Saturday 8 December 2018

New Intune Android Enterprise Kiosk Settings

I have been testing the recently released additions to the Android Enterprise Kiosk profile settings and thought I would just write a quick post to show you how these new settings improve the solution.
Before I start, I just wanted to clarify some terminology - this Android Enterprise solution set is now called the "Dedicated Device" solution by Google and no longer "Corporately Owned, Single-Use" as per their documentation. I have submitted a request so that this is reflected in the Microsoft Intune Documentation to try and avoid some confusion later on down the line

To follow the steps in this post, please initially refer to my previous one which details how to deploy a single app kiosk. In addition to this configuration, this time though I have selected a multiple app kiosk, specifying the Microsoft Edge and Teamviewer Apps;

Also in addition, ensure that both the Teamviewer and Managed Home Screen apps are synced from the Managed Google Play store and deployed to the appropriate Azure AD group / users.

Now for the new settings, in the M365 Device Management portal navigate to Device Configuration > Profiles > Locate your kiosk profile and select it > Properties > Settings > Kiosk. Scroll down and you will now see the new settings available

Virtual home button
This enables the user to switch between the managed home screen app and the other apps that are specified in multiple app kiosk. Particularly useful when devices are not able to use their back button when enrolled in Kiosk mode. The documentation states that for some handsets in order to access the virtual home scree button the user will need to swipe up, as I had to with the device I tested with (Samsung Galaxy A5 2016)

Launch the Edge browser, then swipe from the bottom of the screen up to see the virtual home button;

Leave Kiosk Mode
This provides a method for an administrator to exit kiosk mode for troubleshooting or additional configuration purposes, like installing software updates.

Tap the back button multiple times to reveal the menu, then select "Exit kiosk"

Enter the PIN

You can now access the settings and other apps on the device

To enter kiosk mode again, simply launch the Managed Home Screen app from apps menu

Set custom background
You can now set a custom wallpaper based on a URL in order to add some company branding to the device. 

Some useful additions to the solution I feel, also it shouldn't be too long before the Android Enterprise Fully Managed Device solution set (formerly COBO - Corporately Owned, Business Only) will be available as a public preview.

Stay tuned for some more Android Enterprise related posts! Thanks for reading!

Saturday 1 December 2018

Intune Windows 10 1809 Edge Kiosk

The release of Windows 10 1809 introduced the ability to configure the Edge browser using assigned access with a local account on a device. This post will show you how to configure a single app public kiosk browser using the required custom settings within Intune

Configuring this will give you significant benefits in additional functionality over that of the Intune Kiosk Browser app, a feature comparison can be found here

In this example I enrolled the device within Intune during the setup wizard. I then created a local standard user account on the device, also I would recommend at this stage ensuring the device has a suitable hostname. Make sure that you have logged into the device at least once with the local account.

Now in the M365 Device Management portal navigate to Device Configuration > Profiles then create a new Windows 10 Custom Profile.

In this example I will be adding the following custom OMA-URI settings to the profile;

Assigned access configuration - this specifies the app to run in kiosk mode along with local user account that should apply the setting. Note that the local user account in this example should be substituted with your own, and prefixed with the device's hostname

OMA-URI; ./Device/Vendor/MSFT/AssignedAccess/KioskModeApp
Data type; String
Value; {"Account":"KIOSK\\Kiosk User","AUMID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge"}

Set Kiosk Mode Type - Sets the display mode to a public browsing kiosk

OMA-URI; ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
Data type; Integer
Value; 1

Configure Edge Timeout settings - This reset's the users session after a specified number of minutes of inactivity. The time you want (values are valid for 1-1440 minutes)

OMA-URI; ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
Data type; Integer
Value; 15

Set start pages - Specify the URL(s) that load when the browser launches for the first time

OMA-URI; ./Vendor/MSFT/Policy/Config/Browser/HomePages
Data type; String
Value; Website URL's in chevrons - <><>

So the settings will now look like this under the single profile

Save the profile and then deploy it to a group which contains the Kiosk device.

Carry out a sync on the device and then restart.

Ensure that the settings have applied to the device by viewing the device install status within the properties of the profile

Now log in and you will see Edge launch in kiosk mode, with your default start pages, all tabs launching in InPrivate mode, you will also notice the sessions timeout after the specified time period.

You could also add other supported CSP's to further develop the kiosk solution as required - give it a try!