Microsoft Surface Hub 2 SmCamera User Manual
Page 251
Surface Hubs use Azure AD join to:
Grant admin rights to the appropriate users in your Azure AD tenant.
Backup the device's BitLocker recovery key by storing it under the account that was
used to Azure AD join the device. See
for details.
Surface Hub now supports the ability to automatically enroll in Intune by joining the
device to Azure Active Directory.
For more information, see
.
If your organization is using AD or Azure AD, we recommend you either domain join or
Azure AD join, primarily for security reasons. People will be able to authenticate and
unlock Settings with their own credentials, and can be moved in or out of the security
groups associated with your domain.
Option
Requirements
Which credentials can be
used to access the Settings
app?
Create a local admin
account
None
The user name and password
specified during first run
Domain join to Active
Directory (AD)
Your organization uses AD
Any AD user from a specific
security group in your domain
Azure Active Directory
(Azure AD) join the
device
Your organization uses Azure AD Basic Global administrators only
Your organization uses Azure AD
Premium or Enterprise Mobility Suite
(EMS)
Global administrators and
additional administrators
For Surface Hub v1 and Surface Hub 2S devices joined to Azure AD, Windows 10 Team
2020 Update lets you limit admin permissions to management of the Settings app on
Surface Hub. This enables you to scope admin permissions for Surface Hub only and
Automatic enrollment via Azure Active Directory join
Which should I choose?
Configure non-Global Admin accounts on Azure AD-
joined devices