(155) Microsoft Intune - Kiosk - Assigned Access
- Mr B SOE way
- Jan 21
- 2 min read
I have been working on this for awhile now, moving away from from using the Templates > Kiosk and using an OMA-URI with Assigned Access: https://learn.microsoft.com/en-us/windows/configuration/assigned-access/overview?tabs=intune. By using both 'Assigned Access' OMA-URI profiles, Kiosk automatically logs in after the ESP has been completed.
For Single Kiosk App:
By navigating to Windows Configuration Profiles, select Create then select New Policy then select By platform: Windows 10 and later and Profile type: Templates then select Custom then select Create. Name: AssignedAccess-SingleMode
OMA-URI: ./Vendor/MSFT/AssignedAccess/Configuration
Data type: String (XML file)
Custom XML:
<?xml version="1.0" encoding="utf-8"?>
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" xmlns:v4="http://schemas.microsoft.com/AssignedAccess/2021/config">
<Profiles>
<Profile Id="{bceca31b-867e-4694-ad7d-cfc680019be3}">
<KioskModeApp v4:ClassicAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" v4:ClassicAppArguments="--kiosk https://www.google.com https://www.reddit.com https://www.youtube.com --kiosk-idle-timeout-minutes=2" />
<v4:BreakoutSequence Key="Ctrl+A" />
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount rs5:DisplayName="Kiosk" />
<DefaultProfile Id="{bceca31b-867e-4694-ad7d-cfc680019be3}" />
</Config>
</Configs>
</AssignedAccessConfiguration>For Multi-Kiosk App:
By navigating to Windows Configuration Profiles, select Create then select New Policy then select By platform: Windows 10 and later and Profile type: Templates then select Custom then select Create. Name: AssignedAccess-MultiKiosk-Mode
OMA-URI: ./Vendor/MSFT/AssignedAccess/Configuration
Data type: String (XML file)
Custom XML:
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:win11="http://schemas.microsoft.com/AssignedAccess/2022/config"
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config">
<Profiles>
<Profile Id="{bceca31b-867e-4694-ad7d-cfc680019be3}">
<AllAppsList>
<AllowedApps>
<App DesktopAppPath="%ProgramFiles%\Google\Chrome\Application\chrome.exe" />
<App DesktopAppPath="%PROGRAMFILES(X86)%\Microsoft\Edge\Application\msedge.exe" rs5:AutoLaunch="true" />
</AllowedApps>
</AllAppsList>
<win11:StartPins>
<![CDATA[
{ "pinnedList":[
{"desktopAppLink":"%ProgramFiles%\\Google\\Chrome\\Application\\chrome.exe"},
{"desktopAppLink":"%PROGRAMFILES(X86)%\\Microsoft\\Edge\\Application\\msedge.exe"}
] }
]]>
</win11:StartPins>
<Taskbar ShowTaskbar="true"/>
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount rs5:DisplayName="Kiosk" />
<DefaultProfile Id="{bceca31b-867e-4694-ad7d-cfc680019be3}" />
</Config>
</Configs>
</AssignedAccessConfiguration>Power Management for Kiosk:
In addition to Kiosk, make sure to configure a 'Kiosk Mode - Power Management' using Settings Catalog which is covered from this previous post: https://soeintunedevice.wixsite.com/home/post/142-microsoft-intune-power-plan-always-on Enrollment Status Page (ESP) for Kiosk: Create an ESP to target the Kiosk device group:
Automatic Deployment Profile for Kiosk: Create a Autopilot deployment profile for self-deploying mode for Kiosk:
Commentaires