DOCSLIB.ORG

Supercharge Windows 10 Security with Microsoft Endpoint Manager

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Supercharge Windows 10 Security with Microsoft Endpoint Manager James Graham Partner Technical Architect – Unified Endpoint Management Poll Agenda Introduction to Microsoft Endpoint Manager Microsoft Endpoint Manager Transformative management and security Enable Protect your users your data PC desktop management Mobile device Mobile application management management Configuration Manager and Microsoft Intune Secure and Streamlined Maximizes intelligent and flexible investment Microsoft Endpoint Manager + + + Attach the power of the cloud to your technology estate Knowledge Check Configuration Manager…. …IS A KEY SERVICE OF …POWERS MICROSOFT …IS THE INTELIIGENT MICROSOFT ENDPOINT ENDPOINT MANAGER EDGE OF MICROSOFT MANAGER ENDPOINT MANAGER …SERVICES ON PREM …POWERS SERVER …HAS A LONG LIFE CONTENT DISTRIBUTION MANAGEMENT IN AHEAD FOR MICROSOFT MICROSOFT ENDPOINT ENDPOINT MANAGER MANAGER Deployment: Windows Autopilot Traditional Windows deployment OFFICE & APPS DRIVERS POLICIES SETTINGS Build a custom image, Deploy image to a new Time means money, making gathering everything else computer, overwriting what this an expensive proposition that’s necessary to deploy was originally on it Modern Windows deployment Un-box and turn on Transform with minimal Device is ready off-the-shelf Windows PC user interaction for productive use Windows Autopilot One-time preparation tasks Azure Active Directory • Configure automatic MDM enrollment. • Configure company branding. • Enable Windows Subscription Activation if desired. • Ensure users can join devices to Azure AD (for user-driven mode) Intune: • Enable the enrollment status page • Ensure users can enroll devices in Intune • Assign licenses to users • (Optional) Set up enrollment restrictions so only Autopilot-registered devices can enroll Three simple steps Register devices Assign a profile Deploy Three simple steps • Have devices registered automatically Register devices • Request clean images, choice of Windows 10 version at the same time (if available) • Specify group tag to help segment devices by purpose • Devices are automatically tagged with the purchase order ID Assign a profile • Register devices yourself via Intune for testing and evaluation using Get- WindowsAutopilotInfo PowerShell script Deploy • Register (harvest) existing Intune-managed devices automatically Three simple steps • Use Intune: Register devices • Select profile scenario (user-driven, self-deploying) • Configure needed settings • Assign to an Azure AD group so Intune will automatically assign to all devices in the group Assign a profile • Use a dynamic Azure AD group to automate this step • Consider static Azure AD group for exceptions Deploy Three simple steps • Boot up each device Register devices • Connect to network (Wi-Fi, Ethernet) • Enter credentials (if required) Assign a profile Deploy Demo Windows Autopilot // Deployment Scenarios AVAILABLE in 1703 AVAILABLE in 1809 AVAILABLE in 1809 AVAILABLE in 1903 AVAILABLE in 1903 User-driven User-driven Windows Windows Self-deploying mode with mode with Autopilot for Autopilot white mode (preview) Azure AD Join Hybrid Azure existing devices glove (preview) AD join Join device to Azure Join device to AD, Windows 7/8.1 to White glove partners No need to provide AD, enroll in enroll in Intune/MDM Windows 10 or IT staff can pre- credentials, Intune/MDM provision Windows 10 automatically joins Coming soon! ConfigMgr task PC to be fully Azure AD Coming soon! Deploy over VPN sequence, followed configured and Integration with by Windows business-ready for an ConfigMgr Coming soon! Autopilot user-driven org or user Integration with mode ConfigMgr New! Hybrid Azure AD Join support Additional Windows 10 1903 enhancements: ● Self-updating Windows Autopilot ● Cortana is quiet during OOBE ● Tracking of Win32 apps Demo Demo Demo Autopilot into Configuration Manager - Today Autopilot into a Task Sequence – coming soon Autopilot into a Task Sequence – coming soon Autopilot into a Task Sequence – coming soon Target a configuration task sequence to your provisioning computers collection Call /ts:<ID> from ccmsetup command line ConfigMgr client installs and immediately runs the specified task sequence Use with nested task sequence to have a consistent new device state across OSD and Autopilot Download on demand from CMG supported for task sequences starting 1910 Knowledge Check Poll Management Cloud powered endpoint management OR Config Mgr Cloud Attached Only Risk-based Zero Touch Intelligent Advanced Unified Full stack Control Provisioning Security Analytics Management integration Endpoint Windows Autopilot Secure Score Technology Mobility and PC Role Based Admin Compliance and Risk Experience Score Management Android Enterprise Advanced Threat Graph API