Most companies have a need for a Kiosk device, in this case built on top of Windows 10. My definition of kiosk in this post is a Windows 10 device that auto logon with a single app, such as a modern web browser such as Edge. The device could be used as a public device where users can browse Internet, or a large screen that displays statistics from a monitoring tool. It is worth mentioning the Autopilot feature of this is still in preview, and implementation should consider this before scaling.

This implementation is built on top of Autopilot Self-deploying and some Device Configuration. Before you start make sure you have a computer imported in Autopilot, and you have all other pre-req for Intune in place.

Preparation in Autopilot and ESP

Let’s start with the fun stuff, fire up the Intune console

First create a Azure AD group to place all the Kiosk devices into, ex AZ-MDM-Profile-[PROFILENAME], in my case AZ-MDM-Profile-AAD Autopilot Kiosk Single App EN

Now add the device that you previously prepared and imported in Autopilot (When a device is imported in Autopilot an Azure device is created, this object can be added to the Azure AD group)

Head over to Device Enrollment > Windows enrollment > Deployment Profiles and click Create Profile

Enter information like below

 

When the profile is created, time to assign it to the group you created

Now go to Device Enrollment > Windows enrollment > Enrollment Status Page (Preview) and Create Profile

Note, you could skip this step and use a common ESP, or create a common for all kiosk deployments, but I recommend disable gather log and allow user to use the device if error occurs.

Name the profile something like your Deployment profile, example AAD Autopilot Kiosk Single App EN and click Settings

Even if the Company portal app is not necessary/requirement on kiosk devices, I tend to push that or some small app to the computer, instead of choosing All, if something is pushed by mistake it will minimize the crash possibilities on these kiosk deployments.

Done, now heading over to the configuration part

Create device configuration profiles

Navigate to Device configuration > Profiles and create a profile with this information

Name: DW-W10-EA-AAD Autopilot Kiosk Single App EN

Platform: Windows 10 and later

Profile type: Kiosk

Select a kiosk mode: Single app, full-screen kiosk

User logon type: Auto logon

Application type: Add Microsoft Edge, and Public browsing (InPrivate)

Create another profile with this information to configure Edge browser

Name: DW-W10-EA-Edge-AAD Autopilot Kiosk Single App EN

Platform: Windows 10 and later

Profile type: Device Restrictions

Choose Microsoft Edge Browser and configure according to your needs, this is an example

When the profiles are saved, assign them to the same Azure AD as the Profile and ESP profile.

 

When all this is done, follow these small instructions to deploy the kiosk.

1. Connect to a wired network (with Internet connectivity…)
2. Reinstall the computer with at least Windows 10 1809 from USB
3. Wait
4. Since I’m out travelling and have limited gear to shoot the final result, but if everything is successful the result should auto logon with a local user account named KioskUser0 (no password) and look like this
   

Reference

https://docs.microsoft.com/en-us/windows/configuration/kiosk-single-app#mdm

https://docs.microsoft.com/en-us/windows/configuration/kiosk-prepare

 

Questions? Shoot!