Surface Hub proxy improvements

Published May 29 2019 10:03 AM 3,582 Views
Microsoft

Proxy server identification and registration in Surface Hub

 

With the Windows 10 May 28, 2019 update (KB4499162), Surface Hubs now have improved logic, and the ability to save the FQDNs of proxy servers that are discovered as part of the regularly occurring network ping.
Over the course of regular cleanups, Surface Hub will eventually store every single proxy server in the organization.

 

Surface Hub proxy list via Intune

 

Also with this update, we introduced a new CSP that allows IT Admins to configure a list of the FQDNs of every proxy server that the Hub can interact with. When this policy is enforced and proxy credentials are set to Device Account, the Device Account’s credentials will automatically be used against any Proxy server on the list. The credentials and proxy servers list will never be removed as part of the Surface Hub cleanup. As a result, if an IT Admin can enumerate all proxy servers FQDNs, there should be 0 prompts for passwords on the device.
 
The OMA-URI for this setting is: ./Vendor/MSFT/SurfaceHub/Properties/ProxyServers
Value type is: String
Proxy servers should be represented in their FQDNs: ProxySRV1.corp.contoso.local,
Not in host name only format (ProxySRV1)
And should not include additional prefixes (https://ProxySRV1, http://ProxySrv2, etc.)
 
Proxy servers should be semi-colon delimited: Proxy1.contoso.local;Proxy2.contoso.local;Proxy3.contoso.local;Proxy4.contoso.local
 

 

 
Proxy CSP.png

 

Preferably, The Intune Device Configuration Profile should also contain the ./Vendor/MSFT/SurfaceHub/Properties/AllowAutoProxyAuth OMA-URI to ensure the Device Account credentials are being used:

 

Allow CSP.png

Proxy profile.png

 

 

3 Comments
Occasional Visitor

Is it not possible to assign PAC files with the custom settings, rather than listing all these out individually?

Microsoft

@Wrinkletink Yes, usage of PAC files is supported.

Senior Member

@Yoav Barzilay Is there a guide on how to specify a PAC file, as this states not to include http etc in the text here.

