Securing Corporate VR: How Virtual Vision Health and Pico VR Integrate with Microsoft Intune for Unmatched Device Management

Securing Corporate VR: How Virtual Vision Health and Pico VR Integrate with Microsoft Intune for Unmatched Device Management

In this age of heightened security, it is becoming increasingly critical to ensure that all devices placed within your corporate network are secured throughout their product lifecycle. For this and other reasons, we have chosen PICO as our OEM VR headset vendor.

At first glance, Virtual Vision Health VR headsets may seem like simple consumer devices with specialized software for business use, but this couldn’t be further from the truth. Our VR headsets are part of an emerging class of enterprise-level products designed for the corporate and healthcare markets. These devices can be managed and secured through powerful fleet management platforms such as Microsoft Intune and ManageXR.

In fact, on October 2023, PICO's flagship devices, the Neo 3 and Neo 4 VR headsets gained the Microsoft Intune Android Open Source Project (AOSP) Supported Device certification. While we are seeking to acquire an official statement from Microsoft, their statements when introducing AOSP device support, and importance given to certifying AOSP devices within the Microsoft Intune platform, it is clear PICO devices will continue to be supported after the Android 10 Microsoft Intune deprecation date.

Microsoft’s stated goal is to support the four most recent versions of Android in Microsoft Intune. Using this strategy, deprecation of Android 10 support is expected with the Microsoft Intune October 2025 release. However, this is only for Microsoft Intune’s user-based management methods. The dedicated and AOSP userless Android device management methods “will not be impacted by this change”.  Link to section in Microsoft Intune What's New and Microsoft Intune In-Development webpages.

To provide some background, Android, as most people know it, is actually built from two different pieces of code:

  • The Android Open Source Project (AOSP)
  • Google Mobile Services (GMS)

Google Mobile Services is what most people associate with Android and includes its own built-in management system called Android Enterprise to help secure and manage Android devices.

However, many technology products are built using The Android Open Source Project as a foundation, allowing companies to add their own customized services without any of Google’s applications and branding. These AOSP devices can be tailored to provide a much longer service life than standard consumer Android devices, as they are not dependent on Google services, which may become deprecated at any time. This makes Microsoft Intune a natural fit for managing and securing these new types of devices.

Microsoft first previewed AOSP support in Microsoft Intune in October 2021, releasing it as a core feature a year later, adding support for Meta devices. In March 2023, Microsoft announced and added support for PICO devices as well. link to post

When examining the current approved Microsoft Intune AOSP device list, it is evident that it is entirely comprised of VR headsets designed for the business enterprise and healthcare markets, including the major players in the enterprise VR space, Meta, HTC, Lenovo, Realwear, and PICO. Link to Microsoft Intune Fundamentals article.

This underscores that Microsoft and these OEM device manufacturers see themselves as partners in ensuring long service cycles for this class of devices.

Regarding our Virtual Vision Health platform, our devices are configured to automatically launch our Virtual Vision Health software on boot-up. They are locked down into "kiosk" mode, only allowing access to a subset of necessary core Android services, such as the Wi-Fi and Bluetooth applets, required for day-to-day device operations.
Our VR headsets operate as application clients, communicating using TLS 1.3 with our Virtual Vision Health APIs to receive examination parameters and send out raw examination results. Our Virtual Vision Health application only pulls down the patient's first name to confirm to the person wearing the headset that they are about to take the correct examination.  Our application never stores PHI on its file system, and any potential OS cached data is stored in an AES-256 encrypted state.

As mentioned before, for an additional level of protection, Pico VR has received certification as an approved Microsoft Intune AOSP device. This certification allows it to be paired with Microsoft's Intune platform in userless mode, enabling remote wiping of the headset if necessary and restricting the device to connect only to preapproved Bluetooth devices and WiFi networks.  Our devices support all Android 10 supported WiFi protocols up to WPA 3 Enterprise.

Overall, backed by Microsoft and PICO, the Virtual Vision Health platform is designed to seamlessly integrate into your corporate infrastructure