Search This Blog

Tuesday, May 11, 2021

Intune multi app kiosk mode using the new Microsoft edge

Introduction

This is my notes while playing around with kiosk. I was testing the brand-new Kiosk setting for the new Microsoft Edge and the only result I got out of that was a non-working device. Eventlog saying MDM Session: Failed to get AAD Token for sync session User Token: (Unknown Win32 Error code: 0xcaa10001) Device Token: (Incorrect function.). I must mention that it was right after its release and later tests has worked just fine.

So why make a blog post for kiosk using multi app mode? Well because this method just works!

A huge thanks to Microsoft MVP Peter Klapwijk for making a blogpost for multi kiosk environment which helped me in the right direction.

  

Requirements

  • Microsoft Endpoint Manager
  • Windows 10, version 1809 or later, but recommend 1903 or higher as there are so many random TPM errors on 1809.
  • Azure AD join only
  • Physical device with TPM 2.0 (virtual machine is not supported);
  • For more in-depth information see official docs here and also Michael Niehaus's deep insight into Autopilot self-deploying mode here

 

Components in Intune to get multi app kiosk to work

  • Azure AD group
  • Autopilot profile
  • Microsoft Edge application
  • Kiosk policies
  • Powershell script
  • Power Settings

 

Creating Azure AD Group

Login to https://endpoint.microsoft.com/

Go to Groups

clip_image002

 

Press New group

clip_image004

 

Create Group name

Choose membership type

Press Add dynamic query

clip_image006

 

In the right side – Click Edit

Insert a rule that gather all autopilot enabled devices with the Grouptag ID “Tabulex-SFO-FRE” (You can call it whatever you like. Just make sure to keep changing GroupTag throughout the guide)

Click OK

clip_image008

 

Click Save

clip_image010

Creating Autopilot profile

Login to https://endpoint.microsoft.com/

Go to Devices

clip_image012

 

Enroll devices

clip_image014

 

Press Deployment Profiles

clip_image016

 

Create profile -> Windows PC

clip_image018

 

Give it a name

Press next

clip_image020

 

Set Deployment mode

Apply device name template

Enter a name (we will use KIOSK-M-A-1234 which will be M for Multi, A for App and 4 random numbers)

Press next

clip_image022

 

Add groups

clip_image024

 

Search for the group created in the first section

Select it

Press select

clip_image026

 

Review your settings and press Create

clip_image028

Creating Microsoft Edge application

Login to https://endpoint.microsoft.com/

Go to Apps

clip_image030

 

Select Windows

clip_image032

 

Select Add

clip_image034

 

Select Microsoft Edge

Press select in the bottom

clip_image036

 

You can reuse your Microsoft Edge if that already exist, but I like to keep it separate. (It is no different from the default Edge installation)

Press Next
clip_image038

Press Next

clip_image040

 

Press Add group

clip_image042

 

Search for the group created in the first section

Select it

Press select

clip_image043

 

Press Next

clip_image045

 

Review your settings and press create

clip_image047

Creating Kiosk profile

Login to https://endpoint.microsoft.com/

Go to Devices

clip_image048

 

Go to Windows

clip_image050

 

Go to Configuration profiles

clip_image052

 

Create profile

clip_image054

 

Choose Platform

Choose Profile type

Search for kiosk

Press template name – Kiosk

Press create

clip_image056

 

Give it a name

Press next

clip_image058

 

Select a kiosk mode

Select Add Win32 app

clip_image060

 

Application name: Microsoft Edge

Executable file: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Kiosk.lnk

AUMID: MSEdge

Press OK

(You may wonder why we point to a lnk file. It will make sense later in this guide)

clip_image062

 

Press yes in Autolaunch

Press next

clip_image064

 

Add groups

clip_image066

 

Search for the group created in the first section

Select it

Press select

clip_image067

 

Press Next

clip_image069

 

Press Next

clip_image071

 

Review and press create

clip_image073

Applying powershell script

Download this script

Change URL accordingly to what you need it to show (tip: you can see all Edge kiosk possibilities here and add as you need)

Save the script

clip_image075

 

Login to https://endpoint.microsoft.com/

Go to Devices

clip_image076

 

Go to Windows

clip_image077

 

Go to PowerShell script

clip_image079

 

Press Add

clip_image081

 

Add name

Press Next

clip_image083

 

Add script

Press next

clip_image085

 

Press Add groups

clip_image087

 

Search for the group created in the first section

Select it

Press select

clip_image088

 

Review and press add

clip_image090

Applying Microsoft Edge policies

Login to https://endpoint.microsoft.com/

Go to Devices

clip_image091

 

Go to Windows

clip_image077[1]

 

Go to Configuration profiles

clip_image092

 

Create profile

clip_image093

 

Choose Platform

Choose Profile type

Press create

clip_image095

 

Add Name

Press Next

clip_image097

 

Add settings

clip_image099

 

Search for “Power”

Tick the 2 results

(If your device goes to hibernate or other sleep states, you can add from the category “power” as well to prevent that)

clip_image101

 

Enable the settings and set it to 0

Press Next

clip_image103

 

Press Add groups

clip_image105

 

Search for the group created in the first section

Select it

Press select

clip_image106

 

Press Next

clip_image108

 

Press next

clip_image110

 

Review settings and press create

clip_image112

Summary

That’s it folks. How to create a Kiosk device that works very nicely with the ongoing Microsoft Edge versions. You can use the Kiosk mode for many purposes, and this just showed how to come around with a single app in a multi app kiosk mode. Here is a video on the end result.



Happy kiosk deployment!

Posted by at No comments:
Links to this post
Labels: , , , ,
Subscribe to: Posts (Atom)