Conditional Access ZTD Protection Desktop Analytics M365 Admin Center PowerShell App Protection Apple DEP BitLocker Log Analytics Guided Policy management Deployments Audit Samsung Knox Real time advanced Third party risk and Mobile Enrollment Security Baselines threat detection Office 365 Pro Plus Cloud content compliance optimization signaling Windows Hello, Dynamic user risk Edge Attestation assessment What is cloud attach? Cloud Attach Tenant Attach Client Attach through co-management Connect your Configuration Manager site to Intune for Enroll your Configuration Manager devices into Intune instant cloud value. for additional cloud value. Cloud console through EMAC ATP integration Conditional access Helpdesk Modern provisioning through Autopilot Desktop Analytics Management anywhere User Experience Analytics Cloud Hosted Using Microsoft Azure to host Configuration Manager components Poll Demo Co-Management Cloud Management Gateway Windows Update Corporate Network AD CA Windows Update Corporate Network Datacentre AD HQ Site CA MP MP DP SUP DP SUP Branch DP Branch DP Demo Security Feature Control Poll Intelligent security with Windows 10 Built-in, Automated Powered by not bolted on security intelligence Built-in, not bolted on No additional deployment or infrastructure needed to manage endpoint security. 100% Stay current on Windows 10 and compatible by using cloud- Windows Defender Antivirus powered updates. Reduce the surface area for threats and attacks by hardening the 100% on AV-TEST prevalence test from system. November 2017 – February 2018. Get next generation protection to stay ahead of against 100% on AV-Comparatives real world emerging threats. test from February – March 2018. Built-in with Windows Defender Advanced Threat Protection Block malware and Help avoid OS untrusted apps with tampering with application control system hardening Protect against emerging threats with next-gen protection Safely browse the Block connections to internet with malicious sites with hardware based network protection isolation Powered by intelligence Uses the Microsoft Intelligent Security Graph to analyze data “ The Security Graph API from trillions of signals from emails, apps, websites, and Windows. allows us to receive not only Detect threats with intelligence using machine learning models actionable alert information to uncover suspicious behavior on-premise or in the cloud. but allows security analysts to pivot and enrich alerts Prevents access to sensitive resources using device trust-based with asset and user Conditional Access. information.” Customers and partners can now connect to the Intelligent Security Graph using a new Security API. Colby DeRodeff // Chief Strategy Officer, Anomali Intelligent Security Graph 450B monthly authentications 200+ global cloud consumer and commercial services +1B Windows devices updated 18+ billion Bing web pages scanned 400B e-mails analyzed THE WINDOWS 10 SECURITY PROTECT, DETECT & RESPOND Threat Identity Information Protection Protection Protection Protect, detect, and Kick passwords to the Protect data on lost and respond to the most curb with a convenient, stolen devices and prevent advanced threats using easy to use and accidental data leaks advanced based hardware enterprise-grade using data separation, security and the power of alternative that is containment, and the cloud designed for today’s encryption. mobile-first world. Servicing and Centralized Security Management WINDOWS 10 SECURITY FEATURES Breach detection Device Threat Identity Information protection resistance protection protection investigation & response PRE-BREACH POST-BREACH Knowledge Check Knowledge Check Knowledge Check Knowledge Check Attack Timeline Framework – Capability Mapping Enter Establish Expand Endgame Exchange Online Protection Microsoft Defender Azure Advanced Threat Advanced Threat Advanced e-discovery Protection Protection Office 365 Phishing Azure Active Directory Advanced Threat Attacks Microsoft Defender Azure Privilege Identity Protection Threat Experts Information Protection Management Azure Active Directory Conditional Access Microsoft Defender Threat Microsoft Cloud Azure Active Directory Vulnerability Management App Security Right Management Service Intellectual Identity Property Theft Azure Active Directory Theft Multi-Factor Authentication Office 365 Data Loss Prevention Document Malicious Privilege Lateral Azure Active Directory Macros Software Escalation Movement Identity Protection OneDrive for Business File Restore Windows Defender Windows Defender Antivirus Damage Browser Credential Guard And Disruption Windows Defender Exploits Application Guard Windows Windows Defender Windows Defender Information Protection Attack Surface Reduction Network Protection Microsoft Edge SmartScreen Windows
Recommended publications
  • Windows Kernel Hijacking Is Not an Option: Memoryranger Comes to The

