45 KiB
description, ms.assetid, author, ms.author, ms.prod, ms.sitesec, title, ms.localizationpriority, ms.date
| description | ms.assetid | author | ms.author | ms.prod | ms.sitesec | title | ms.localizationpriority | ms.date |
|---|---|---|---|---|---|---|---|---|
| Microsoft Edge kiosk mode works with assigned access to allow IT, administrators, to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access. | shortpatti | pashort | edge | library | Deploy Microsoft Edge kiosk mode | high | 07/25/2018 |
Deploy Microsoft Edge kiosk mode (Preview)
Applies to: Microsoft Edge on Windows 10
Preview build 17723
Microsoft Edge kiosk mode works with assigned access to let IT administrators create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access. Learn more about Configuring kiosk and shared devices running Windows desktop editions.
When you configure Microsoft Edge kiosk mode in assigned access, you can set it up to show only a single URL in full-screen, in the case of digital/interactive signage on a single-app kiosk device. You can restrict Microsoft Edge for public browsing (on a single and multi-app kiosk device) which runs a multi-tab version of InPrivate with limited functionality. Also, you can configure a multi-app kiosk device to run a full or normal version of Microsoft Edge.
Digital/Interactive signage and public browsing protects the user’s data by running Microsoft Edge InPrivate. In single-app public browsing, there is both an idle timer and an 'End Session' button. The idle timer resets the browsing session after a specified time of user inactivity.
In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn how to setup your Microsoft Edge kiosk mode experience.
Microsoft Edge kiosk types
Microsoft Edge kiosk mode supports four types, depending on how Microsoft Edge is set up in assigned access; single-app or multi-app kiosk. Learn more about assigned access.
Single-app kiosk
When you set up Microsoft Edge kiosk mode in single-app assigned access, Microsoft Edge runs InPrivate either in full-screen or a limited multi-tab version for public browsing. For more details about setting up a single-app kiosk, see Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education.
The single-app Microsoft Edge kiosk mode types include:
-
Digital / Interactive signage devices display a specific site in full-screen mode in which Microsoft Edge runs InPrivate mode. Examples of Digital signage are a rotating advertisement or menu. Examples of Interactive signage include an interactive museum display or a restaurant order/pay station.
-
Public browsing devices run a limited multi-tab version of InPrivate and Microsoft Edge is the only app available. Users can’t minimize, close, or open new Microsoft Edge windows or customize Microsoft Edge. Users can clear browsing data, downloads and restart Microsoft Edge by clicking the “End session” button. You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy. A public library or hotel concierge desk are two examples of public browsing in single-app kiosk device.
Multi-app kiosk
When you set up Microsoft Edge kiosk mode in multi-app assigned access, Microsoft Edge runs a limited multi-tab version of InPrivate or a normal browsing version. For more details about running a multi-app kiosk, or fixed-purpose device, see Create a Windows 10 kiosk that runs multiple apps. Here you learn how to create kiosks that run more than one app and the benefits of a multi-app kiosk, or fixed-purpose device.
The multi-app Microsoft Edge kiosk mode types include:
-
Public browsing supports browsing the internet and runs InPrivate with minimal features available. In this configuration, Microsoft Edge can be one of many apps available. Users can close and open multiple InPrivate windows. On a multi-app kiosk device, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access. You can enable Enterprise Mode to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other app(s).
-
Normal mode mode runs a full version of Microsoft Edge, but some features may not work depending on what other apps you configured in assigned access. For example, if Internet Explorer 11 is set up in assigned access, you can enable Enterprise Mode to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
Let’s get started!
Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Edge in assigned access. You can set up Microsoft Edge kiosk mode in assigned access using:
-
Windows Settings. Best for physically setting up a single device as a kiosk. With this method, you set up assigned access and configure the kiosk or digital sign device using Settings. You can configure Microsoft Edge in single-app (kiosk type – Full-screen or public browsing) and define a single URL for the Home button, Start page, and New tab page. You can also set the reset after an idle timeout.
-
Microsoft Intune or other MDM service. Best for setting up multiple devices as a kiosk. With this method, you configure Microsoft Edge in assigned access and configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access.
Note
For other MDM service, check with your provider for instructions.
-
Windows PowerShell. Best for setting up multiple devices as a kiosk. With this method, you can set up single-app or multi-app assigned access using a PowerShell script. For details, see For details, see Set up a kiosk or digital sign using Windows PowerShell.
-
Windows Configuration Designer. Best for setting up multiple kiosk devices. Download and install both the latest version of the Windows Assessment and Deployment Kit (ADK) and Windows Configuration Manager.
Prerequisites
-
Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education).
-
Configuration and deployment service, such as Windows PowerShell, Microsoft Intune or other MDM service, or Windows Configuration Designer. With these methods, you must have the AppUserModelID; this does not apply to the Windows Settings method.
Important
If you are using a local account as a kiosk account in Intune or provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
Use Windows Settings
Windows Settings is the simplest and easiest way to set up one or a couple of devices because you must perform these steps on each device. This method is ideal for small businesses.
