How to Configure a Windows 10 Kiosk Device

How to Configure a Windows 10 Kiosk Device

There are numerous practical applications for a Windows 10 kiosk device. In general, you can run either single or multiple applications above a lock screen that limits a user's access to other features or functions of the Windows device.

You may want to use Windows kiosk mode primarily for public spaces and event scenarios to limit the user experience to a specific task. Alternatively, you may have employees working remotely or in the office, and you want to limit their accessibility to specific programs and settings.

You can achieve various tasks using secure management software like Microsoft Intune, such as having complete control over how devices are used and managed in your organization. This article explains how to configure kiosk mode in Windows 10 using Intune to help you manage and secure both your devices and applications and provide your end user with the ideal experience.

What Is Windows 10
Kiosk Mode?

Before you set up your Windows 10 kiosk, it helps to understand what kiosk mode Windows 10 is and why you might need to use this functionality.

Windows 10 kiosk mode offers your business a way to dedicate a device to run only one or more select apps at a time in a tamper-free manner, which blocks users from gaining access to restricted aspects of a device or software. For instance, even if a kiosk has internet access, you can make sure that users can only access a single predetermined website.

A user cannot gain access to the Start menu, system settings, keyboard shortcuts, the disk operating system or any other area of the device unless you provide explicit permission for them to do so. A testing center may provide digital testing where students log into the device and can only browse predetermined apps or webpages during their examination. In this type of use case, kiosk mode ensures fairness, test integrity, uniformity and compliance.

You might also deploy kiosk mode for:

  • Public information kiosks
  • Point of sale (POS) devices
  • Digital sign-in or booking systems
  • In-store product demos
  • Promotional business kiosks
  • Limited internet access points
  • Workstations with limited capabilities  

Single- vs. Multi-Application Kiosk Mode

Depending on your business needs and the type of kiosk your end user requires, you might choose between single-app or multi-app kiosk mode.

In single-app kiosk mode, it can run one app, access one website or run one Store app, typically in full-screen mode. In this mode, the user cannot access any other app, switch to the desktop or access things such as the Start menu or the taskbar or browse the web.

Multi-app kiosk mode can allow users to access different apps from the desktop, but the desktop and taskbar are customized only to permit them to use predetermined apps and nothing more. This mode is an excellent option for use cases such as student registration devices, a self-service kiosk or a shared workstation.

Setting up a Kiosk
Device With
Microsoft Intune

This step-by-step guide for kiosk mode Win 10 includes nine fundamental steps to help you prepare your device for use.

9 Steps Overview Graphic

1. Log in to the Intune Portal

First, navigate to the Microsoft Intune Portal login:

  1. Go to the Microsoft Intune Portal login  — also known as the Microsoft Endpoint Manager admin center — which is the central place where you can manage your devices and services. 
  2. Use the appropriate Microsoft or Office 365 credentials to log in to the Intune portal. If you do not have a Microsoft account, create one.

Once logged in, you can enter the device configuration and create a new profile for the kiosk device, as discussed in the next step regarding the Intune kiosk mode.

2. Create a New Profile

Once you are in the Intune portal, your next step is creating an Intune Profile. This is the starting point for configuring your Windows 10 kiosk mode and preparing your device or devices.

  1. Navigate to “Devices” in the left-hand side panel and click on this.
  2. Click on “Configuration Profiles.”
  3. Select “Create Profile.” 
  4. Enter a name for that profile — for instance, you might call it “Windows 10 Kiosk Device.”

3. Create a Device Group

Once you have created your device profile, you need to add it to a device group for those particular kiosk devices — although it can be singular, you must add it to a group. To do so, you can follow these quick steps:

  1. Select “All Groups” toward the top left of the screen.
  2. Click on “New Group”.
  3. Enter a name for this particular group, such as “Windows 10 Kiosk Mode Devices.”
  4. You may not have kiosk devices to select, so you can skip this step for now.
  5. Create the device group.

4. Enter the Profile Details

Now, you must set the Platform and Profile Type. You can follow these steps to enter the profile details:

  1. Select “Windows 10 and later” under the “Platform” dropdown.
  2. Under “Profile Type,” you can decide on and select the type of template, which should be “Kiosk.”

Once you've made the relevant selections, you can continue on to configure the profile.   

5. Configure the Profile

Consider the following steps and possible options when configuring your device:

  1. Navigate to “Select a kiosk mode” in the “Configuration settings” — from there, you can select the type of kiosk you wish to run.
  2. Select “Single App, Full-Screen Kiosk” to set up your kiosk to only run a single application in fullscreen mode. 
  3. Select “Multi app kiosk” if you want to use Application User Model ID to run multiple apps.
  4. If you are using a kiosk in a public area where people do not need to log in, you can select "Auto Login" under “User Logon Type,” or if you wish to use Azure Active Directory (AD) — which we recommend — then select this option.
  5. Using Azure AD may require you to list who can access the device and to what extent they have access. Alternatively, you can select “Local User Account” if people need to log into the kiosk before they can use the device.
  6. For the “Application Type,” choose “Microsoft Edge Browser” or the “Kiosk Browser,” which you can use to run your premade and ready URL, or select "Microsoft Store App" as your application type if you intend to use a pre-uploaded Microsoft Store App.

