Imagine a scenario in which an employee misplaced a company device that contained sensitive company material on it, or that device was stolen. How do you manage the loss of information?
This happens more than you realize – just think back to the last time you left something important in the back of a cab or at an airport gate in your rush to make a connecting flight. A misplaced device is anxiety-inducing enough, but when the information contained on that device has the potential to cause serious harm to the company, you may not be able to sleep for a while.
Mobile Device Management allows companies to manage risks associated with mobile devices. In the scenario described above, utilizing MDM, a company would be able to remotely wipe the device of any or all information, disable the device, and possibly even locate the device depending on the system the organization has in place. Going forward, this blog will look at the most commonly asked questions regarding Mobile Device Management.
MDM is the management and administration of mobile devices such as smartphones, tablets, and laptops.
MDM doesn’t refer to a single system and is usually a blend of deploying on-device applications and configurations, corporate policies and certificates, and backend infrastructure. The role of MDM is to increase device supportability, security, and corporate functionality in a scalable environment.
MDM primarily deals with corporate data segregation, securing emails, securing corporate documents on devices, and enforcing corporate policies. MDM implementations may be either on-premises or cloud-based.
Some of the core functions of MDM include:
-
- Updating equipment, applications, functions, or policies remotely and in a scalable manner
- Ensuring that users use applications in a consistent authorized way
- Ensuring that equipment performs properly
- Monitoring and tracking equipment
- Being able to efficiently diagnose and troubleshoot equipment remotely
Should I Use Mobile Device Management (MDM) for the HoloLens 2?
Yes. MDM allows you to control access to your device if it is lost, factory reset, or if you forget the PIN or password. Without MDM, if you forget your PIN or lose your password you may lose control of your device. Your only option will be to factory reset. Certain forms of MDM, like AutoPilot, can also provide protection from malicious factory resets if a device is stolen, allowing an organization to maintain control over their hardware at all times. Based on our experience, MDM is the smartest and safest way to maintain control of your devices.
What can I manage Using MDM on the HoloLens 2?
-
- Wi-Fi access
- Certificates
- Proxy
- VPN
- Updates
- Authorized applications
- Access to virtual environments
- Kiosk Mode
What is Kiosk Mode?
You can configure a HoloLens device to function as a fixed-purpose device, also called a Kiosk, by configuring the device to run in Kiosk mode. Kiosk mode limits the applications (or users) that are available on the device. It is a convenient feature that can be used to dedicate a HoloLens device to select business apps or to use the HoloLens device in an application demo.
Single App kiosk
-
- A single-app kiosk starts the specified app when the user signs in to the device. The Start menu is disabled, as is Cortana. A HoloLens 2 device does not respond to the Start gesture. A HoloLens (1st gen) device does not respond to the bloom gesture. Because only one app can run, the user cannot place other apps.
Multi app kiosk
-
- A multi-app kiosk displays the Start menu when the user signs in to the device. The kiosk configuration determines which apps are available on the Start menu. You can use a multi-app kiosk to provide an easy-to-understand experience for users by only presenting options that are pertinent to that user. Their view is not hindered by applications for which they have no use or permission.
What are Some Common Device Restrictions you can Implement on the HoloLens 2?
Employees can interactively adjust certain settings of the HoloLens through the settings UI. Using MDM, you can limit what users are allowed to change. The following lists commonly used MDM settings that Windows 10 Holographic supports to configure settings restrictions:
Software settings
-
- Prevent changing of settings
- VPN configuration
- Wi-Fi Configuration
- Mobile device management
- Prevent changing of settings
Hardware Restrictions
-
- Allow Wi-Fi
- Allow USB connection
- Allow Bluetooth
- Restrict camera access
- Restrict Microphone access
What are my MDM software options?
-
- Software specific Device management
- Microsoft Intune
- Third-Party MDM Software
- Google workspace
- Xen Mobile
- IBM Watson
- Cisco Meraki SM
- Citrix Endpoint Management
- Software specific Device management
How do I set my HoloLens 2 up for Mobile Device Management(MDM)?
You can manage multiple Microsoft HoloLens devices simultaneously using solutions like Microsoft Intune. You will be able to manage settings, select apps to install, and set security configurations tailored to your organization’s needs. You can use third-party MDM software or Microsoft Intune.
Depending on the type of identity chosen either during OOBE or post-sign-in, there are different methods of enrollment.
- If Identity is Azure AD, then either during OOBE or Settings App -> Access Work or School -> Connect button.
- For Azure AD, automatic MDM enrollment only occurs if Azure AD has been configured with enrollment URLs.
- If Identity is Azure AD and the device has been pre-registered with Intune MDM server with a specific configuration profile assigned to it, then Azure AD-Join and automatic MDM enrollment will occur during OOBE.
- Also called Autopilot flow Available in 19041.1103+ builds.
- If Identity is MSA, then using Settings App -> Access Work or School -> Connect button.
- Also called Add Work Account (AWA) flow.
- If Identity is Local User, then using Settings App -> Access Work or School -> Enroll only in device management link.
- Also called pure MDM enrollment flow.
Once the device is enrolled with your MDM server, the Settings app will now reflect that the device is enrolled in device management.
More information on Microsoft Intune can be found here:
https://docs.microsoft.com/en-us/mem/intune/fundamentals/windows-holographic-for-business
Mobile Device Management allows companies to manage the many risks associated with mobile devices. These risks can range from a lost or stolen device to a malicious hack. In the case of a lost or stolen device, without an MDM system in place, it is impossible to track or remotely manage your companies devices. As a gateway to your company environment, it is important to ensure that these devices, whether that be a mobile phone, laptop, or HoloLens 2 are protected.
If you are interested in learning more about the security features of HoloLens 2 and how it works within a management environment please read our HoloLens 2 Security Blog and FAQ.
SphereGen is both a Microsoft and UiPath Partner, with expertise in implementing successful business applications for our customers. We specialize in the custom development of web/mobile apps, RPA integrations, and Unity AR/VR applications. We hold Gold and Silver level certifications in Application Development, Azure Cloud, Mixed Reality, and RPA. Learn more about our work at https://www.spheregen.com
