Microsoft Surface Hub 2 SmCamera User Manual
Page 33
No affiliation is like having Surface Hub in a workgroup with a different local
Administrator account on each Surface Hub. If you choose No affiliation, you must
locally save the
BitLocker Key to a USB thumb drive
. You can still enroll the device with
Intune; however, only the local admin can access the Settings app using the account
credentials configured during OOBE. You can change the Administrator account
password from the Settings app.
If you affiliate Surface Hub with on-premises Active Directory Domain Services, you need
to manage access to the Settings app using a security group on your domain. This helps
ensure that all security group members have permissions to change settings on Surface
Hub. Also note the following: When Surface Hub affiliates with your on-premises Active
Directory Domain Services, the BitLocker key can be saved in the Active Directory
Your organization’s Trusted Root CAs are pushed to the same container in Surface Hub,
which means you don’t need to import them using a provisioning package.
You can still enroll the device with Intune to centrally manage settings on your Surface
Hub.
When you choose to affiliate your Surface Hub with Azure Active Directory (Azure AD),
any user with the Global Administrator role can sign in to the Settings app on Surface
Hub. You can also configure non-Global Admin accounts that limit permissions to
management of the Settings app on Surface Hub. This enables you to scope admin
permissions for Surface Hubs only and prevent potentially unwanted admin access
across an entire Azure AD domain.
for your organization, the Surface Hub will
automatically enroll itself with Intune; in this scenario, the account used for Azure AD
affiliation during setup must be licensed for Intune and have permissions to enroll
Active Directory Domain Services
Azure Active Directory
7
Note
Surface Hub administrator accounts can only sign in to the Settings app when
. Third-party federated Identity Providers (IdPs) are not
supported.