%3CLINGO-SUB%20id%3D%22lingo-sub-636156%22%20slang%3D%22en-US%22%3ESurface%20Hub%20proxy%20improvements%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-636156%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%20size%3D%224%22%3E%3CFONT%20size%3D%224%22%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EProxy%20server%20identification%20and%20registration%20in%20Surface%20Hub%3C%2FFONT%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CFONT%20size%3D%222%22%3EWith%20the%20Windows%2010%20May%2028%2C%202019%20update%20(%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4499162%2Fwindows-10-update-kb4499162%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EKB4499162%3C%2FA%3E)%2C%20Surface%20Hubs%20now%20have%20improved%20logic%2C%20and%20the%20ability%20to%20save%20the%20FQDNs%20of%20proxy%20servers%20that%20are%20discovered%20as%20part%20of%20the%20regularly%20occurring%20network%20ping.%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%222%22%3EOver%20the%20course%20of%20regular%20cleanups%2C%20Surface%20Hub%20will%20eventually%20store%20every%20single%20proxy%20server%20in%20the%20organization.%3C%2FFONT%3E%3CBR%20%2F%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%20style%3D%22background-color%3A%20%23ffffff%3B%22%3ESurface%20Hub%20proxy%20list%20via%20Intune%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3E%3CFONT%20size%3D%222%22%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EAlso%20with%20this%20update%2C%20we%20introduced%20a%20new%20CSP%20that%20allows%20IT%20Admins%20to%20configure%20a%20list%20of%20the%20FQDNs%20of%20every%20proxy%20server%20that%20the%20Hub%20can%20interact%20with.%20When%20this%20policy%20is%20enforced%20and%20proxy%20credentials%20are%20set%20to%20Device%20Account%2C%20the%20Device%20Account%E2%80%99s%20credentials%20will%20automatically%20be%20used%20against%20any%20Proxy%20server%20on%20the%20list.%20The%20credentials%20and%20proxy%20servers%20list%20will%20never%20be%20removed%20as%20part%20of%20the%20Surface%20Hub%20cleanup.%20As%20a%20result%2C%20if%20an%20IT%20Admin%20can%20enumerate%20all%20proxy%20servers%20FQDNs%2C%20there%20should%20be%200%20prompts%20for%20passwords%20on%20the%20device.%20%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20size%3D%222%22%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EThe%20OMA-URI%20for%20this%20setting%20is%3A%20%3C%2FFONT%3E%3CFONT%20size%3D%222%22%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CCODE%3E.%2FVendor%2FMSFT%2FSurfaceHub%2FProperties%2FProxyServers%3C%2FCODE%3E%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20size%3D%222%22%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EValue%20type%20is%3A%20String%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20size%3D%222%22%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EProxy%20servers%20should%20be%20represented%20in%20their%20FQDNs%3A%20%3CCODE%3EProxySRV1.corp.contoso.local%3C%2FCODE%3E%2C%20%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20size%3D%222%22%20style%3D%22background-color%3A%20%23ffffff%3B%22%3ENot%20in%20host%20name%20only%20format%20(%3CCODE%3EProxySRV1%3C%2FCODE%3E)%3CBR%20%2F%3EAnd%20should%20not%20include%20additional%20prefixes%20(%3CCODE%3E%3CA%20href%3D%22https%3A%2F%2FProxySRV1%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2FProxySRV1%3C%2FA%3E%3C%2FCODE%3E%2C%20%3CCODE%3E%3CA%20href%3D%22http%3A%2F%2FProxySrv2%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2FProxySrv2%3C%2FA%3E%3C%2FCODE%3E%2C%20etc.)%3CBR%20%2F%3E%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CFONT%20size%3D%222%22%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EProxy%20servers%20should%20be%20semi-colon%20delimited%3A%20%3CCODE%3EProxy1.contoso.local%3BProxy2.contoso.local%3BProxy3.contoso.local%3BProxy4.contoso.local%3C%2FCODE%3E%3C%2FFONT%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20582px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F115746i146FCB495CCF78B6%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Proxy%20CSP.png%22%20title%3D%22Proxy%20CSP.png%22%20%2F%3E%3C%2FSPAN%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EPreferably%2C%20The%20Intune%20Device%20Configuration%20Profile%20should%20also%20contain%20the%20%3CCODE%3E.%2FVendor%2FMSFT%2FSurfaceHub%2FProperties%2FAllowAutoProxyAuth%3C%2FCODE%3E%20OMA-URI%20to%20ensure%20the%20Device%20Account%20credentials%20are%20being%20used%3A%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20579px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F115747i38C11D9FCC106A4B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Allow%20CSP.png%22%20title%3D%22Allow%20CSP.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F115748i31BC32D02071FD21%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Proxy%20profile.png%22%20title%3D%22Proxy%20profile.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-636156%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3ENew%20in%20the%20Windows%2010%20May%2028%2C%202019%20update%20(%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4499162%2Fwindows-10-update-kb4499162%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EKB4499162%3C%2FA%3E)%2C%26nbsp%3B%20Surface%20Hub%20behavior%20with%20proxy%20is%20now%20improved.%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2518943%22%20slang%3D%22en-US%22%3ERe%3A%20Surface%20Hub%20proxy%20improvements%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2518943%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20it%20not%20possible%20to%20assign%20PAC%20files%20with%20the%20custom%20settings%2C%20rather%20than%20listing%20all%20these%20out%20individually%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2522945%22%20slang%3D%22en-US%22%3ERe%3A%20Surface%20Hub%20proxy%20improvements%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2522945%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1096617%22%20target%3D%22_blank%22%3E%40Wrinkletink%3C%2FA%3E%26nbsp%3BYes%2C%20usage%20of%20PAC%20files%20is%20supported.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2538307%22%20slang%3D%22en-US%22%3ERe%3A%20Surface%20Hub%20proxy%20improvements%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2538307%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F28614%22%20target%3D%22_blank%22%3E%40Yoav%20Barzilay%3C%2FA%3E%26nbsp%3BIs%20there%20a%20guide%20on%20how%20to%20specify%20a%20PAC%20file%2C%20as%20this%20states%20not%20to%20include%20http%20etc%20in%20the%20text%20here.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎May 29 2019 10:03 AM
Updated by: