This week is all about configuring a single full-screen app in kiosk mode and more specifically, configuring the Kiosk Browser app as a single full-screen app in kiosk mode. A couple of years ago, I also did a post about setting up kiosk mode on Windows 10. This time it’s not about using OMA-URI’s, this time is all about using the available options within the portal. Spoiler alert, it became a whole lot easier! Deployment scenarios that this adds on to are, for example, AutoPilot self-deploying mode and enrollment via a device enrollment manager. In this post I’ll go through a few prerequisites for the configuration, followed by the actual configuration of the Kiosk Browser app in kiosk mode. I’ll end this post by looking at the end-user experience.
Prerequisites
Before being able to configure kiosk mode with the Kiosk Browser app, the following prerequisites must be in place and available.
- Deploy the de Kiosk Browser app. The best method to deploy the app is by using the Microsoft Store for Business integration with Microsoft Intune. That combination will enable the ability to assign the app as a required app to devices and users;
- Get the Application User Model ID (AUMID) of the Kiosk Browser app. The easiest method is using the provided PowerShell script, which will provide the following AUMID for the Kiosk Browser app: Microsoft.KioskBrowser_8wekyb3d8bbwe!App;
Configuration
Now that the prerequisites are known, it’s time to look at the actual configuration. Within this configuration I will show the steps to create a kiosk profile that will create a full-screen Kiosk Browser app with an autologon user. The following four steps will walk through the required configuration. After that simply assign the created profile to a user (for example the device enrollment manager) or device group (for example the AutoPilot self-deploying devices).
1 | Open the Azure portal and navigate to Intune > Device configuration > Profiles; |
2 | On the Devices configuration – Profiles blade, click Create profile to open the Create profile blade; |
3 |
On the Create profile blade, provide the following information and click Create;
|
4a |
On the Kiosk (Preview) blade, select Kiosk to open the Kiosk blade. On the Kiosk blade, click Add to open the Add row blade. On the Add row blade, provide the following information and click OK (and click OK in the Kiosk (Preview) blade);
|
4a |
On the Kiosk (Preview) blade, select Kiosk web browser to open the Kiosk web browser blade. On the Kiosk web browser blade, provide the following information and click OK;
Note: As I’m not providing any buttons, there is no real use for blocking any websites. |
Note: Even though the configuration was a success, the device configuration would always show the status Failed on the setting Full screen kiosk app status.
End-user experience
Now let’s end this post by looking at the end-user experience. The first thing I would like to show, is the default user that is created when using autologon as the user account type. That user is a local user named Kiosk and that local user not configured with a password. Once that user is automatically logged on and somebody would press Ctrl+Alt+Del, the person would see the screen as shown below.
The second thing that I would like to show is the end result of the complete configuration. When the configuration is applied to the device, the Kiosk user will autologon to the device and the Kiosk Browser app will start with the configured home page and without the ability to navigate or any other interaction, as shown below.
The third and last thing that I would like to show is the end result when the configuration is changed. Changed in a way that the navigation buttons are shown, the home button is shown and the end session button is shown. That result is shown below. With that configuration is might be useful to create a list with blocked websites.
More information
For more information related to configuring kiosk mode on Windows 10 and the KioskBrowser area in the Policy CSP, please refer to the following articles:
- Kiosk settings for Windows 10 (and later) in Intune: https://docs.microsoft.com/en-us/intune/kiosk-settings
- Policy CSP – KioskBrowser: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-kioskbrowser
- Find the Application User Model ID of an installed app: https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app
Excellent to see an article on this – I’ve been developing a public kiosks offering for this. Are you using 1803 or preview builds? I know for self deploying autopilot you need recent preview builds. Also how are you enrolling? I have been using a provision package with a bulk enrolment token so far.
Hi Nigel,
In this scenario I used a device enrollment manager, but the end goal should be to use it with AutoPilot.
Regards, Peter
Hi Peter,
You already tried the Autopilot self deployment?
I am curious under which account the azure ad join will be done and what system>school work account shows as enroller.
Regards
Hi Nathan,
I haven’t been able to test the AutoPilot self deployment, yet, mainly due to the lack of available hardware..
Regards, Peter
I assume that users can input data on the site and navigate with links on the webpage
Depends on the configuration. Do keep in mind, however, that this post was written for the kiosk browser.
Regards, Peter
Have you had success creating same policy for Hybrid-AADJ devices, that are Autopiloted?
Hi Ejike,
I haven’t recently tested that. What are you running into?
Regards, Peter