deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-11 04:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/configuration/assigned-access/quickstart-kiosk.md
Paolo Matarazzo f650e66d98 merge
2025-03-05 16:43:47 -05:00

5.2 KiB
Raw Blame History

title, description, ms.topic, ms.date
title description ms.topic ms.date
Quickstart: Configure a Single-App Kiosk With Assigned Access Learn how to configure a single-app kiosk with Assigned Access using the Assigned Access configuration service provider (CSP), Microsoft Intune, PowerShell, or group policy (GPO). quickstart 02/27/2025

Quickstart: configure a single-app kiosk with Assigned Access

This quickstart provides practical examples of how to configure a single-app kiosk on Windows with Assigned Access. The examples describe the steps using the Settings app, a mobile device management solution (MDM) like Microsoft Intune, provisioning packages (PPKG), and PowerShell. While different solutions are used, the configuration settings and results are the same.

The examples can be modified to fit your specific requirements. For example, you can change the app used, the URL specified when opening Microsoft Edge, or change the name of the user that automatically signs in to Windows.

Prerequisites

[!div class="checklist"] Here's a list of requirements to complete this quickstart:

  • A Windows device
  • Microsoft Intune, or a non-Microsoft MDM solution, if you want to configure the settings using MDM
  • Windows Configuration Designer, if you want to configure the settings using a provisioning package
  • Access to the psexec tool, if you want to test the configuration using Windows PowerShell

Configure a kiosk

[!INCLUDE tab-intro]

:::image type="icon" source="../images/icons/intune.svg"::: Intune/CSP

Tip

Use the following Graph call to automatically create a custom policy in your Microsoft Intune tenant without assignments nor scope tags.

When using this call, authenticate to your tenant in the Graph Explorer window. If it's the first time using Graph Explorer, you may need to authorize the application to access your tenant or to modify the existing permissions. This graph call requires DeviceManagementConfiguration.ReadWrite.All permissions.

[!INCLUDE quickstart-kiosk-intune]

Alternatively, you can configure devices using a custom policy with the AssignedAccess CSP.

  • Setting: ./Vendor/MSFT/AssignedAccess/Configuration
  • Value:

[!INCLUDE quickstart-kiosk-xml]

Assign the policy to a group that contains as members the devices that you want to configure.

:::image type="icon" source="../images/icons/provisioning-package.svg"::: PPKG

[!INCLUDE provisioning-package-1]

  • Path: AssignedAccess/MultiAppAssignedAccessSettings
  • Value:

[!INCLUDE quickstart-kiosk-xml]

[!INCLUDE provisioning-package-2]

:::image type="icon" source="../images/icons/powershell.svg"::: PowerShell

[!INCLUDE powershell-wmi-bridge-1]

[!INCLUDE quickstart-kiosk-ps]

[!INCLUDE powershell-wmi-bridge-2]

:::image type="icon" source="../images/icons/settings-app.svg"::: Settings

Here are the steps to configure a kiosk using the Settings app:

  1. Open the Settings app to view and configure a device as a kiosk. Go to Settings > Accounts > Other Users, or use the following shortcut:

    [!div class="nextstepaction"]

    Other Users

  2. Under Set up a kiosk, select Get Started

  3. In the Create an account dialog, enter the account name, and select Next

    Note

    If there are any local standard user accounts already, the Create an account dialog offers the option to Choose an existing account

  4. Choose the application to run when the kiosk account signs in. If you select Microsoft Edge as the kiosk app, you configure the following options:

    • Whether Microsoft Edge should display your website full-screen (digital sign) or with some browser controls available (public browser)
    • Which URL should be open when the kiosk accounts signs in
    • When Microsoft Edge should restart after a period of inactivity (if you select to run as a public browser)

  5. Select Close

User experience

After the settings are applied, reboot the device. A local user account is automatically signed in, opening Microsoft Edge.

Remove Assigned Access

Once you no longer need the kiosk configuration, you can remove it.

Here's a PowerShell example to remove the Assigned Access configuration:

$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = $null
Set-CimInstance -CimInstance $obj

Reboot the device to apply the changes.

Next steps

[!div class="nextstepaction"] Learn more about Assigned Access and how to configure it:

Assigned Access overview