-
In Windows Settings, select Accounts > Other people.
-
Under Set up a kiosk, select Assigned access.
-
Select Get started.
-
Create a standard user account or choose an existing account for your kiosk.
-
Select Next.
-
On the Choose a kiosk app page, select Microsoft Edge.
-
Select Next.
-
Select how Microsoft Edge displays when running in kiosk mode:
-
As a digital sign or interactive display, the default URL shows in full screen, without browser controls.
-
As a public browser, the default URL shows in a browser view with limited browser controls.
-
-
Select Next.
-
Enter the URL that you want to load when the kiosk launches.
>[!NOTE]
>The URL sets the Home button, Start page, and New tab page.
-
Microsoft Edge in kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue. If Continue is not selected, Microsoft Edge resets to the default URL. You can accept the default value of 5 minutes, or you can choose your own idle timer value.
-
Select Next, and then select Close.
-
Close Settings to save your choices automatically and apply them the next time the user account logs on.
-
Configure the policies for Microsoft Edge kiosk mode. For details on the valid kiosk policy settings, see Relevant policies.
-
Validate the Microsoft Edge kiosk mode by restarting the device and signing in with the local kiosk account.
Congratulations! You’ve finished setting up Microsoft Edge in assigned access and a kiosk or digital sign, and configured browser policies for Microsoft Edge kiosk mode.
Next steps.
-
Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
-
If you want to make changes to your kiosk, you can quickly change the display option and default URL for Microsoft Edge.
-
Go to Start > Settings > Accounts > Other people.
-
Under Set up a kiosk, select Assigned access.
-
Make your changes to Choose a kiosk mode and Set up Microsoft Edge.
-
Use Microsoft Intune or other MDM service
With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge kiosk mode in assigned access and how it behaves on a kiosk device.
-
In Microsoft Intune or other MDM service, configure AssignedAccess to prevent users from accessing the file system, running executables, or other apps.
-
Configure the following MDM settings to control a web browser app on the kiosk device.
ConfigureKioskMode 
Configure the display mode for Microsoft Edge as a kiosk app. URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
Data type: Integer
Allowed values:
- Single-app kiosk experience
- 0 - Digital signage and interactive display
- 1 - InPrivate Public browsing
- Multi-app kiosk experience
- 0 - Normal Microsoft Edge running in assigned access
- 1 - InPrivate public browsing with other apps
ConfigureKioskResetAfterIdleTimeout Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
Data type: Integer
Allowed values:
- 0 - No idle timer
- 1-1440 (5 minutes is the default) - Set reset on idle timer
HomePages Set one or more start pages, URLs, to load when Microsoft Edge launches. URI full path: ./Vendor/MSFT/Policy/Config/Browser/HomePages
Data type: String
Allowed values:
Enter one or more URLs, for example,
<https://www.msn.com><https:/www.bing.com>ConfigureHomeButton Configure how the Home Button behaves. URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton
Data type: Integer
Allowed values:
- 0 (default) - Not configured. Show home button, and load the default Start page.
- 1 - Enabled. Show home button and load New tab page
- 2 - Enabled. Show home button & set a specific page.
- 3 - Enabled. Hide the home button.
SetNewTabPageURL Set a custom URL for the New tab page. URI full path: ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL
Data type: String
Allowed values: Enter a URL, for example, https://www.msn.com
SetHomeButtonURL If you set ConfigureHomeButton to 2, configure the home button URL. URI full path: ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL
Data type: String
Allowed values: Enter a URL, for example, https://www.bing.com
- Single-app kiosk experience
3. Restart the device and sign in using the kiosk app user account.
Congratulations! You’ve finished setting up a kiosk or digital signage and configuring policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
Next steps. Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
Use a provisioning package
With this method, you can use a provisioning package to configure Microsoft Edge kiosk mode in assigned access. After you set up the provisioning package for configuring Microsoft Edge in assigned access, you configure how Microsoft Edge behaves on a kiosk device.
-
Open Windows Configuration Designer to create a provisioning package and configure Microsoft Edge in assigned access.
-
After creating the provisioning package and configuring assigned access, and before you build the package, switch to the advanced editor.
-
Navigate to Runtime settings > Policies > Browser and set the following policies:
ConfigureKioskMode Configure the display mode for Microsoft Edge as a kiosk app. URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
Data type: Integer
Allowed values:
- Single-app kiosk experience
- 0 - Digital signage and interactive display
- 1 - InPrivate Public browsing
- Multi-app kiosk experience
- 0 - Normal Microsoft Edge running in assigned access
- 1 - InPrivate public browsing with other apps
ConfigureKioskResetAfterIdleTimeout Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
Data type: Integer
Allowed values:
- 0 - No idle timer
- 1-1440 (5 minutes is the default) - Set reset on idle timer
HomePages Set one or more start pages, URLs, to load when Microsoft Edge launches. URI full path: ./Vendor/MSFT/Policy/Config/Browser/HomePages
Data type: String
Allowed values:
Enter one or more URLs, for example,
<https://www.msn.com><https:/www.bing.com>ConfigureHomeButton Configure how the Home Button behaves. URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton
Data type: Integer
Allowed values:
- 0 (default) - Not configured. Show home button, and load the default Start page.
