Update Assigned Access configuration

2025-05-12 13:27:23 +00:00 · 2024-02-16 13:49:48 +01:00 · 2024-02-16 13:49:48 +01:00 · b78756be92
commit b78756be92
parent b316826d20
7 changed files with 50 additions and 23 deletions
--- a/windows/configuration/assigned-access/_kiosk-single-app.md
+++ b/windows/configuration/assigned-access/_kiosk-single-app.md
@ -266,12 +266,6 @@ Account type:
 - Local standard user
 - Microsoft Entra ID

-Microsoft Intune and other MDM services enable kiosk configuration through the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp). Assigned Access has a `KioskModeApp` setting. In the `KioskModeApp` setting, you enter the user account name and the [AUMID](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the app to run in kiosk mode.
-
->[!TIP]
->A ShellLauncher node has been added to the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp).
-
-To configure a kiosk in Microsoft Intune, see [Windows client and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings). For other MDM services, see the documentation for your provider.

 ## Sign out of assigned access

--- a/windows/configuration/assigned-access/assigned-access-quickstart-kiosk.md
+++ b/windows/configuration/assigned-access/assigned-access-quickstart-kiosk.md
@ -3,12 +3,16 @@ title: "Quickstart: Configure a kiosk experience with Assigned Access"
 description: Learn how to configure a kiosk experience with Assigned Access, using Windows Configuration Designer, Microsoft Intune, PowerShell or GPO.
 ms.topic: quickstart
 ms.date: 02/05/2024
-appliesto:
- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 ---

 # Quickstart: Configure a kiosk with Assigned Access

+When you configure Windows as a *kiok*, you assign a single application to run above the lock screen. This is useful for public-facing scenarios, such as a digital sign or a public browser.
+
+This quickstart provides practical examples of how to configure a kiosk experience on Windows. The examples describe the steps using the Settings app, a mobile device management solution (MDM) like Microsoft Intune, provisioning packages (PPKG), and PowerShell. While different solutions are used, the configuration settings and results are the same.
+
+The examples can be modified to fit your specific requirements. For example, you can change the app used, the URL specified when opening Microsoft Edge, or change the name of the user that automatically signs in to Windows.
+
 ## Prerequisites

 >[!div class="checklist"]
@ -44,7 +48,7 @@ Here are the steps to configure a kiosk using the Settings app:
    - Which URL should be open when the kiosk accounts signs in
    - When Microsoft Edge should restart after a period of inactivity (if you select to run as a public browser)

-    :::image type="content" source="images/settings-choose-app.png" alt-text="Screenshot of the dialog box asking to select an app.":::
+    :::image type="content" source="images/settings-choose-app.png" alt-text="Screenshot of the dialog box asking to select an app." border="false":::

 1. Select **Close**

@ -89,16 +93,14 @@ Alternatively, you can configure devices using a [custom policy][MEM-1] with the

 ## User experience

-If you used the Settings app to configure the kiosk, sign out and sign in with the account you chose to use as a kiosk. The kiosk application is automatically launched.
-
-If you used the other options to configure the kiosk, reboot the device. A local user account named `Airport Kiosk` is automatically signed in, opening Microsoft Edge with an airport map.
+After the settings are applied, reboot the device. A local user account is automatically signed in, opening Microsoft Edge with an airport map.

 ## Next steps

 > [!div class="nextstepaction"]
-> Learn more how to configure Windows to execute as a restricted user experience:
+> Learn more how to configure Windows to run a single app or multiple apps with Assigned Access:
 >
-> [Configure a restricted user experience](lock-down-windows-11-to-specific-apps.md)
+> [Create an Assigned Access configuration file](create-assigned-access-configuration.md)

 <!--links-->

--- a/windows/configuration/assigned-access/assigned-access-quickstart-restricted-experience.md
+++ b/windows/configuration/assigned-access/assigned-access-quickstart-restricted-experience.md
@ -4,14 +4,14 @@ description: Learn how to configure a restricted user experience using Windows C
 ms.topic: quickstart
 ms.date: 02/05/2024
 appliesto:
- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+zone_pivot_groups: windows-versions-11-10
 ---

 # Quickstart: Configure a restricted user experience with Assigned Access

-With a *restricted user experience*, you can control the applications allowed in a locked down Windows desktop.
+With a *restricted user experience*, you can configure Windows to run a limited set of applications in a locked down desktop. This is useful for scenarios where you want to provide a limited set of apps to a user, such as a library catalog, a school device, or a museum guide.