6. Fill in the Appropriate Settings for the Kiosk Device

When looking at kiosk device settings in Intune, you want to select the preferred settings for optimal kiosk functionality, and you can do so by following these steps:

  1. If you selected the browser-based option such as Microsoft Edge or Kiosk Browser, you must enter the kiosk default homepage URL in the “Edge Kiosk URL.”
  2. If you use the browser option, you must also set the “Microsoft Edge kiosk mode type.” Most are likely to choose “Digital/Interactive Signage (InPrivate),” which limits a user's navigation abilities.
  3. If you use the browser option, you can set the “Refresh browser after idle time” so that it resets after nonuse following a set amount of time.
  4. If you use the Microsoft Store App option, you must select your app from the list, but keep in mind that this likely needs to be uploaded ahead of time for it to appear in the list.
  5. If you use an Auto Login account type, ensure you have the required offline license from Microsoft Store for Business.
  6. When finished, you must stipulate the “Maintenance Window for App Restarts” — you may want to set this for periods where it should not interrupt the user experience.

7. Assign the Profile to the Device Group for Deployment

To ensure deployment to the intended devices, your next step is assigning the Intune Profile to the device group. At this point, you should be working under the “Assignments” tab, and you can take these steps to assign the profile to the group:

  1. Navigate to “Add groups” under “Included groups.”
  2. Click “Add groups.”
  3. Select the kiosk device group you created earlier — in our example, we called it “Windows 10 Kiosk Mode Devices.”
  4. Click “Next” once you have the group selected.

8. Finalize the Profile Creation

When finalizing the Intune profile creation, you can follow these two simple steps to complete the process:

  1. Review the profile details and make sure all the selections and information are correct.
  2. Click “Create” once you are on the “Review + Create” page. 

9. Sync the Device

To make sure the settings included in the new device profile take effect, do the following on the kiosk device:

  1. In settings, navigate to the “Accounts” tab.
  2. Under the “Access work or school” tab, click on the “Info” button, which is for the Azure tenant connection and should show you “Managed by.”
  3. Scroll down to the “Device sync status” and click on the “Sync” button.
  4. Restart the device once the sync is complete.
  5. Sign in to the kiosk with the designated user account for that particular kiosk configuration profile.

8 Advantages of
Microsoft Intune
Kiosk Mode

Because Microsoft Intune is a cloud-based service, managing your kiosk devices and maintaining varying levels of organizational data, whether internally or externally, is far more secure and streamlined. There are numerous reasons to use Microsoft Intune kiosk mode, but these are just a few worth considering:

  1. Limited or conditional access: You can limit what a user can access on a kiosk device, ensuring the user only accesses apps or websites you designate. Moreover, you can apply conditional access policies, which outline who can access the kiosk and how the end user accesses organizational resources.
  2. Device security and management: Using Intune, you can manage a range of devices at various locations from a single, unified cloud-based platform. It allows you to monitor specific actions, make changes, apply settings and policies, and wipe or lock the device remotely.
  3. Efficient IT services and updates: You can update and manage software components remotely due to the cloud-based nature of the service. Additionally, you can provide access to specific on-premises servers so users can access applications and data stored in-house rather than on the actual kiosk devices.
  4. Better integration: A valuable aspect of Intune is its seamless integration with other Microsoft software such as Azure AD, Azure Information Protection, Microsoft 365 and others, including certain trusted third-party apps and devices.
  5. Customization and personalization: You can customize your kiosk devices to suit your needs and company preferences. This personalization can involve deciding what appears in the start menu, whether there are one or more applications, adding a tailored homepage or desktop with particular thematic elements, and much more.
  6. Supports a range of devices: In addition to using Windows computers and laptops, you can use many mobile devices with varying operating systems, such as Android, iOS, macOS, Linux Ubuntu and others. You can then apply settings appropriate to these devices and initiate policies to control how and what users can access.
  7. Scalable and flexible options: When you set up your kiosk devices, you can easily change the number of devices and types of apps they offer, whether single- or multi-app, and adjust who can access the kiosks and how. Depending on the type of device, you can typically repurpose it entirely as needed.
  8. Enhanced user experience: With Microsoft Intune, you can provide a simple, secure and easy-to-use kiosk device for employees, customers or visitors, which allows them to perform tasks, acquire information or even make secure purchases. Moreover, you can enhance customer service by including constant and instant virtual support through the device where needed.

Configure, Secure and Manage Your Kiosks With BDO Digital

At BDO Digital, we are leading digital strategists, advisors and consultants — our comprehensive services encapsulate several options to help keep your business in step with the ever-evolving tech landscape. That is why our offerings include business technology services, outsourcing IT, security compliance and more. Allow us to assist you with your kiosks and other digital devices, with services ranging from device maintenance to tech support and staff training.

Microsoft Intune, when used in conjunction with Azure AD, provides a simplistic and secure way to manage your company's devices and kiosks. If you want to learn more about the advantages and functionality of Intune kiosk mode, reach out to us at BDO Digital, where we offer a full range of digital services for your business requirements.

Originally published November 4, 2019. Updated January 22, 2024. 

Responsible AI with Azure Machine Learning

Tools and methods to understand, protect and control your models

Microsoft has been creating and using AI solutions for many years and has developed an approach to help navigate AI journeys responsibly. This includes establishing guiding principles and developing a system for internal oversight. But while those steps are essential, data scientists and developers need tools to put principles into practice.