Presentation is loading. Please wait.

Presentation is loading. Please wait.

Customizing your device experience with assigned access

Published byしなつ うとだ Modified over 5 years ago

Similar presentations

Presentation on theme: "Customizing your device experience with assigned access"— Presentation transcript:

1 Customizing your device experience with assigned access
Lily Hou Program Manager

2 Agenda Assigned access overview Create a kiosk in Windows 10
9/17/ :59 PM Agenda Assigned access overview Create a kiosk in Windows 10 Create a shared device in Windows 10 Mobile © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Assigned access overview
Microsoft Build 2016 9/17/ :59 PM Assigned access overview Windows 10 Pro Enterprise Education Restrict the device experience for a specific user account to a single universal windows application. Example: Kiosk type single-function devices Mobile Mobile Enterprise Restrict the device experience for one or more functional roles to a curated set of applications and settings. Examples: Corporate owned lockdown devices for single user Corporate owned shared devices for multiple users with different roles © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Assigned access Windows 10
9/17/ :59 PM Assigned access Windows 10 © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Single app kiosk experience
9/17/ :59 PM Single app kiosk experience Assigned access lets you restrict a specific user account to using only one universal windows app. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Architecture Restrict user to the designated app by launching it above the lock screen. Sign out of assigned access using Ctrl+Alt+Del. Desktop Kiosk app (under lock view) Lock screen app (above lock view) z order low high

7 Best practices for developing a kiosk app
9/17/ :59 PM Best practices for developing a kiosk app Secure your information Use GetCurrentView().Dispatcher in assigned access mode Provide an interface to exit assigned access (if Ctrl+Alt+Del not possible) Manage app’s lifecycle, secure data for unexpected termination Add windows.aboveLockScreen extension to app’s manifest file to enable choosing from assigned access settings Test end-to-end experience with your app running in assigned access mode Do not use MainView.Dispatcher in assigned access mode Do not create new views in assigned access mode MSDN link © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Assigned access Windows 10 Mobile
9/17/ :59 PM Assigned access Windows 10 Mobile © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Customized role-based device experience
9/17/ :59 PM Customized role-based device experience Intended for corporate owned task oriented devices Role is a curated lockdown experience A list of allowed applications & settings pages Action center & Quick actions configuration Start screen layout customization Hardware buttons lockdown/remapping Multiple roles can be defined by IT admin Custom login and role switching experience APIs provide ability to get and set lockdown profiles Enterprise signed application only Not for Windows Store public distribution Can integrate with identity management solution Store associate role Manager role © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Demo Lily Hou Microsoft Build 2016 9/17/2018 12:59 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Architecture