    Windows Kernel Hijacking Is Not an Option: Memoryranger Comes to The

    WINDOWS KERNEL HIJACKING IS NOT AN OPTION: MEMORYRANGER COMES TO THE RESCUE AGAIN Igor Korkin, PhD Independent Researcher Moscow, Russian Federation [email protected] ABSTRACT The security of a computer system depends on OS kernel protection. It is crucial to reveal and inspect new attacks on kernel data, as these are used by hackers. The purpose of this paper is to continue research into attacks on dynamically allocated data in the Windows OS kernel and demonstrate the capacity of MemoryRanger to prevent these attacks. This paper discusses three new hijacking attacks on kernel data, which are based on bypassing OS security mechanisms. The first two hijacking attacks result in illegal access to files open in exclusive access. The third attack escalates process privileges, without applying token swapping. Although Windows security experts have issued new protection features, access attempts to the dynamically allocated data in the kernel are not fully controlled. MemoryRanger hypervisor is designed to fill this security gap. The updated MemoryRanger prevents these new attacks as well as supporting the Windows 10 1903 x64. Keywords: hypervisor-based protection, Windows kernel, hijacking attacks on memory, memory isolation, Kernel Data Protection. 1. INTRODUCTION the same high privilege level as the OS kernel, and they also include a variety The security of users’ data and of vulnerabilities. Researchers applications depends on the security of consider that “kernel modules (drivers) the OS kernel code and data. Modern introduce additional attack surface, as operating systems include millions of they have full access to the kernel’s lines of code, which makes it address space” (Yitbarek and Austin, impossible to reveal and remediate all 2019).
  • Nokia Lumia 635 User Guide

    Nokia Lumia 635 User Guide

    User Guide Nokia Lumia 635 Issue 1.0 EN-US Psst... This guide isn't all there is... There's a user guide in your phone – it's always with you, available when needed. Check out videos, find answers to your questions, and get helpful tips. On the start screen, swipe left, and tap Nokia Care. If you’re new to Windows Phone, check out the section for new Windows Phone users. Check out the support videos at www.youtube.com/NokiaSupportVideos. For info on Microsoft Mobile Service terms and Privacy policy, go to www.nokia.com/privacy. First start-up Your new phone comes with great features that are installed when you start your phone for the first time. Allow some minutes while your phone sets up. © 2014 Microsoft Mobile. All rights reserved. 2 User Guide Nokia Lumia 635 Contents For your safety 5 Camera 69 Get started 6 Get to know Nokia Camera 69 Keys and parts 6 Change the default camera 69 Insert the SIM and memory card 6 Camera basics 69 Remove the SIM and memory card 9 Advanced photography 71 Switch the phone on 11 Photos and videos 75 Charge your phone 12 Maps & navigation 79 Transfer content to your Nokia Lumia 14 Switch location services on 79 Lock the keys and screen 16 Positioning methods 79 Connect the headset 17 Internet 80 Antenna locations 18 Define internet connections 80 Basics 19 Connect your computer to the web 80 Get to know your phone 19 Use your data plan efficiently 81 Accounts 28 Web browser 81 Personalize your phone 32 Search the web 83 Cortana 36 Close internet connections 83 Take a screenshot 37 Entertainment 85 Extend battery life 38 Watch and listen 85 Save on data roaming costs 39 FM radio 86 Write text 40 MixRadio 87 Scan codes or text 43 Sync music and videos between your phone and computer 87 Clock and calendar 44 Games 88 Browse your SIM apps 47 Office 90 Store 47 Microsoft Office Mobile 90 People & messaging 50 Write a note 92 Calls 50 Continue with a document on another Contacts 55 device 93 Social networks 59 Use the calculator 93 Messages 60 Use your work phone 93 Mail 64 Tips for business users 94 © 2014 Microsoft Mobile.
  • Windows Shell Action Command Library

