Apr 24 2018 11:36 PM
Hi,
Just trying to get the Whiteboard app working on the Surface Hub, but need some advices...
On the O365 portal the Whiteboard app is Turn on for the corporate, but Whiteboard App preview is not. Shall both been enabled?
Is there some other steps required on o365 portal to get this work?
On the document: Set up and use Whiteboard to Whiteboard collaboration (Surface Hub) they say: "Whiteboard.ms, wbd.ms, *.onenote.com, and your company's SharePoint tenant domain URLs need to be whitelisted for proxies"
But when asking this from the proxy team they can see traffic to:
CONNECT v10.vortex-win.data.microsoft.com:443 HTTP/1.1
CONNECT login.microsoftonline.com:443 HTTP/1.0
CONNECT secure.aadcdn.microsoftonline-p.com:443 HTTP/1.0
GET http://ocsp.digicert.com
And the actual behaviour is: When trying to sign-in it ask my account, password and then that is all. No error not nothing.
Apr 27 2018 01:12 PM
May 01 2018 06:59 AM - edited May 01 2018 07:00 AM
Hi Petri,
You should enable the service based on the app you're using:
Both apps will require you to sign-in to Office 365 if you wish to share your whiteboard.
You can choose which app to use based on your requirements.
Signing in to Office 365 will use the same authentication process like other Office 365 apps, and therefore will require the same proxy whitelist rules.
Of course, make sure you have the right licenses assigned to your users.
May 02 2018 12:54 AM
Daniel,
I'm speaking about the Whiteboard app which comes with Surface Hub. But I have no idea how to separate them on the questions :D Both apps are in my mind on the MS Store.
May 02 2018 01:14 AM
Yoav ! Funny (but I'm happy) to see you on here :D
For you (and others) I get one step ahead: The sign-in process seems to have two phase authentication as it requires device authentication as well. I found this when I tried to use my Global Admin account to sign-in, and after sign-in and password I got request to verify my device by Microsoft Authentication App.
So now, I'm just trying to find the correct combination from the license point of view to get this working and also to perhaps SMS based authentication, as I have seen that also. All ideas are more than welcome as from documentation I was not able to found it (with my blind eyes).
May 02 2018 03:01 AM
Hi Petri,
I hope you're still using Internet Explorer.
Sign-in process on the Hub will register the device against Intune, which is where you'll see the "Hold on while we register this device with your company..." message.
If the Hub's device account and your account are in the same domain and your users have the appropriate licenses, you'll be able to see sign-in suggestions for your account.
Of course, for users that are enabled for MFA, the restrictions will apply.
My suggestion for your ask:
May 02 2018 07:23 AM
Ok, so at first I need to understand what means when device's domain (sHub@internal.net) is different than user's sign-in address (myName@company.com). But at the same time my admin account's have admin@internal.net.
Previously the domains has been defined in the Intune, but today they are in M365 [Portal - Setup - Domains]. In our case the both domains are listed there. Or is there some specific place on the Intune for domains also?
If I read your comment correctly, the domains must be exactly the same? I believe that is the reason why my regular account does not wake up the device authorization process on the Surface Hub but admin account does.
MFA is not enabled, not for my admin account nor my regular account, at the moment.