Go to mindcore.dk

Intune multi app kiosk mode using the new Microsoft edge

Intune multi app kiosk mode using the new Microsoft edge

Introduction

This is my notes while playing around with kiosk. I was testing the brand-new Kiosk setting for the new Microsoft Edge and the only result I got out of that was a non-working device. Eventlog saying MDM Session: Failed to get AAD Token for sync session User Token: (Unknown Win32 Error code: 0xcaa10001) Device Token: (Incorrect function.). I must mention that it was right after its release and later tests has worked just fine.

So why make a blog post for kiosk using multi app mode? Well because this method just works!

A huge thanks to Microsoft MVP Peter Klapwijk for making a blogpost for multi kiosk environment which helped me in the right direction.

  

Requirements

  • Microsoft Endpoint Manager
  • Windows 10, version 1809 or later, but recommend 1903 or higher as there are so many random TPM errors on 1809.
  • Azure AD join only
  • Physical device with TPM 2.0 (virtual machine is not supported);
  • For more in-depth information see official docs here and also Michael Niehaus’s deep insight into Autopilot self-deploying mode here

 

Components in Intune to get multi app kiosk to work

  • Azure AD group
  • Autopilot profile
  • Microsoft Edge application
  • Kiosk policies
  • Powershell script
  • Power Settings

 

Creating Azure AD Group

Login to https://endpoint.microsoft.com/

Go to Groups

clip_image002

 

Press New group

clip_image004

 

Create Group name

Choose membership type

Press Add dynamic query

clip_image006

 

In the right side – Click Edit

Insert a rule that gather all autopilot enabled devices with the Grouptag ID “Tabulex-SFO-FRE” (You can call it whatever you like. Just make sure to keep changing GroupTag throughout the guide)

Click OK

clip_image008

 

Click Save

clip_image010

Creating Autopilot profile

Login to https://endpoint.microsoft.com/

Go to Devices

clip_image012

 

Enroll devices

clip_image014

 

Press Deployment Profiles

clip_image016

 

Create profile -> Windows PC

clip_image018

 

Give it a name

Press next

clip_image020

 

Set Deployment mode

Apply device name template

Enter a name (we will use KIOSK-M-A-1234 which will be M for Multi, A for App and 4 random numbers)

Press next

clip_image022

 

Add groups

clip_image024

 

Search for the group created in the first section

Select it

Press select

clip_image026

 

Review your settings and press Create

clip_image028

Creating Microsoft Edge application

Login to https://endpoint.microsoft.com/

Go to Apps

clip_image030

 

Select Windows

clip_image032

 

Select Add

clip_image034

 

Select Microsoft Edge

Press select in the bottom

clip_image036

 

You can reuse your Microsoft Edge if that already exist, but I like to keep it separate. (It is no different from the default Edge installation)

Press Next
clip_image038

Press Next

clip_image040

 

Press Add group

clip_image042

 

Search for the group created in the first section

Select it

Press select

clip_image043

 

Press Next

clip_image045

 

Review your settings and press create

clip_image047

Creating Kiosk profile

Login to https://endpoint.microsoft.com/

Go to Devices

clip_image048

 

Go to Windows

clip_image050

 

Go to Configuration profiles

clip_image052

 

Create profile

clip_image054

 

Choose Platform

Choose Profile type

Search for kiosk

Press template name – Kiosk

Press create

clip_image056

 

Give it a name

Press next

clip_image058

 

Select a kiosk mode

Select Add Win32 app

clip_image060

 

Application name: Microsoft Edge

Executable file: %ALLUSERSPROFILE%MicrosoftWindowsStart MenuProgramsKiosk.lnk

AUMID: MSEdge

Press OK

(You may wonder why we point to a lnk file. It will make sense later in this guide)

clip_image062

 

Press yes in Autolaunch

Press next

clip_image064

 

Add groups

clip_image066

 

Search for the group created in the first section

Select it

Press select

clip_image067

 

Press Next

clip_image069

 

Press Next

clip_image071

 

Review and press create

clip_image073

Applying powershell script

Download this script

Change URL accordingly to what you need it to show (tip: you can see all Edge kiosk possibilities here and add as you need)

Save the script

clip_image075

 

Login to https://endpoint.microsoft.com/

Go to Devices

clip_image076

 

Go to Windows

clip_image077

 

Go to PowerShell script

clip_image079

 

Press Add

clip_image081

 

Add name

Press Next

clip_image083

 

Add script

Press next

clip_image085

 

Press Add groups

clip_image087

 

Search for the group created in the first section

Select it

Press select

clip_image088

 

Review and press add

clip_image090

Applying Microsoft Edge policies

Login to https://endpoint.microsoft.com/

Go to Devices

clip_image091

 

Go to Windows

clip_image077[1]

 

Go to Configuration profiles

clip_image092

 

Create profile

clip_image093

 

Choose Platform

Choose Profile type

Press create

clip_image095

 

Add Name

Press Next

clip_image097

 

Add settings

clip_image099

 

Search for “Power”

Tick the 2 results

(If your device goes to hibernate or other sleep states, you can add from the category “power” as well to prevent that)

clip_image101

 

Enable the settings and set it to 0

Press Next

clip_image103

 

Press Add groups

clip_image105

 

Search for the group created in the first section

Select it

Press select

clip_image106

 

Press Next

clip_image108

 

Press next

clip_image110

 

Review settings and press create

clip_image112

Summary

That’s it folks. How to create a Kiosk device that works very nicely with the ongoing Microsoft Edge versions. You can use the Kiosk mode for many purposes, and this just showed how to come around with a single app in a multi app kiosk mode. Here is a video on the end result.

Happy kiosk deployment!

Share this post

Table of Contents

Share this post
Search blog posts
Authors

Mattias Melkersen Kalvåg

Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.

View profile

Linkedin Youtube Twitter

Sune Thomsen

Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

View profile

Linkedin Twitter

Lars Lohmann Blem

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

View profile

Linkedin Twitter

Thomas Frederiksen

Passionate IT professional with 20+ experience in IT architecture, consulting, and design. 

View profile

Linkedin

Michael Nielsen

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

View profile

Linkedin

Daniel Britze

M.Sc Cybersecurity student specializing in Microsoft Sentinel Solutions

View profile

Linkedin

Frank van Zandwijk

M.Sc Cybersecurity student specializing in Microsoft Sentinel Solutions

View profile

Linkedin

Henning Hofflund

Infrastructure architect with focus on design, implementation, migration and consolidation.

View profile

Linkedin

Martin Vittrup Henriksen

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

View profile

Linkedin Twitter
follow us in feedly
Categories

    • Follow on SoMe

    Linkedin Twitter

    Contact us

    Follow us

    Linkedin Twitter