Microsoft HoloLens and MobileIron
Modern devices and applications drive workplace productivity. One of the most interesting new approaches is Microsoft HoloLens, which goes beyond augmented and virtual reality to enable users to interact with three-dimensional holograms within the context of the real world around them.
This "mixed reality" allows people to visualize and collaborate in ways that were not possible before. Because of this, we believe HoloLens will have a broad set of use cases over time at our customers, especially in manufacturing, healthcare, and education. Engineers can design or install a component of a complex machine more effectively if they can visualize the completed object. Surgeons can be more effective if they can view the operating area from different perspectives. Students can learn science more quickly if they can visualize elements that may not be physically possible to have in a classroom.
But mixed reality devices are so new that many IT professionals assume they require a completely new security and management model. While devices like Hololens seem very different than a tablet, MobileIron adopts the same security and management model for HoloLens as we do for other Windows devices. This blog provides an example of how simple this can be for an administrator using MobileIron Core.
Step 1: Provision HoloLens
The device security and management lifecycle in any organization begins with provisioning the device. With MobileIron you can choose to provision a HoloLens either to an Azure Active Directory (AAD) domain or as a Mobile Device Management (MDM) managed device.
To start the device enrollment process, use the “Bloom” gesture to pull up the main menu and then use the “Tap” gesture to select the settings application. Tap on the Accounts menu and then tap on Work access. Whether executing an AAD enrollment or a MDM enrollment, tap on the “Enroll into device management” button. Tap on the popup keyboard and enter in the user’s email address. The device should now be able to auto discover the MobileIron server address. The user will then be directed to the company hub where they will enter in their company-issued password. After the user has pressed ‘enter,’ their device will finish the enrollment process and their HoloLens will be managed by MobileIron.
Step 2: Configure HoloLens
The next step is configuring the device with options such as:
- Update policy
- Lockdown and security policies
- Application restrictions
One example is locking down Cortana. HoloLens uses Cortana for voice command navigation within the Virtual World. Cortana is enabled by default and always listening. It may act upon unintentional voice commands and so some organizations may choose to disable it to prevent any potential breach of sensitive information. Below is the policy screen to disable Cortana.
Step 3: Deploy HoloLens applications
Applications on HoloLens support the Universal Windows Platform (UWP). HoloLens also supports Holographic UWP (HUWP) apps. HUWP applications showcase the immersive power of HoloLens so enabling the distribution of these applications is important to realizing the full value of the platform.
MobileIron can distribute third-party applications through the Microsoft Store and in-house applications through the MobileIron enterprise app store, Apps@Work. Silent installation of in-house and Microsoft Store applications is also possible with MobileIron Bridge for those companies using AAD for enrollment. Administrators can also restrict applications and enable application privacy settings.
Step 4: Retire HoloLens
Every device has a life cycle. When a particular HoloLens device is lost or is no longer going to be used, MobileIron ensures that all configurations, applications, and other managed settings of the device are removed when that device is retired.
Magic, Easily Managed
As you can see, although HoloLens is a magical device that introduces a whole new level of productivity in the workplace, it is simple to secure and manage with MobileIron.