Fantastic video, Steve and Adam! The explanations and demos were spot-on and incredibly insightful. Your detailed walkthrough of Restricted User Experience and Kiosk setups was both practical and easy to follow. Keep up the great work!. Steve, missed you at the MMS, Adam had a nice time Swimming 🏊😀😀.
Awesome video! Just started down this path and was getting frustrated until I saw your video and realized I was doing it wrong... lol. Is there a way to wipe the kiosk profile after every reboot? Thats the only thing I can see that would also be a benefit to this. Thanks.
We have observed an issue on some kiosk devices where an AppLocker notification appears for end users, indicating that a specific app is not allowed to run. In the AppLocker event log, there are corresponding entries with event ID 8022, such as: 'C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.24900.130.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe' or 'C:\Windows\system32\backgroundTaskHost.exe'. What can be done to resolve this?
Hey Steve, where is your master list of awesome kiosk/configuration/policy/setting things that I need to know about? For real though, I've been frustrated with the state of kiosk settings in Intune, so I'm glad to hear it's getting work.
There was a change to the default behavior for desktop icons to be hidden by default in I think the August 2024 cumulative update. This was due to various complaints regarding the recycle bin, edge and teams icons always being on the desktop. There is no control int he AssignedAccess policy to reenable them at the moment, do you think we should be adding the control?
@@IntuneTrainingwould love to have this as a toggle! We have several webpage shortcuts and PDF documents that are placed on the desktop. Items for quick reference in our patient exam rooms during downtime. We haven’t moved to multi app kiosk yet, but are exploring what’s currently possible.
@@IntuneTraining Thanks for the information! It would be very helpful to have an option in the AssignedAccess policy to manage desktop icons. Having extended control over this would allow us to improve the user experience and avoid unnecessary inconveniences.
1) Is it possible to have a single app kiosk mode that allows for a connected USB label printer? I haven't figure out how to handle something like that. (Check-in Kiosk for Events with Name Badges) 2) SharedPC with Guest and Domain - How can you configure the guest experience to be limited like a single app kiosk (think assigned access that unlocks on logoff) while still having the AAD domain user experience maintain all the pushed Intune policy and apps? Thank you for the Channel. I started my Intune journey with one of your earliest videos.
Simple answer to both is yes, for the first question is a matter of ensuring that the applications/drivers for the printer are on the allowed list of applications. for the second one, the sharedPC and assginedaccess profiles can be applied to user objects from entraID, it's just complicated. We will look to create some videos on the above in the coming weeks/months Happy to hear the channel has been useful for you
Great video. A problem I'm having is with Office 365 apps. We use a device license and push it to the kiosk as a required system app. When kiosk user first logs in, it works fine. When user logs off and system is cleaned for the next session, it will fail to open Office 365 apps. Any advice?
Are you configuring Shared Device Licensing? There’s an option that allows you to save the activation info to a location that Office can reference on next launch so it doesn’t keep trying to activate each time the profile is rebuilt. learn.microsoft.com/en-us/microsoft-365-apps/licensing-activation/overview-shared-computer-activation
Thanks for providing great content 😀 This covers kiosk computers pretty extensively, but what about computers that are shared between multiple users where you don't want to use device policies to restrict all users on the device, just a selected few? In our case, we have to stick with using GPOs because of licensing requirements and user policies from Intune being applied a while after they sign in. Any chance we could see a follow up video to adress these issues? 😊🎉
@@IntuneTraining That's great, thanks! Btw, I tried the "HideRecommendedSection" csp using the device-context and it didn't work. The policy is applied successfully according to intune, but the corresponding registry key never gets created. I'm on a Windows 11 Pro SKU that's been lifted to Windows 11 Business via a Business Premium license. Forum posts seem to indicate that the SKU could be the reason behind this behavior 😢😊
@SweDownhill the CSP setting only requires pro : learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-start#hiderecommendedsection I would confirm it's landing on the device with this: oliverkieselbach.com/2019/10/11/windows-10-mdm-client-activity-monitoring-with-syncml-viewer/ But also make sure if your using the local account that you use the device version of the csp not the user version
@@IntuneTraining Hi, I tried also to remove this Recommended Section (on w11 Pro/Business 24h2) and it didn't apply, and also found online that the Pro SKU could be the problem (opposed to what the m$ site is saying...)