    Windows Shell Action Command Library

    Windows Shell Action Command Library A Guide to the BigFix® Action Shell Commands BigFix, Inc. Emeryville, CA Last Modified: May 27, 2003 Compatible with BigFix Enterprise Suite (BES) version 3.0 and BigFix Consumer Client version 1.7 ii © 1998–2003 BigFix, Inc. All rights reserved. BigFix®, Fixlet® and "Fix it before it fails"® are registered trademarks of BigFix, Inc. i- prevention, Powered by BigFix, Relevance Engine, and related BigFix logos are trademarks of BigFix, Inc. All other product names, trade names, trademarks, and logos used in this documentation are the property of their respective owners. BigFix’s use of any other company’s trademarks, trade names, product names and logos or images of the same does not necessarily constitute: (1) an endorsement by such company of BigFix and its products, and (2) an endorsement of the company or its products by BigFix. No part of this documentation may be reproduced, transmitted, or otherwise distributed in any form or by any means (electronic or otherwise) without the prior written consent of BigFix, Inc. You may not use this documentation for any purpose except in connection with your use or evaluation of BigFix software and any other use, including for reverse engineering such software or creating compatible software, is prohibited. If the license to the software which this documentation accompanies is terminated, you must immediately return this documentation to BigFix, Inc. and destroy all copies you may have. All inquiries regarding the foregoing should be addressed to: BigFix, Inc. 5915 Hollis Street Emeryville, CA 94608-2017 Copyright © 2003 by BigFix, Inc.
  • Leveraging Forticlient with Microsoft Defender: 6 Use Cases

    Leveraging Forticlient with Microsoft Defender: 6 Use Cases

    SOLUTION BRIEF Leveraging FortiClient with Microsoft Defender: 6 Use Cases Executive Overview A compromised endpoint can quickly infect an entire enterprise network—which FortiClient Features Include: is why endpoint devices are now a favorite target for cyber criminals. More than an endpoint protection platform that provides automated, next-generation threat nnSecurity Fabric Connector. protection, FortiClient connects endpoints with the Security Fabric. It enables Enables endpoint visibility and endpoint visibility and compliance throughout the Security Fabric architecture. compliance throughout the Combining FortiClient with OS-embedded protection, such as Microsoft Security Fabric architecture. Defender or Microsoft Defender ATP, enhances these capabilities, providing nnVulnerability scanning. an integrated endpoint and network security solution that reinforces enterprise Detects and patches endpoint defenses, reduces complexity, and enhances the end-user experience. vulnerabilities. nn Improving Protection of Endpoint Devices Anti-malware protection. Employs machine learning (ML), FortiClient provides automated threat protection and endpoint vulnerability scanning to help artificial intelligence (AI), and maintain endpoint security hygiene and deliver risk-based visibility across the Fortinet Security cloud-based threat detection Fabric architecture. As a result, organizations can identify and remediate vulnerabilities or in addition to pattern-based compromised hosts across the entire attack surface. malware detection. In some cases, customers may wish to take advantage of certain FortiClient features while nnAnti-exploit engine. Uses leaving existing third-party protections in place. For example, in instances where there are signatureless, behavior-based policies in an organization that require two different antivirus (AV) vendors on an endpoint protection against memory and for governance or compliance reasons, the need for FortiClient alongside a third-party AV fileless attacks; detects exploit solution such as Microsoft Defender is necessitated.
  • Drivers for Windows NVIDIA Display Properties Desktop User’S Guide

    Drivers for Windows NVIDIA Display Properties Desktop User’S Guide

    nViewGuide_.book Page 1 Wednesday, May 14, 2003 11:29 PM Drivers for Windows NVIDIA Display Properties Desktop User’s Guide Driver Version: Release 40 4th Edition NVIDIA Corporation May 2003 nViewGuide_.book Page 2 Wednesday, May 14, 2003 11:29 PM NVIDIA Display Properties User’s Guide Published by NVIDIA Corporation 2701 San Tomas Expressway Santa Clara, CA 95050 Copyright © 2003 NVIDIA Corporation. All rights reserved. This software may not, in whole or in part, be copied through any means, mechanical, electromechanical, or otherwise, without the express permission of NVIDIA Corporation. Information furnished is believed to be accurate and reliable. However, NVIDIA assumes no responsibility for the consequences of use of such information nor for any infringement of patents or other rights of third parties, which may result from its use. No License is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in the software are subject to change without notice. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation. NVIDIA, the NVIDIA logo, Accuview Antialiasing, Detonator, Digital Vibrance Control, GeForce, nForce, nView, NVKeystone, PowerMizer, Quadro, RIVA, TNT, TNT2, TwinView, and Vanta are registered trademarks or trademarks of NVIDIA Corporation in the United States and/or other countries. Intel and Pentium are registered trademarks of Intel. DirectX, Microsoft, Microsoft Internet Explorer logo, Outlook, PowerPoint, Windows, Windows logo, Windows NT, and/or other Microsoft products referenced in this guide are either registered trademarks or trademarks of Microsoft Corporation in the U.S.
  • Guide to Hardening Windows 10 Technical Guide