12 WEHLockdown.xml Overview
9/17/ :59 PM WEHLockdown.xml Overview © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 RoleList XML StartScreenSize available for Default only
9/17/ :59 PM RoleList XML StartScreenSize available for Default only Support same elements as Default except for StartScreenSize Use any GUID generator, just need to be unique within the XML No imposed limit to the number of Roles that can be defined Friendly name for role returned to application through GetLockdownProfileInformation method © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Best practices for creating the XML
9/17/ :59 PM Best practices for creating the XML Start simple and iterate Add comments in your XML Validate with EnterpriseAssignedAccess XSD Allow device reset during development and testing Test using Visual Studio emulator before deploying to physical devices WARNING: The only way to completely remove assigned access settings from your mobile device is to reset or re-flash your device © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Enterprise role login experience
Microsoft Build 2016 9/17/ :59 PM Enterprise role login experience Provide a simple and consistent interface for locking down the available applications and tiles on the device for specific user roles defined by the enterprise. Available in the Mobile Extension SDK. Require enterpriseDeviceLockdown capability. Windows.Embedded.DeviceLockdown APIs Class Method Description DeviceLockdownProfile ApplyLockdownProfileAsync Activates the restrictions associated with the specified user role ID. GetCurrentLockdownProfile Gets the user role ID that is currently in use by the device. GetLockdownProfileInformation Gets the information object about a specific user role. GetSupportedLockdownProfiles Gets the list of supported user role IDs. Class Property Description DeviceLockdownProfileInformation Name Gets the user descriptor string of current profile © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Show current sign in status
9/17/ :59 PM Show current sign in status protected override void OnNavigatedTo(NavigationEventArgs e) { try // If the current role is Guid.Empty, then the user is not signed in. Guid currentRole = DeviceLockdownProfile.GetCurrentLockdownProfile(); if (currentRole == Guid.Empty) SignInStatus.Text = "You are not signed in."; canSignOut = false; } else DeviceLockdownProfileInformation currentProfile = DeviceLockdownProfile.GetLockdownProfileInformation(currentRole); SignInStatus.Text = "You are signed in as " + currentProfile.Name; canSignOut = true; SignOutButton.IsEnabled = canSignOut; LoadApplicationUsers(); catch (System.IO.FileNotFoundException) rootPage.NotifyUser("Assigned Access is not configured on this device.", NotifyType.ErrorMessage); © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 List the role names 9/17/2018 12:59 PM
private void LoadApplicationUsers() { // Add the available roles. foreach (Guid roleId in DeviceLockdownProfile.GetSupportedLockdownProfiles()) DeviceLockdownProfileInformation profile = DeviceLockdownProfile.GetLockdownProfileInformation(roleId); UserRoles.Items.Add(new ListBoxItem() { Content = profile.Name, Tag = roleId }); } // If there are roles available, then pre-select the first one and enable the Sign In button. if (UserRoles.Items.Count > 0) UserRoles.SelectedIndex = 0; SignInButton.IsEnabled = true; © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Sign in to a role 9/17/2018 12:59 PM private async Task SignInAsync()
{ // Extract the name and role of the item the user selected. ListBoxItem selectedItem = (ListBoxItem)UserRoles.SelectedItem; string selectedName = (string)selectedItem.Content; Guid selectedRole = (Guid)selectedItem.Tag; // Note that successfully applying the profile will result in the termination of all running apps, including this sample. await DeviceLockdownProfile.ApplyLockdownProfileAsync(selectedRole); } © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 9/17/ :59 PM Sign out of a role private async Task SignOutAsync() { // Apply the Default role, which is represented by Guid.Empty. // The Default role is the one that is used when nobody is signed in. // Note that successfully applying the profile will result in the termination of all running apps, including this sample. await DeviceLockdownProfile.ApplyLockdownProfileAsync(Guid.Empty); } © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 9/17/ :59 PM Appx manifest <?xml version="1.0" encoding="utf-8"?> <Package xmlns=" xmlns:mp=" xmlns:uap=" xmlns:rescap=" IgnorableNamespaces="uap mp rescap"> . <Dependencies> <TargetDeviceFamily Name="Windows.Mobile" MinVersion=" " MaxVersionTested=" " /> </Dependencies> <Capabilities> <rescap:Capability Name="enterpriseDeviceLockdown" /> </Capabilities> </Package> © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Summary Assigned access overview Create a kiosk in Windows 10
Microsoft Build 2016 9/17/ :59 PM Summary Assigned access overview Create a kiosk in Windows 10 Create a shared device in Windows 10 Mobile © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Call to Action Resources and documentation
Microsoft Build 2016 9/17/ :59 PM Call to Action Resources and documentation Set up a kiosk on Windows 10 Pro, Enterprise, or Education Kiosk apps for assigned access: Best practices Configure Windows 10 Mobile using Lockdown XML Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise Windows.Embedded.DeviceLockdown namespace Github - Device lockdown with Azure login sample EnterpriseAssignedAccess CSP Report any problems you find, send us feedback and feature request with the Windows Feedback app. Check out session (B861) “Microsoft Vision for IoT: From Windows Devices to Azure” at Build Re-visit Build on Channel 9. Continue your education at Microsoft Virtual Academy online. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 9/17/ :59 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Customizing your device experience with assigned access"

Similar presentations

The 2007 Microsoft Office System Servers Enterprise Content Management, Workflow and Forms Martin Parry Developer and Platform Group, Microsoft Ltd

The 2007 Microsoft Office System Servers Enterprise Content Management, Workflow and Forms Martin Parry Developer and Platform Group, Microsoft Ltd
Microsoft Virtual Academy Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Curtis Sawin | Technical Solutions Professional |

Microsoft Virtual Academy Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Curtis Sawin | Technical Solutions Professional |
ArcGIS for Server Security: Advanced

ArcGIS for Server Security: Advanced
11/12/2017 12:06 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

11/12/ :06 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Digital Partner of Record Overview

Digital Partner of Record Overview
Deployment Planning Services

Deployment Planning Services
Windows Calls Applications (windows.applicationmodel.calls)

Windows Calls Applications (windows.applicationmodel.calls)
Microsoft Ignite /10/2018 3:38 AM

Microsoft Ignite /10/2018 3:38 AM
5/12/2018 3:54 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

5/12/2018 3:54 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
5/13/2018 8:08 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

5/13/2018 8:08 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Ignite 2016 5/16/2018 3:12 PM BRK2119

Microsoft Ignite /16/2018 3:12 PM BRK2119
5/22/2018 3:04 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

5/22/2018 3:04 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Deployment Planning Services

Deployment Planning Services
Deployment Planning Services

Deployment Planning Services
6/12/2018 3:52 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

6/12/2018 3:52 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
6/17/2018 3:45 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

6/17/2018 3:45 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Customizing the Start Menu in Windows 10

Customizing the Start Menu in Windows 10
Microsoft Virtual Academy

Microsoft Virtual Academy
A Fast Track into Device Guard

A Fast Track into Device Guard
Customizing the Start Menu in Windows 10

Customizing the Start Menu in Windows 10

Similar presentations

Ads by Google