Security engineering
Microsoft has several resources and teams devoted to optimizing the company’s engineering protocols, addressing compliance, and ensuring customer trust.
- To learn more about Microsoft’s security engineering development practices, see the Security Development Lifecycle (SDL).
- Microsoft, and therefore HoloLens 2, empowers customers to make choices about how and why data is collected and used, which can be further explored in Microsoft’s Privacy policy.
- Microsoft Security Response Center (MSRC) is part of the defender community, providing an efficient vulnerability reporting experience and an effective categorization and response to security bugs.
Updates and patches
Security updates and patches are released on the second Tuesday of each month. In order to understand the criteria used by Microsoft to evaluate next steps for a reported vulnerability, see the Microsoft Security Response Center’s Security Servicing Criteria page.
As HoloLens 2 is built from the same foundation as Windows 10 and 11, Security updates which are listed for these platforms are addressed in the corresponding HoloLens 2 OS release.
For guidance on managing HoloLens 2 updates via MDM, see Manage HoloLens updates. The operating system update cadence for HoloLens 2 matches that of Windows 10; there are two updates per year, one taking place in Spring and the other in Fall. For more on how devices are secured during OS updates, see State separation and isolation.
IT admins can learn more about update policy at Policy CSP - Update.