Microsoft Portals
      Back to home
      1. Help Center
      2. Microsoft Portals

      How to Setup Kiosk Auto-Logon with Local Account

      Overview

      Microsoft allows Intune administrators to provision devices for use without the requirement to type in a username or password. This allows users to walk to a device and start using it without the need for a corporate account or an Intune license.

      Microsoft explain the use of kiosk mode devices in their documentation.

      In this article we will go over how to setup a single app kiosk mode device with a local user auto-logon account.

      In this scenario, the device will automatically create a local kiosk user account on the device. When the device reboots, the kiosk user account will automatically log in and the specified application will auto-launch. You can use this to allow users to use a device to browse the internet, check their personal email in lunch rooms, place an order from your menu, and so on. This is a great way to limit what a device can be used for, allowing public access to corporate devices, while maintaining a high security environment.

      Please note the below as per Microsoft's documentation:

      Warning
      The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the kiosk configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.

      Steps

      Contact Devicie to deploy a kiosk mode CIS profile so that your device is secure and is CIS compliant. 

      Microsoft provides a configuration profile template called "Kiosk" to allow Intune administrators to easily setup a configuration profile with a few clicks.

      1. From your Microsoft Intune portal, while logged in as an Intune administrator account navigate to the blade Devices > Configuration > Create > New Policy.
      2. From the Create a profile popup, select
        - Platform: Windows 10 and later
        - Profile type: Templates
        - Template name: Kiosk
      3. Give the profile a name and a description (optional) then click Next.
      4. Select:
        - Select a kiosk mode: Single app, full-screen kiosk
        - User logon type: Auto logon (Windows 10, version 1803 and later, or Windows 11)
        - Application Type: Add Microsoft Edge browser
        Note: For a full list of supported browser features and policies, check this Microsoft article.
        - Edge Kiosk URL: Type in the desired URL.
        - Microsoft Edge kiosk mode type: Select your desired setup type
        - Refresh browser after idle time: This will allow you to automatically refresh the browser every x minutes
        - Setup your maintenance window for your kiosk mode device as required. This will restart the device, install updates, and remove any left over data from previous users' sessions.
      5. Click on Next
      6. Click on Save
      7. Assign the profile to the desired group of devices then click Next
      8. Add your applicability rules (if any) and click Next
      9. Click Create

      Your configuration profile setup is now complete.

      Start enrolling a device to your tenant and sign in with an Intune licensed user to sync your security settings and profiles to the device. Upon restart, the device should auto logon with a kiosk user account.