Most companies have a need for a Kiosk device, in this case built on top of Windows 10. My definition of kiosk in this post is a Windows 10 device that auto logon with a single app, such as a modern web browser such as Edge. The device could be used as a public device where users can browse Internet, or a large screen that displays statistics from a monitoring tool. It is worth mentioning the Autopilot feature of this is still in preview, and implementation should consider this before scaling.
This implementation is built on top of Autopilot Self-deploying and some Device Configuration. Before you start make sure you have a computer imported in Autopilot, and you have all other pre-req for Intune in place.
Preparation in Autopilot and ESP
Let’s start with the fun stuff, fire up the Intune console
First create a Azure AD group to place all the Kiosk devices into, ex AZ-MDM-Profile-[PROFILENAME], in my case AZ-MDM-Profile-AAD Autopilot Kiosk Single App EN
Now add the device that you previously prepared and imported in Autopilot (When a device is imported in Autopilot an Azure device is created, this object can be added to the Azure AD group)
Head over to Device Enrollment > Windows enrollment > Deployment Profiles and click Create Profile
Enter information like below
When the profile is created, time to assign it to the group you created
Now go to Device Enrollment > Windows enrollment > Enrollment Status Page (Preview) and Create Profile
Note, you could skip this step and use a common ESP, or create a common for all kiosk deployments, but I recommend disable gather log and allow user to use the device if error occurs.
Name the profile something like your Deployment profile, example AAD Autopilot Kiosk Single App EN and click Settings
Even if the Company portal app is not necessary/requirement on kiosk devices, I tend to push that or some small app to the computer, instead of choosing All, if something is pushed by mistake it will minimize the crash possibilities on these kiosk deployments.
Done, now heading over to the configuration part
Create device configuration profiles
Navigate to Device configuration > Profiles and create a profile with this information
Name: DW-W10-EA-AAD Autopilot Kiosk Single App EN
Platform: Windows 10 and later
Profile type: Kiosk
Select a kiosk mode: Single app, full-screen kiosk
User logon type: Auto logon
Application type: Add Microsoft Edge, and Public browsing (InPrivate)
Create another profile with this information to configure Edge browser
Name: DW-W10-EA-Edge-AAD Autopilot Kiosk Single App EN
Platform: Windows 10 and later
Profile type: Device Restrictions
Choose Microsoft Edge Browser and configure according to your needs, this is an example
When the profiles are saved, assign them to the same Azure AD as the Profile and ESP profile.
When all this is done, follow these small instructions to deploy the kiosk.
- Connect to a wired network (with Internet connectivity…)
- Reinstall the computer with at least Windows 10 1809 from USB
- Wait
- Since I’m out travelling and have limited gear to shoot the final result, but if everything is successful the result should auto logon with a local user account named KioskUser0 (no password) and look like this
Reference
https://docs.microsoft.com/en-us/windows/configuration/kiosk-single-app#mdm
https://docs.microsoft.com/en-us/windows/configuration/kiosk-prepare
Questions? Shoot!
Thanks for sharing sir. Does the kiosk mode create the local user KioskUser0 ? Can this be changed ? Or create an own local user ?
LikeLike
Yes, it automatically create a local account, I just posted an article how to create a local users with Intune, so have a try a. Dont forget to point out the created user in the Kiosk deivce configuration profile
LikeLike