

This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes.

ResolvePeerBackoffMaxTimes.

This value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts.

SpecialPollInterval.

This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that's set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds.

EventLogFlags.

This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it's a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged.

More information:

You may want to configure a different time server for your device fleet. You can use this policy to configure certain aspects of the NTP client. In the Settings app, the Time/Language page will show the time server after a time sync has occurred.

For more information, see ADMX_W32Time Policy CSP - W32Time_Policy_Configure_NTPClient.

Note

This policy also requires enabling NtpClientEnabled.

After you enable this policy, restart the device for the changes to apply.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name W32TIME_POLICY_CONFIGURE_NTPCLIENT
Friendly Name Configure Windows NTP Client
Location Computer Configuration
Path System > Windows Time Service > Time Providers
Registry Key Name Software\Policies\Microsoft\W32time\TimeProviders\NtpClient
ADMX File Name W32Time.admx

Example:

The following XML string is an example of the value for this policy:

<enabled/>
<data id="W32TIME_NtpServer" value="time.windows.com,0x9"/>
<data id="W32TIME_Type" value="NTP"/>
<data id="W32TIME_CrossSiteSyncFlags" value="2"/>
<data id="W32TIME_ResolvePeerBackoffMinutes" value="15"/>
<data id="W32TIME_ResolvePeerBackoffMaxTimes" value="7"/>
<data id="W32TIME_SpecialPollInterval" value="1024"/>
<data id="W32TIME_NtpClientEventLogFlags" value="0"/>

ConfigureSharedAccount

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows Insider Preview
./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureSharedAccount

This policy specifies the configuration for Shared Accounts on the device. Shared Accounts are Microsoft Entra accounts that are deployed to the device by an IT admin and can be used by anyone with physical access to the device. These accounts excel in deployments where the HoloLens device is used like a tool shared between multiple people and it doesn't matter which account is used to access Microsoft Entra resources. Because these accounts can be signed in without requiring the user to provide credentials, you should ensure that these devices are physically secure, with access granted only to authorized personnel. You should also lock down these accounts to only have access to the required resources.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Allowed values:


Expand to see schema XML
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <xsd:element name="SharedAccountConfiguration">
    <xsd:complexType mixed="true">
      <xsd:sequence>
        <xsd:element minOccurs="1" maxOccurs="1" name="SharedAccount">
          <xsd:complexType>
            <xsd:sequence>
              <xsd:choice>
                <xsd:element name="IssuerThumbprint">
                  <xsd:simpleType>
                    <xsd:restriction base="xsd:string">
                      <xsd:maxLength value="40" />
                    </xsd:restriction>
                  </xsd:simpleType>
                </xsd:element>
                <xsd:element name="IssuerName">
                  <xsd:simpleType>
                    <xsd:restriction base="xsd:string">
                      <xsd:maxLength value="512" />
                    </xsd:restriction>
                  </xsd:simpleType>
                </xsd:element>
              </xsd:choice>
              <xsd:element minOccurs="0" maxOccurs="1" name="EkuOidRequirements">
                <xsd:complexType>
                  <xsd:sequence>
                    <xsd:element maxOccurs="5" name="Oid">
                      <xsd:simpleType>
                        <xsd:restriction base="xsd:string">
                          <xsd:maxLength value="100" />
                        </xsd:restriction>
                      </xsd:simpleType>
                    </xsd:element>
                  </xsd:sequence>
                </xsd:complexType>
              </xsd:element>
              <xsd:element minOccurs="0" maxOccurs="1" name="AutoLogon">
                <xsd:complexType>
                  <xsd:simpleContent>
                    <xsd:extension base="xsd:string">
                      <xsd:attribute name="forced" type="xsd:boolean" />
                    </xsd:extension>
                  </xsd:simpleContent>
                </xsd:complexType>
              </xsd:element>
            </xsd:sequence>
          </xsd:complexType>
        </xsd:element>
      </xsd:sequence>
    </xsd:complexType>
  </xsd:element>
</xsd:schema>

DisallowNetworkConnectivityPassivePolling

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ [10.0.20348] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/DisallowNetworkConnectivityPassivePolling

Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. This policy allows IT admins to disable NCSI passive polling. Value type is integer.

Windows Network Connectivity Status Indicator may get a false positive internet-capable signal from passive polling. That behavior may result in the Wi-Fi adapter unexpectedly resetting when the device connects to an intranet-only access point. When you enable this policy, you can avoid unexpected network interruptions caused by false positive NCSI passive polling.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Allowed.
1 Not allowed.

EnableStartMenuSingleHandGesture

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/EnableStartMenuSingleHandGesture

This policy setting controls if pinching your thumb and index finger, while looking at the Start icon on your wrist, to open the Start menu is enabled or not.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 1

Allowed values:

Value Description
0 Don't allow pinching your thumb and index finger, while looking at the Start icon on your wrist, to open the Start menu.
1 (Default) Allow pinching your thumb and index finger, while looking at the Start icon on your wrist, to open the Start menu.

EnableStartMenuVoiceCommand

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/EnableStartMenuVoiceCommand

This policy setting controls if using voice commands to open the Start menu is enabled or not.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 1

Allowed values:

Value Description
0 Using voice commands to open the Start menu is disabled.
1 (Default) Using voice commands to open the Start menu is enabled.