-This quickstart provides practical examples of how to configure a restricted user experience on Windows 11. The examples describe the steps using a mobile device management solution (MDM) like Microsoft Intune, provisioning packages (PPKG), and PowerShell. While different solutions are used, the configuration settings and results are the same.
+This quickstart provides practical examples of how to configure a restricted user experience on Windows. The examples describe the steps using a mobile device management solution (MDM) like Microsoft Intune, provisioning packages (PPKG), and PowerShell. While different solutions are used, the configuration settings and results are the same.

 The examples can be modified to fit your specific requirements. For example, you can add or remove applications from the list of allowed apps, or change the name of the user that automatically signs in to Windows.

@ -20,7 +20,7 @@ The examples can be modified to fit your specific requirements. For example, you
 >[!div class="checklist"]
 >Here's a list of requirements to complete this quickstart:
 >
->- A Windows 11 device
+>- A Windows device
 >- Microsoft Intune, or a non-Microsoft MDM solution, if you want to configure the settings using MDM
 >- Windows Configuration Designer, if you want to configure the settings using a provisioning package
 >- Access to the [psexec tool](/sysinternals/downloads/psexec), if you want to test the configuration using Windows PowerShell
@ -70,16 +70,24 @@ Alternatively, you can configure devices using a [custom policy][MEM-1] with the

 ## User experience

-After the settings are applied, reboot the device. A user account named `Library Kiosk` is automatically signed in, with access to a limited set of applications, which are pinned to the Start menu.
+After the settings are applied, reboot the device. A local user account is automatically signed in, with access to a limited set of applications, which are pinned to the Start menu.

-:::image type="content" source="images/quickstart-restricted-experience.png" alt-text="Screenshot of the Windows desktop used for the quickstart." border="false":::
+::: zone pivot="windows-11"
+:::image type="content" source="images/restricted-user-experience-windows-11.png" alt-text="Screenshot of the Windows 11 desktop used for the quickstart." border="false":::
+
+::: zone-end
+
+::: zone pivot="windows-10"
+:::image type="content" source="images/restricted-user-experience-windows-10.png" alt-text="Screenshot of the Windows 10 desktop used for the quickstart." border="false":::
+
+::: zone-end

 ## Next steps

 > [!div class="nextstepaction"]
-> Learn more how to configure Windows to execute as a restricted user experience:
+> Learn more how to configure Windows to run a single app or multiple apps with Assigned Access:
 >
-> [Configure a restricted user experience](lock-down-windows-11-to-specific-apps.md)
+> [Create an Assigned Access configuration file](create-assigned-access-configuration.md)

 <!--links-->

--- a/windows/configuration/assigned-access/images/restricted-user-experience-windows-10.png
+++ b/windows/configuration/assigned-access/images/restricted-user-experience-windows-10.png
--- a/windows/configuration/assigned-access/images/restricted-user-experience-windows-11.png
+++ b/windows/configuration/assigned-access/images/restricted-user-experience-windows-11.png
--- a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-ps.md
+++ b/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-ps.md
@ -33,6 +33,29 @@ $assignedAccessConfiguration = @"
                <rs5:AllowedNamespace Name="Downloads"/>
                <v3:AllowRemovableDrives/>
            </rs5:FileExplorerNamespaceRestrictions>
+            <StartLayout>
+                <![CDATA[
+                    <LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                        <LayoutOptions StartTileGroupCellWidth="6" />
+                        <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                            <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="">
+                                <start:Tile Size="2x2" Column="0" Row="4" AppUserModelID="windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel" />
+                                <start:DesktopApplicationTile Size="2x2" Column="2" Row="4" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk" />
+                                <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                                <start:DesktopApplicationTile Size="2x2" Column="4" Row="2" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
+                                <start:DesktopApplicationTile Size="2x2" Column="2" Row="2" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk" />
+                                <start:Tile Size="2x2" Column="2" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
+                                <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
+                                <start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk" />
+                            </start:Group>
+                            </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                        </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
            <v5:StartPins>
                <![CDATA[{
                    "pinnedList":[
--- a/windows/configuration/assigned-access/toc.yml
+++ b/windows/configuration/assigned-access/toc.yml
@ -39,5 +39,5 @@ items:
      href: assigned-access-xsd.md
    - name: Shell Launcher XSD
      href: shell-launcher-xsd.md
-    - name: Policies enforced on kiosk devices
+    - name: Policies enforced by Assigned Access
      href: kiosk-policies.md