- 1 - Enabled. Show home button and load New tab page
- 2 - Enabled. Show home button & set a specific page.
- 3 - Enabled. Hide the home button.
SetNewTabPageURL Set a custom URL for the New tab page. URI full path: ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL
Data type: String
Allowed values: Enter a URL, for example, https://www.msn.com
SetHomeButtonURL If you set ConfigureHomeButton to 2, configure the home button URL. URI full path: ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL
Data type: String
Allowed values: Enter a URL, for example, https://www.bing.com
- Single-app kiosk experience
4. After you’ve configured the Microsoft Edge kiosk mode policies, including any of the related policies, it’s time to build the package.
-
Click Finish. The wizard closes taking you back to the Customizations page.
-
Apply the provisioning package to the device, which you can do during the first-run experience (out-of-box experience or OOBE) and after (runtime). For more details, see Apply a provisioning package.
Congratulations! You’ve finished creating your provisioning package for Microsoft Edge kiosk mode.
Next steps. Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
Relevant policies
Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see Policy CSP - Browser.
* New policy coming in the next release of Windows 10.
1) For multi-app assigned access, you must configure Internet Explorer 11.
2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun].(https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.
Legend:
= Not applicable or not supported
= Supported
Related topics
-
Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education: Learn about the different methods to configuring your kiosks and digitals signs. Also, learn about the settings you can use to lock down the kiosk for a more secure kiosk experience.
-
Create a Kiosk Experience: Learn how to set up single-function kiosk devices, such as restaurant menus, and optional features for a welcome screen or power button availability. Also, learn how to create a multi-app kiosk, or fixed-purpose device, to provide an easy-to-understand experience giving users the things they need to use.
-
Configure a Windows 10 kiosk that runs multiple apps: Learn how to create kiosks that run more than one app and the benefits of a multi-app kiosk, or fixed-purpose device.
-
Kiosk apps for assigned access best practices: In Windows 10, you can use assigned access to create a kiosk device, which enables users to interact with just a single Universal Windows app. Learn about the best practices for implementing a kiosk app.
-
Guidelines for choosing an app for assigned access (kiosk mode): Assigned access restricts a local standard user account on the device so that it only has access to a single-function device, like a kiosk. Learn about the guidelines for choosing a Windows app, web browsers, and securing your information. Also, learn about additional configurations required for some apps before it can work properly in assigned access.
-
Other settings to lock down: Learn how to configure a more secure kiosk experience. In addition to the settings, learn how to set up automatic logon for your kiosk device. For example, when the kiosk device restarts, you can log back into the device manually or by setting up automatic logon.
-
Add apps to Microsoft Intune: Learn about and understand a few app fundamentals and requirements before adding them to Intune and making them available to your users.
-
AssignedAccess configuration service provider (CSP): The AssignedAccess configuration service provider (CSP) sets the device to run in kiosk mode. Once the CSP has executed, then the next user login associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
-
Create a provisioning page for Windows 10: Learn to use Windows Configuration Designer (WCD) to create a provisioning package (.ppkg) for configuring devices running Windows 10. The WCD wizard options provide a simple interface to configure desktop, mobile, and kiosk device settings.
Known issues with prerelease build 17723
When you set up Microsoft Edge kiosk mode on a single-app kiosk device you must set the “ConfigureKioskMode” policy because the default behavior is not honored.
- Expected behavior – Microsoft Edge kiosk mode launches in full-screen mode.
- Actual behavior – Normal Microsoft Edge launches.
Provide feedback or get support
To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select Microsoft Edge as the Category, and All other issues as the subcategory.
For multi-app kiosk only. If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select Microsoft Edge as the Category, and All other issues as the subcategory.
Feature comparison of kiosk mode and kiosk browser app
In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
| Feature | Microsoft Edge kiosk mode | Kiosk Browser |
|---|---|---|
| Print support | |
|
| Multi-tab support | |
|
| Allow URL support | *For Microsoft Edge kiosk mode use Windows Defender Firewall. Microsoft kiosk browser has custom policy support. |
|
| Block URL support | *For Microsoft Edge kiosk mode use Windows Defender Firewall. Microsoft kiosk browser has custom policy support. |
|
| Configure Home button | |
|
| Set Start page(s) URL | |
Same as Home button URL |
| Set New Tab page URL | |
|
| Favorites management | |
|
| End session button | |
In Intune, must create custom URI to enable. Dedicated UI configuration targeted for 1808. |
| Reset on inactivity | |
|
| Internet Explorer integration (Enterprise Mode site list) | Multi-app mode only |
|
*Windows Defender Firewall
To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see Windows Defender Firewall with Advanced Security Deployment.