EnableStartMenuWristTap

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/EnableStartMenuWristTap

This policy setting controls if tapping the Star icon on your wrist to open the Start menu is enabled or not.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 1

Allowed values:

Value Description
0 Don't allow tapping the Start icon on your wrist to open the Start menu.
1 (Default) Allow tapping the Start icon on your wrist to open the Start menu.

EyeTrackingCalibrationPrompt

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 [10.0.19041] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/EyeTrackingCalibrationPrompt

This policy controls when a new person uses HoloLens device, if HoloLens should automatically ask to run eye calibration.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 1

Allowed values:

Value Description
0 Disabled.
1 (Default) Enabled.

FallbackDiagnostics

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 [10.0.19041] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/FallbackDiagnostics

This policy setting controls, when and if diagnostic logs can be collected using specific button combination on HoloLens.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 2

Allowed values:

Value Description
0 Not allowed. Diagnostic logs can't be collected by pressing the button combination.
1 Allowed for device owners only. Diagnostics logs can be collected by pressing the button combination only if signed-in user is considered as device owner.
2 (Default) Allowed for all users. Diagnostic logs can be collected by pressing the button combination.

HeadTrackingMode

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 [10.0.19041] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/HeadTrackingMode

This policy configures behavior of HUP to determine, which algorithm to use for head tracking. It requires a reboot for the policy to take effect.

Allowed values:

Value Description
0 (Default) Feature - Default feature based / SLAM-based tracker.
1 Constellation - LR constellation based tracker.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Allowed Values Range: [0-1]
Default Value 0

ManualDownDirectionDisabled

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ [10.0.20348] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/ManualDownDirectionDisabled

This policy controls whether the user can change down direction manually or not. If no down direction is set by the user, then an automatically calculated down direction is used by the system. This policy has no dependency on ConfigureMovingPlatform policy and they can be set independently.

When the system automatically determines the down direction, it's using the measured gravity vector.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) User is allowed to manually change down direction.
1 User isn't allowed to manually change down direction.

MicrophoneDisabled

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 [10.0.19041] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/MicrophoneDisabled

This policy setting controls whether microphone on HoloLens 2 is disabled or not.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Microphone can be used for voice.
1 Microphone can't be used for voice.

NtpClientEnabled

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ [10.0.20348] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/NtpClientEnabled

This policy setting specifies whether the Windows NTP Client is enabled.

Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.

  • If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers.

  • If you disable or don't configure this policy setting, the local computer clock doesn't synchronize time with NTP servers.

For more information, see the ConfigureNtpClient policy.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name W32TIME_POLICY_ENABLE_NTPCLIENT
Friendly Name Enable Windows NTP Client
Location Computer Configuration
Path System > Windows Time Service > Time Providers
Registry Key Name Software\Policies\Microsoft\W32time\TimeProviders\NtpClient
Registry Value Name Enabled
ADMX File Name W32Time.admx

Example:

The following example XML string shows the value to enable this policy:

<enabled/>

PreferLogonAsOtherUser

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/PreferLogonAsOtherUser

This policy configures whether the Sign-In App should prefer showing Other User panel to user.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Disabled.
1 Enabled.

RequireStartIconHold

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/RequireStartIconHold

This policy setting controls if it's require that the Start icon to be pressed for 2 seconds to open the Start menu.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Don't require the Start icon to be pressed for 2 seconds.
1 Require the Start icon to be pressed for 2 seconds.

RequireStartIconVisible

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/RequireStartIconVisible

This policy setting controls if it's required that the Start icon to be looked at when you tap it to open the Start menu.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Don't require the Start icon to be looked at when you tap it.
1 Require the Start icon to be looked at when you tap it.

SkipCalibrationDuringSetup

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ [10.0.20348] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/SkipCalibrationDuringSetup

This policy configures whether the device will take the user through the eye tracking calibration process during device setup and first time user setup.

  • If this policy is enabled, the device won't show the eye tracking calibration process during device setup and first time user setup. Note that until the user goes through the calibration process, eye tracking won't work on the device. If an app requires eye tracking and the user hasn't gone through the calibration process, the user will be prompted to do so.

Note

The user will still be able to calibrate their device from the Settings app.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Eye tracking calibration process will be shown during device setup and first time user setup.
1 Eye tracking calibration process won't be shown during device setup and first time user setup.

SkipTrainingDuringSetup

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ [10.0.20348] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/SkipTrainingDuringSetup

This policy configures whether the device will take the user through a training process during device setup and first time user setup.

  • If this policy is enabled, the device won't show the training process during device setup and first time user setup. If the user wishes to go through that training process, the user can launch the Tips app.

It skips the training experience of interactions with the hummingbird and Start menu training. The user will still be able to learn these movement controls from the Tips app.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Training process will be shown during device setup and first time user setup.
1 Training process won't be shown during device setup and first time user setup.

VisitorAutoLogon

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ [10.0.20348] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/VisitorAutoLogon

This policy controls whether a visitor user will be automatically logged in. Visitor users can only be created and logged in, if an Assigned Access profile has been created targeting visitor users. A visitor user will only be automatically logged in, if no other user has logged in on the device before.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Visitor user won't be signed in automatically.
1 Visitor user will be signed in automatically.

VolumeButtonDisabled

Scope Editions Applicable OS
✅ Device
❌ User
❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 [10.0.19041] and later
./Device/Vendor/MSFT/Policy/Config/MixedReality/VolumeButtonDisabled

This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it's used with other buttons as combination for other purposes.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Volume can be changed with press of the volume button.
1 Volume can't be changed with press of the volume button.

Policy configuration service provider