I have been tasked to start looking at a Kiosk solution for our organisation and noticed that in the "what's new in Intune" documentation a new configuration profile for Windows 10 1803 devices was announced as available as of the week of 8th June. I am unsure of the specific requirements for the project at this stage but typically in the solution we would need to provide a locked down web browser that can only access specific sites so that is what I have decided to configure;
First of all, log in to the Microsoft Store for Business and search for the Kiosk Browser app. Select "Get the app"
Log in to the Intune portal and navigate to Mobile Apps > Microsoft Store for Business. Select "Sync"
Wait a few moments for the app to sync then assign it to a device group containing the kiosk devices
Log in to the device and confirm that the Kiosk Browser has been deployed, carry out a sync on the device from the Intune portal if required
Now navigate to Device configuration - profiles and select "Create Profile"
Enter an appropriate profile name, select the correct platform and select "Kiosk (Preview)" as the profile type.
Select the "Configure" option then add a Kiosk setting
Specify a suitable name for the configuration, set the mode as "Single full-screen app kiosk", select the Kiosk browser as the app to use for kiosk mode and specify the account type as "Autologon"
Select "Ok" twice. Now access the kiosk web browser settings menu. In this example I have set the home page, allowed the home button and allowed the navigation buttons. Select "Ok" twice to save the settings.
Assign the profile to the required device group
Ensure that the profile has deployed to the device by selecting the "Device Install Status" option
Restart the device and you will see it automatically log on using a KioskUser account and then launch the Kiosk browser.
Please note
I have only been able to achieve the above on a Surface Pro 4 at this stage. I attempted this procedure on a Windows 10 1803 VM in order to be able to take some accurate screenshots of this last step and was unable to get the device to enrol into MDM. Rather than delay this post any longer (It has been in my drafts for weeks!) I will update this part when I find out what is causing the issue.