deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update kiosk configuration documentation

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-01-26 07:56:11 -05:00
parent 6002f441e7
commit 659e168c02
5 changed files with 76 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/configuration/kiosk/find-the-application-user-model-id-of-an-installed-app.md
View File

@ -4,6 +4,7 @@ description: To configure assigned access (kiosk mode), you need the Application
ms.topic: article ms.topic: article
ms.date: 12/31/2017 ms.date: 12/31/2017
--- ---
# Find the Application User Model ID of an installed app # Find the Application User Model ID of an installed app
To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device. You can find the AUMID by using Windows PowerShell, File Explorer, or the registry. To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device. You can find the AUMID by using Windows PowerShell, File Explorer, or the registry.
@ -40,9 +41,7 @@ You can add the `-user <username>` or the `-allusers` parameters to the **Get-Ap
To get the names and AUMIDs for all apps installed for the current user, perform the following steps: To get the names and AUMIDs for all apps installed for the current user, perform the following steps:
1. Open **Run**, enter **shell:Appsfolder**, and select **OK**. 1. Open **Run**, enter **shell:Appsfolder**, and select **OK**.
1. A File Explorer window opens. Press **Alt** > **View** > **Choose details**. 1. A File Explorer window opens. Press **Alt** > **View** > **Choose details**.
1. In the **Choose Details** window, select **AppUserModelId**, and then select **OK**. (You might need to change the **View** setting from **Tiles** to **Details**.) 1. In the **Choose Details** window, select **AppUserModelId**, and then select **OK**. (You might need to change the **View** setting from **Tiles** to **Details**.)
![Image of the Choose Details options.](images/aumid-file-explorer.png) ![Image of the Choose Details options.](images/aumid-file-explorer.png)
@ -53,7 +52,9 @@ Querying the registry can only return information about Microsoft Store apps tha
At a command prompt, type the following command: At a command prompt, type the following command:
`reg query HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package /s /f AppUserModelID | find "REG_SZ"` ```cmd
reg query HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package /s /f AppUserModelID | find "REG_SZ"
```
### Example to get AUMIDs of the installed apps for the specified user ### Example to get AUMIDs of the installed apps for the specified user

106
windows/configuration/kiosk/guidelines-for-assigned-access-app.md
View File

@ -7,29 +7,25 @@ ms.date: 12/31/2017
# Guidelines for choosing an app for assigned access (kiosk mode) # Guidelines for choosing an app for assigned access (kiosk mode)
You can use assigned access to restrict customers at your business to using only one Windows app so your device acts like a kiosk. Administrators can use assigned access to restrict a selected user account to access a single Windows app. You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience. Use assigned access to restrict users to use only one application, so that the device acts like a kiosk. Administrators can use assigned access to restrict a selected user account to access a single Windows app. You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience.
The following guidelines may help you choose an appropriate Windows app for your assigned access experience. The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
## General guidelines ## General guidelines
- Windows apps must be provisioned or installed for the assigned access account before they can be selected as the assigned access app. [Learn how to provision and install apps](/windows/client-management/mdm/enterprise-app-management#install_your_apps). - Windows apps must be provisioned or installed for the assigned access account before they can be selected as the assigned access app. [Learn how to provision and install apps](/windows/client-management/mdm/enterprise-app-management#install_your_apps).
- Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app. If this change happens, you must update the assigned access settings to launch the updated app, because assigned access uses the AUMID to determine which app to launch. - Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app. If this change happens, you must update the assigned access settings to launch the updated app, because assigned access uses the AUMID to determine which app to launch.
- Apps that are generated using the [Desktop App Converter (Desktop Bridge)](/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) can't be used as kiosk apps. - Apps that are generated using the [Desktop App Converter (Desktop Bridge)](/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) can't be used as kiosk apps.
## Guidelines for Windows apps that launch other apps ## Guidelines for Windows apps that launch other apps
Some Windows apps can launch other apps. Assigned access prevents Windows apps from launching other apps. Some apps can launch other apps. Assigned access prevents Windows apps from launching other apps.
Avoid selecting Windows apps that are designed to launch other apps as part of their core functionality. Avoid selecting Windows apps that are designed to launch other apps as part of their core functionality.
## Guidelines for web browsers ## Guidelines for web browsers
Starting with Windows 10 version 1809+, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy) Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren't allowed to go to a competitor's website. In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren't allowed to go to a competitor's website.