    Guide to Hardening Windows 10 Technical Guide

    NOVEMBER 2020 Guide to Hardening Windows 10 For Administrators, Developers and Office Workers TABLE OF CONTENTS Introduction .......................................................................................................................... 4 Prerequisites ............................................................................................................................ 4 User roles ................................................................................................................................. 4 EFI (BIOS) Configuration ...................................................................................................... 5 To be enabled: ......................................................................................................................... 5 To be disabled: ......................................................................................................................... 5 Windows Defender Firewall .................................................................................................. 6 Enable logging of dropped packets ............................................................................................. 6 Disable enforcement of local rules and disable notifications .......................................................... 7 Block outbound connections by default ....................................................................................... 8 Secure potentially vulnerable protocols ......................................................................................
  • Caverns Measureless to Man: Interdisciplinary Planetary Science & Technology Analog Research Underwater Laser Scanner Survey (Quintana Roo, Mexico)

    Caverns Measureless to Man: Interdisciplinary Planetary Science & Technology Analog Research Underwater Laser Scanner Survey (Quintana Roo, Mexico)

    Caverns Measureless to Man: Interdisciplinary Planetary Science & Technology Analog Research Underwater Laser Scanner Survey (Quintana Roo, Mexico) by Stephen Alexander Daire A Thesis Presented to the Faculty of the USC Graduate School University of Southern California In Partial Fulfillment of the Requirements for the Degree Master of Science (Geographic Information Science and Technology) May 2019 Copyright © 2019 by Stephen Daire “History is just a 25,000-year dash from the trees to the starship; and while it’s going on its wild and woolly but it’s only like that, and then you’re in the starship.” – Terence McKenna. Table of Contents List of Figures ................................................................................................................................ iv List of Tables ................................................................................................................................. xi Acknowledgements ....................................................................................................................... xii List of Abbreviations ................................................................................................................... xiii Abstract ........................................................................................................................................ xvi Chapter 1 Planetary Sciences, Cave Survey, & Human Evolution................................................. 1 1.1. Topic & Area of Interest: Exploration & Survey ....................................................................12
  • Guidelines for Designing Embedded Systems with Windows 10 Iot Enterprise

    Guidelines for Designing Embedded Systems with Windows 10 Iot Enterprise

    Guidelines for Designing Embedded Systems with Windows 10 IoT Enterprise Version 2.0 Published July 15, 2016 Guidelines for designing embedded systems 1 CONFIDENTIAL Contents Overview .................................................................................................................................................................................................... 4 Building a task-specific experience ............................................................................................................................................ 4 General Group Policy settings ....................................................................................................................................................... 4 Application control ................................................................................................................................................................................ 5 Application boot options ................................................................................................................................................................. 5 Auto-boot Universal Windows apps ...................................................................................................................................... 5 Auto-boot Classic Windows apps ........................................................................................................................................... 5 Limit application access with AppLocker ...............................................................................................................................
  • Windows 10-New Features & Apps

    Windows 10-New Features & Apps

    Windows 10-New Features & Apps By Tom Krauser This article discusses some of the new features and apps that come packaged in Windows 10. It is only a brief summary of these features. For more information you can search the internet or check YouTube for instructional videos on your topic of interest. The following links provide some good basic information on Windows 10 and should be helpful to you. https://support.microsoft.com/en-us/products/windows?os=windows-10 https://support.microsoft.com/en-us/help/4043948/windows-10-whats-new-in-fall-creators-update-1709 The following article from PC World Magazine provides articles on a lot of new features in Windows 10. https://www.pcworld.com/tag/windows10/ The following article by CNET discusses some of new features in the latest update to Windows 10. https://www.cnet.com/how-to/windows-10-tips-best-features/ Alarms & Clocks: A combination of alarm clock, world clock, timer, and stopwatch. Set alarms and reminders, check times around the world, and time your activities, including laps and splits. The following link discusses how to set timers, alarms, and stopwatches: https://www.howtogeek.com/225211/how-to-set-timers-alarms-and-stopwatches-in-windows-10/ Camera: Many modern devices with Windows include a webcam and, to use it, you need an app that helps you take pictures, record videos or stream video while video chatting. For this purpose, Microsoft has built an app called Camera, which is available by default in Windows 10. Connect: Use Connect App to Cast Your Smartphone Screen to Your PC.
  • Quick Guide Page | 1

