| title | List of settings for the Microsoft HoloLens 2 standard security baseline in Intune | ||
|---|---|---|---|
| description | View a list of the settings in the Microsoft Intune standard security baseline for Microsoft HoloLens 2. This list includes the default values for settings as found in the default configuration of the baseline. | ||
| ms.date | 01/27/2025 | ||
| ms.topic | reference | ||
| ms.reviewer | aanavath | ||
| ms.collection |
|
This article is a reference for the settings that are available in the Microsoft HoloLens 2 standard security baseline for Microsoft Intune.
Tip
To view settings for the Microsoft HoloLens 2 advanced security baseline, see Settings reference for the Microsoft HoloLens 2 advanced security baseline for Microsoft Intune.
Each security baseline is a group of preconfigured Windows settings that help you apply and enforce granular security settings that the relevant security teams recommend. You can also customize each baseline you deploy to enforce only those settings and values you require. When you create a security baseline profile in Intune, you're creating a template that consists of multiple device configuration settings.
The details that display in this article are based on baseline version you select at the top of the article. For each version, this article displays:
- A list of each setting with its configuration as found in the default instance of that baseline version.
- When available, a link to the underlying configuration service provider (CSP) documentation or other related content from the relevant product group that provides context and possibly additional details for a settings use.
When a new version of a baseline becomes available, it replaces the previous version. Profile instances that were created before the availability of a new version:
- Become read-only. You can continue to use those profiles but can't edit them to change their configuration.
- Can be updated to the current version. After you update a profile to the current baseline version, you can edit the profile to modify settings.
To learn more about using security baselines, see:
- Allow Microsoft Account Connection
Baseline default: Block
Learn more
-
Turn off the display (plugged in)
Baseline default: Enabled
Learn more- When plugged in, turn display off after (seconds)
Baseline default: 30
- When plugged in, turn display off after (seconds)
-
Allow Cookies
Baseline default: Block only cookies from third party websites
Learn more -
Allow Password Manager
Baseline default: Block
Learn more -
Allow Smart Screen
Baseline default: Allow
Learn more
- Allow USB Connection
Baseline default: Not allowed.
Learn more
-
Device Password Enabled
Baseline default: Enabled
Learn more-
Max Device Password Failed Attempts
Baseline default: Not configured
Learn more -
Allow Idle Return Without Password
Baseline default: Not allowed.
Learn more -
Alphanumeric Device Password Required
Baseline default: Password or Numeric PIN required.
Learn more -
Max Inactivity Time Device Lock
Baseline default: Configured
Value: 3
Learn more -
Device Password History
Baseline default: Not configured
Learn more -
Allow Simple Device Password
Baseline default: Not allowed.
Learn more -
Device Password Expiration
Baseline default: Not configured
Learn more -
Min Device Password Length
Baseline default: Configured
Value: 8
Learn more
-
- Allow Manual MDM Unenrollment
Baseline default: Block
Learn more
-
Allow All Trusted Apps
Baseline default: Explicit deny.
Learn more -
Allow apps from the Microsoft app store to auto update
Baseline default: Allowed.
Learn more -
Allow Developer Unlock
Baseline default: Explicit deny.
Learn more
- Block third party cookies
Baseline default: Enabled
-
Control which extensions cannot be installed
Baseline default: Enabled- Extension IDs the user should be prevented from installing (or * for all) (Device)
Baseline default: *
- Extension IDs the user should be prevented from installing (or * for all) (Device)
- Enable saving passwords to the password manager
Baseline default: Disabled
- Configure Microsoft Defender SmartScreen
Baseline default: Enabled
- AAD Group Membership Cache Validity In Days
Baseline default: Configured
Value: 7
Learn more
-
Allow VPN
Baseline default: Not allowed.
Learn more -
Page Visibility List
Baseline default: Configured
Value: hide:emailandaccounts;workplace;otherusers;bluetooth;usb;network-proxy;network-wifi;network-ethernet;network-airplanemode;powersleep;certificates;developers;windowsinsider;
Learn more
- Allow Storage Card
Baseline default: SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card.
Learn more
- Require Network In OOBE (Device)
Baseline default: True
-
Enable Pin Recovery
Baseline default: false
Learn more -
Restrict use of TPM 1.2
Baseline default: Disabled
Learn more -
Digits
Baseline default: Requires the use of at least one digits in PIN.
Learn more -
Expiration
Baseline default: Configured
Value: 90
Learn more -
PIN History
Baseline default: Configured
Value: 10
Learn more -
Lowercase Letters
Baseline default: Allowed
Learn more -
Maximum PIN Length
Baseline default: Configured
Value: 6
Learn more -
Minimum PIN Length
Baseline default: Configured
Value: 6
Learn more -
Special Characters
Baseline default: Allows the use of special characters in PIN.
Learn more -
Uppercase Letters
Baseline default: Allowed
Learn more -
Require Security Device
Baseline default: true
Learn more -
Use Certificate For On Prem Auth
Baseline default: Disabled
Learn more -
Use Hello Certificates As Smart Card Certificates
Baseline default: Disabled
Learn more -
Use Windows Hello For Business (Device)
Baseline default: true
Learn more
-
Allow Update Service
Baseline default: Allow
Learn more -
Manage Preview Builds
Baseline default: Disable Preview builds
Learn more