@ -49,34 +45,29 @@ In Windows client, you can install the **Kiosk Browser** app from Microsoft to u
### Kiosk Browser settings ### Kiosk Browser settings
Kiosk Browser settings | Use this setting to | Kiosk Browser settings | Use this setting to |
--- | --- |--|--|
Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards. <br><br>For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs. | Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards. <br><br>For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs. |
Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards. <br><br>If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list. | Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards. <br><br>If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list. |
Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL. | Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL. |
Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL. | Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL. |
Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL. | Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL. |
Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. | Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. |
Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. | Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. |
> [!IMPORTANT] To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
> To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
>
> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer. 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer
> 1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18). 1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18)
1. Insert the null character string in between each URL (e.g www.bing.com`&#xF000;`www.contoso.com)
> 1. Insert the null character string in between each URL (e.g www.bing.com`&#xF000;`www.contoso.com). 1. Save the XML file
1. Open the project again in Windows Configuration Designer
> 1. Save the XML file. 1. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed
> 1. Open the project again in Windows Configuration Designer.
> 1. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
>
>
> [!TIP] > [!TIP]
>
> To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](/intune/custom-settings-windows-10) with the following information: > To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](/intune/custom-settings-windows-10) with the following information:
>
> - OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton > - OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton
> - Data type: Integer > - Data type: Integer
> - Value: 1 > - Value: 1
@ -86,57 +77,54 @@ Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh stat
Kiosk Browser filtering rules are based on the [Chromium Project](https://www.chromium.org/Home). Kiosk Browser filtering rules are based on the [Chromium Project](https://www.chromium.org/Home).
URLs can include: URLs can include:
- A valid port value from 1 to 65,535. - A valid port value from 1 to 65,535.
- The path to the resource. - The path to the resource.
- Query parameters. - Query parameters.
More guidelines for URLs: More guidelines for URLs:
- If a period precedes the host, the policy filters exact host matches only. - If a period precedes the host, the policy filters exact host matches only
- You can't use user:pass fields. - You can't use user:pass fields
- When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence. - When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence
- The policy searches wildcards (*) last. - The policy searches wildcards (*) last
- The optional query is a set of key-value and key-only tokens delimited by '&'. - The optional query is a set of key-value and key-only tokens delimited by '&'
- Key-value tokens are separated by '='. - Key-value tokens are separated by '='
- A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching. - A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching
### Examples of blocked URLs and exceptions ### Examples of blocked URLs and exceptions
The following table describes the results for different combinations of blocked URLs and blocked URL exceptions. The following table describes the results for different combinations of blocked URLs and blocked URL exceptions.
Blocked URL rule | Block URL exception rule | Result | Blocked URL rule | Block URL exception rule | Result |
--- | --- | --- |--|--|--|
`*` | `contoso.com`<br>`fabrikam.com` | All requests are blocked unless it's to contoso.com, fabrikam.com, or any of their subdomains. | `*` | `contoso.com`<br>`fabrikam.com` | All requests are blocked unless it's to contoso.com, fabrikam.com, or any of their subdomains. |
`contoso.com` | `mail.contoso.com`<br>`.contoso.com`<br>`.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain. | `contoso.com` | `mail.contoso.com`<br>`.contoso.com`<br>`.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain. |
`youtube.com` | `youtube.com/watch?v=v1`<br>`youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2). | `youtube.com` | `youtube.com/watch?v=v1`<br>`youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2). |
The following table gives examples for blocked URLs. The following table gives examples for blocked URLs.
| Entry | Result | | Entry | Result |
|--------------------------|-------------------------------------------------------------------------------| |--|--|
| `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com | | `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com |
| `https://*` | Blocks all HTTPS requests to any domain. | | `https://*` | Blocks all HTTPS requests to any domain. |
| `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com | | `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com |
| `.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. | | `.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. |
| `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. | | `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. |
| `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. | | `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. |
| `*:8080` | Blocks all requests to port 8080. | | `*:8080` | Blocks all requests to port 8080. |
| `contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. | | `contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. |
| `192.168.1.2` | Blocks requests to 192.168.1.1. | | `192.168.1.2` | Blocks requests to 192.168.1.1. |
| `youtube.com/watch?v=V1` | Blocks YouTube video with id V1. | | `youtube.com/watch?v=V1` | Blocks YouTube video with id V1. |
### Other browsers ### Other browsers
You can create your own web browser Windows app by using the WebView class. Learn more about developing your own web browser app: You can create your own web browser Windows app by using the WebView class. Learn more about developing your own web browser app:
- [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/)
- [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/)
- [WebView class](/uwp/api/Windows.UI.Xaml.Controls.WebView) - [WebView class](/uwp/api/Windows.UI.Xaml.Controls.WebView)
- [A web browser built with JavaScript as a Windows app](https://github.com/MicrosoftEdge/JSBrowser/tree/v1.0) - [A web browser built with JavaScript as a Windows app](https://github.com/MicrosoftEdge/JSBrowser/tree/v1.0)
## Secure your information ## Secure your information
Avoid selecting Windows apps that may expose the information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access. Avoid selecting Windows apps that may expose the information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.

