Intune Onboarding Pre-Requisites
Please make sure your organisation is already onboarded onto the NHSmail Intune Service prior to following the steps in this guidance.
All organisations who have been onboarded to the NHSmail Intune Service will have attended and introductory session. If your organisation as not been onboarded to the NHSmail Intune Service, please register your organisation’s interest here.
Ahead of the onboarding of HoloLens 2 devices, organisations should have the following technical pre-requisites in place:
- NHSmail email addresses of the Intune administrator and end users
- ODS code of the organisation
- Dynamics 365 Remote Assist user licences purchased, onboarded and assigned according to the Assignment of Dynamics 365 Remote Assist Licences
- Relevant EMS Intune licencing purchased, onboarded and assigned (EM&S E3, EM&S E5 or Azure AD Premium P2) according to the Onboarding Guide for Local Administrators
Hardware Support and Requirements
Additionally, the following need to be completed:
- Devices need to be unenrolled from current/interim tenant (if any).
- Devices need to be running the Windows Holographic build version 20H2.
- An internet connection of at least of 1.5 mbps bandwidth is recommended.
- Device hardware hashes to be obtained in order to be used in the Autopilot process.
- User’s AAD account should be Multi-factor authentication (MFA) enabled.
Updating HoloLens 2 to the latest build version
If the HoloLens 2 device is connected to Wi-Fi, pending updates should be automatically captured. Please ensure the device is connected to a consistent Wi-Fi network during the update.
It is also recommended to manually check for any updates on a regular basis. In the HoloLens 2 device, go to Settings > Update & Security > Check for updates. If this indicates that your device is up to date, you have all the updates that are currently available.
Please visit HoloLens 2 release notes for information on the latest operating system and build number.
Obtaining HoloLens 2 hardware hash manually
2. Connect the device to a computer using a USB-C cable. On the computer, open File Explorer. Open This PC\<HoloLens device name>\Internal Storage\Documents and locate the AutopilotDiagnostics.zip file
3. Extract the contents of the AutopilotDiagnostics.zip file.
5. If the Internal Storage folder does not appear the device is waiting for a user to sign in. Either sign-in (AAD account) or power cycle the device by holding the POWER button down for 10 seconds
6. Press and immediately release the Power + Volume Down buttons together
7. Wait a minute for the device to prepare the zip archives
8. Refresh file explorer and navigate to the ”\Documents” folder
Criteria for users to be MFA enabled
MFA is a process where a user is prompted during a sign-in event for additional forms of identification. This prompt could be to enter a code on their phone or to provide a fingerprint scan. When users have a second form of authentication, security is increased.
Like other Windows devices, HoloLens always operates under a user context. HoloLens treats identity in almost the same manner as other Windows devices do. When a user signs into an application or service and receives an MFA prompt, they can choose from one of their registered forms of additional verification. Additional forms of verification that can be used with Azure AD MFA include the Microsoft Authenticator app, SMS and voice call. For the Autopilot enrolment, organisations need to ensure that MFA is enabled for its users.
Please read the Multi-Factor Authentication (MFA) guidance for instructions on how to set it up.