    Quick Guide Page | 1

    Quick Guide Page | 1 Contents Welcome to Windows 10 ................................................................................................................................................................................................... 3 Key innovations ...................................................................................................................................................................................................................... 3 Cortana ................................................................................................................................................................................................................................. 3 Microsoft Edge .................................................................................................................................................................................................................. 4 Gaming & Xbox ................................................................................................................................................................................................................ 5 Built-in apps ....................................................................................................................................................................................................................... 7 Enterprise-grade secure and fast ...................................................................................................................................................................................
  • Laptop Setup Instructions

    Laptop Setup Instructions

    LAPTOP SETUP INSTRUCTIONS Your computer has been installed with Windows 10. What follows are instructions on setting up, logging in, and getting familiar with your computer. Setting up your laptop 1. Get started 1. When you open and switch on the laptop, you may hear a loud voice message from Cortana (the Microsoft digital assistant). • Select the sound icon at the bottom right of the screen, mute the message and continue with the steps below. 2. You will see the message Just a moment, configuring the hardware. 3. The following message will appear: Let’s start with the region. Is this right? • Select South Africa, then click Yes. 4. The following message will appear: Is this the right keyboard layout? • Select US, then click Yes. 5. The following message may appear: Want to add a second keyboard layout? • Click Skip. 6. The following message will appear: Let’s connect you to a network • Select I don’t have internet. 7. The following message will appear: There’s more to discover when you connect to the internet. • Select Continue with limited setup. 2. Create a user account for your computer In the account section, you will set up your computer user account and password. Note: these are not the same as your UCT network access details, and allow you access to your computer only. 1. The following message will appear: Who’s going to use this PC? • Type in your preferred name to create your account, then click Next. 2. The following message will appear: Create a super memorable password. • Create a password then click Next.
  • Feasibility of Using a Low‑Cost Head‑Mounted Augmented Reality Device in the Operating Room Pieter L

    Feasibility of Using a Low‑Cost Head‑Mounted Augmented Reality Device in the Operating Room Pieter L

    Editor: OPEN ACCESS Pieter L. Kubben, MD, PhD Maastricht University Medical SNI: Computational For entire Editorial Board visit : Center, Maastricht, http://www.surgicalneurologyint.com The Netherlands Technical Note Feasibility of using a low‑cost head‑mounted augmented reality device in the operating room Pieter L. Kubben1,2, Remir S. N. Sinlae3 1Departments of Neurosurgery, 2Medical Information Technology, Maastricht University Medical Center, Maastricht, 3Faculty of Health, Medicine and Life Sciences, Maastricht University, Maastricht, The Netherlands E‑mail: *Pieter L. Kubben ‑ [email protected]; Remir S. N. Sinlae ‑ [email protected] *Corresponding author Received: 07 July 18 Accepted: 13 December 18 Published: 28 February 19 Abstract Background: Augmented reality (AR) has great potential for improving image‑guided neurosurgical procedures, but until recently, hardware was mostly custom‑made and difficult to distribute. Currently, commercially available low‑cost AR devices offer great potential for neurosurgery, but reports on technical feasibility are lacking. The goal of this pilot study is to evaluate the feasibility of using a low‑cost commercially available head‑mounted holographic AR device (the Microsoft Hololens) in the operating room. The Hololens is operated by performing specific hand gestures, which are recognized by the built‑in camera of the device. This would allow the neurosurgeon to control the device “touch free” even while wearing a sterile surgical outfit. Methods: The Hololens was tested in an operating room under two lighting conditions (general background theatre lighting only; and general background theatre lighting and operating lights) and wearing different surgical gloves (both bright and dark). All required hand gestures were performed, and voice recognition was evaluated against background noise consisting of two nurses talking at conversational speech level.