22
windows/configuration/kiosk/kiosk-additional-reference.md
View File

@ -9,14 +9,14 @@ ms.date: 12/31/2017
## In this section ## In this section
Topic | Description | Topic | Description |
--- | --- |--|--|
[Find the Application User Model ID of an installed app](find-the-application-user-model-id-of-an-installed-app.md) | This topic explains how to get the AUMID for an app. | [Find the Application User Model ID of an installed app](find-the-application-user-model-id-of-an-installed-app.md) | This topic explains how to get the AUMID for an app. |
[Validate your kiosk configuration](kiosk-validate.md) | This topic explains what to expect on a multi-app kiosk. | [Validate your kiosk configuration](kiosk-validate.md) | This topic explains what to expect on a multi-app kiosk. |
[Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience. | [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience. |
[Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk. | [Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk. |
[Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration. | [Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration. |
[Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps. | [Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps. |
[Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface. | [Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface. |
[Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. | [Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. |
[Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting) | Tips for troubleshooting multi-app kiosk configuration. | [Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting) | Tips for troubleshooting multi-app kiosk configuration. |

23
windows/configuration/kiosk/kiosk-mdm-bridge.md
View File

@ -1,10 +1,9 @@
--- ---
title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11) title: Use MDM Bridge WMI Provider to create a Windows kiosk
description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
appliesto:
-<a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
ms.topic: article ms.topic: article
ms.date: 12/31/2017 ms.date: 1/26/2024
zone_pivot_groups: windows-versions-11-10
--- ---
# Use MDM Bridge WMI Provider to create a Windows client kiosk # Use MDM Bridge WMI Provider to create a Windows client kiosk
@ -14,13 +13,12 @@ Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/
Here's an example to set AssignedAccess configuration: Here's an example to set AssignedAccess configuration:
1. Download the [psexec tool](/sysinternals/downloads/psexec). 1. Download the [psexec tool](/sysinternals/downloads/psexec).
1. Run `psexec.exe -i -s cmd.exe`. 1. Run `psexec.exe -i -s cmd.exe`.
1. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell. 1. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell.
Step 4 is different for Windows 10 or Windows 11
1. Execute the following script:
Step 4 is different for Windows 10 or Windows 11 ::: zone pivot="windows-10"
1. Execute the following script for Windows 10:
```xml ```xml
$nameSpaceName="root\cimv2\mdm\dmmap" $nameSpaceName="root\cimv2\mdm\dmmap"
@ -80,9 +78,11 @@ $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
Set-CimInstance -CimInstance $obj Set-CimInstance -CimInstance $obj
``` ```
1. Execute the following script for Windows 11: ::: zone-end
```xml ::: zone pivot="windows-11"
```PowerShell
$nameSpaceName="root\cimv2\mdm\dmmap" $nameSpaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess" $className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
@ -146,4 +146,5 @@ $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
"@) "@)
Set-CimInstance -CimInstance $obj Set-CimInstance -CimInstance $obj
``` ```
::: zone-end

4
windows/configuration/kiosk/kiosk-methods.md
View File

@ -21,11 +21,11 @@ Kiosk configurations are based on **Assigned Access**, a feature in Windows clie
There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions. There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions.
- **Which type of app will your kiosk run?** - **Which type of app will your kiosk run?**
Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md) Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md)
- **Which type of kiosk do you need?** - **Which type of kiosk do you need?**
If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-uwp-app) or a Windows desktop application. For a kiosk that people can sign in to with their accounts or that runs more than one app, choose a multi-app kiosk If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-uwp-app) or a Windows desktop application. For a kiosk that people can sign in to with their accounts or that runs more than one app, choose a multi-app kiosk
- **Which edition of Windows client will the kiosk run?** - **Which edition of Windows client will the kiosk run?**
All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode isn't available on Windows Home All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode isn't available on Windows Home
- **Which type of user account will be the kiosk account?** - **Which type of user account will be the kiosk account?**
The kiosk account can be a local standard user account, a local administrator account, a domain account, or a Microsoft Entra account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method The kiosk account can be a local standard user account, a local administrator account, a domain account, or a Microsoft Entra account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method