Saturday 1 December 2018

Intune Windows 10 1809 Edge Kiosk

The release of Windows 10 1809 introduced the ability to configure the Edge browser using assigned access with a local account on a device. This post will show you how to configure a single app public kiosk browser using the required custom settings within Intune

Configuring this will give you significant benefits in additional functionality over that of the Intune Kiosk Browser app, a feature comparison can be found here

In this example I enrolled the device within Intune during the setup wizard. I then created a local standard user account on the device, also I would recommend at this stage ensuring the device has a suitable hostname. Make sure that you have logged into the device at least once with the local account.

Now in the M365 Device Management portal navigate to Device Configuration > Profiles then create a new Windows 10 Custom Profile.


In this example I will be adding the following custom OMA-URI settings to the profile;

Assigned access configuration - this specifies the app to run in kiosk mode along with local user account that should apply the setting. Note that the local user account in this example should be substituted with your own, and prefixed with the device's hostname


OMA-URI; ./Device/Vendor/MSFT/AssignedAccess/KioskModeApp
Data type; String
Value; {"Account":"KIOSK\\Kiosk User","AUMID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge"}


Set Kiosk Mode Type - Sets the display mode to a public browsing kiosk


OMA-URI; ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
Data type; Integer
Value; 1

Configure Edge Timeout settings - This reset's the users session after a specified number of minutes of inactivity. The time you want (values are valid for 1-1440 minutes)

OMA-URI; ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
Data type; Integer
Value; 15

Set start pages - Specify the URL(s) that load when the browser launches for the first time



OMA-URI; ./Vendor/MSFT/Policy/Config/Browser/HomePages
Data type; String
Value; Website URL's in chevrons - <https://leonashtonleatherland.blogspot.co.uk><https://docs.microsoft.com/en-us/intune/whats-new>

So the settings will now look like this under the single profile

Save the profile and then deploy it to a group which contains the Kiosk device.

Carry out a sync on the device and then restart.

Ensure that the settings have applied to the device by viewing the device install status within the properties of the profile



Now log in and you will see Edge launch in kiosk mode, with your default start pages, all tabs launching in InPrivate mode, you will also notice the sessions timeout after the specified time period.


You could also add other supported CSP's to further develop the kiosk solution as required - give it a try! 






2 comments:

  1. Hi Leon! Great article, this help me understand the slightly confusing MS documentation. Have you tried setting up a kiosk through Intune with Chrome?

    ReplyDelete
    Replies
    1. I have briefly explored this scenario but not for long. What have you experienced?

      Delete