Monday, 8 December 2014

Microsoft Intune Kiosk mode

Back to Microsoft Intune menu 

Kiosk mode is a really cool new feature introduced in Microsoft Intune. It's very useful for public facing devices. You can implement it by creating a custom Intune configuration policy (Android & iOS only). This blog demonstrates how to deliver kiosk mode to an Android device. The end user will only be able to launch a single application and will be unable to use the volume controls.


I have already enrolled a test Android device.


 I've also added and deployed a managed application (National Geographic). It has been installed on the test device.

So, let's look at the policies. In the Intune Admin Console navigate to Policy > Configuration Policies. 


Select Add to see the available templates. See that there are different templates for each device type as well as common settings.


Android


iOS


Windows


Computer Management


Common settings


We are interested in Android at the moment. Choose "Android Configuration Policy" and "Create and Deploy a Custom Policy".


Edit the policy as required. Switch On "Select a managed app that will be allowed to run when the device is in kiosk mode". Choose a managed application (note that you must have already deployed this to the device through Microsoft Intune). You can only choose one application to run on the device.

I've also chosen to disallow the use of the volume buttons.


After you've created the policy deploy it to the required users or devices.


This is my Android device before the policy is applied.


Very quickly the policy has been applied to the device. Look at the difference. Access to all apps has been removed (except National Geographic). I cannot use any of the buttons to navigate the device.


See what happens when I try to use the volume controls.


I can only launch a single managed app. This is really cool.

In order to reverse this I just have to retire the device. This removes the "kiosk mode" policy.


Retire the device.


Welcome back.

Note that this feature is not yet available in the SCCM 2012/Intune unified solution.


References:

Microsoft have published the following information in the TechNet Library

 Manage devices using configuration policies with Microsoft Intune

 Use policies to manage computers and mobile devices with Microsoft Intune

 Also good blog post by Nico Sienaert

 http://scug.be/nico/2014/12/08/assigned-access-kiosk-mode-with-windows-intune/






Posted by at
Labels:

3 comments:

  1. Anonymous9 March 2016 at 09:45

    Can you Please provide documentation for windows phone for the same?

    ReplyDelete
    Replies
    1. Gerry Hampson11 March 2016 at 16:06

      I don't do "blogs to order". Have a look at this

      http://blogs.technet.com/b/tune_in_to_windows_intune/archive/2014/10/03/windows-phone-8-1-in-kiosk-mode-assigned-access-using-intune-and-configmgr.aspx

      Delete
  2. Cake19 June 2018 at 02:57

    Hi there, do you know of any way to bypass the kiosk lock down for administrator to manage the device, without having to retire or un-enroll the device from Intune please?
    Thanks.

    ReplyDelete

Subscribe to: Post Comments (Atom)