Love these videos guys, but only criticism is length… vids like this are great, but an 1 hour + is a tough ask, could you consider a mini version and then have the directors cut edition on the side… or maybe add chapter markers !
Thanks for the feedback. Short answer is, no, we don’t have time to do that. Directors cut: We used to have someone who would add chapters but haven’t gotten back into doing them. Ultimately it’s easier for you to pause the video and come back to it than for us to spend time editing. We have always prioritized putting as much time into the content as we can and as little time into post production efforts. Basically, this is the best we can do given our limited time we can allocate to this channel.
Fantastic video, Steve and Adam! The explanations and demos were spot-on and incredibly insightful. Your detailed walkthrough of Restricted User Experience and Kiosk setups was both practical and easy to follow. Keep up the great work!. Steve, missed you at the MMS, Adam had a nice time Swimming 🏊😀😀.
Right on time I have been fighting to get this configured on win11 🙏🏻🙌🏻 thanks guys
Intro is best part wyta
Awesome video! Just started down this path and was getting frustrated until I saw your video and realized I was doing it wrong... lol. Is there a way to wipe the kiosk profile after every reboot? Thats the only thing I can see that would also be a benefit to this. Thanks.
Great to hear it was a useful video, turn on sharedpc mode and it will handle the user profiles for you
Hey Steve Where is your master list awesome kiosk configuration policy settings that I need to know about?
In the description for the video
We have observed an issue on some kiosk devices where an AppLocker notification appears for end users, indicating that a specific app is not allowed to run. In the AppLocker event log, there are corresponding entries with event ID 8022, such as: 'C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.24900.130.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe' or 'C:\Windows\system32\backgroundTaskHost.exe'. What can be done to resolve this?
Hey Steve, where is your master list of awesome kiosk/configuration/policy/setting things that I need to know about?
For real though, I've been frustrated with the state of kiosk settings in Intune, so I'm glad to hear it's getting work.
We have added the list into the description of the video :)
Do you have any idea why the desktop icons temporarily disappear when I edit the Kiosk XML in the policy?
There was a change to the default behavior for desktop icons to be hidden by default in I think the August 2024 cumulative update. This was due to various complaints regarding the recycle bin, edge and teams icons always being on the desktop.
There is no control int he AssignedAccess policy to reenable them at the moment, do you think we should be adding the control?
@@IntuneTrainingwould love to have this as a toggle! We have several webpage shortcuts and PDF documents that are placed on the desktop. Items for quick reference in our patient exam rooms during downtime. We haven’t moved to multi app kiosk yet, but are exploring what’s currently possible.
@@IntuneTraining Thanks for the information! It would be very helpful to have an option in the AssignedAccess policy to manage desktop icons. Having extended control over this would allow us to improve the user experience and avoid unnecessary inconveniences.
1) Is it possible to have a single app kiosk mode that allows for a connected USB label printer? I haven't figure out how to handle something like that.
(Check-in Kiosk for Events with Name Badges)
2) SharedPC with Guest and Domain - How can you configure the guest experience to be limited like a single app kiosk (think assigned access that unlocks on logoff) while still having the AAD domain user experience maintain all the pushed Intune policy and apps?
Thank you for the Channel. I started my Intune journey with one of your earliest videos.
Simple answer to both is yes, for the first question is a matter of ensuring that the applications/drivers for the printer are on the allowed list of applications.
for the second one, the sharedPC and assginedaccess profiles can be applied to user objects from entraID, it's just complicated.
We will look to create some videos on the above in the coming weeks/months
Happy to hear the channel has been useful for you
Great video. A problem I'm having is with Office 365 apps. We use a device license and push it to the kiosk as a required system app. When kiosk user first logs in, it works fine. When user logs off and system is cleaned for the next session, it will fail to open Office 365 apps. Any advice?
Are you configuring Shared Device Licensing? There’s an option that allows you to save the activation info to a location that Office can reference on next launch so it doesn’t keep trying to activate each time the profile is rebuilt.
learn.microsoft.com/en-us/microsoft-365-apps/licensing-activation/overview-shared-computer-activation
Thanks for providing great content 😀 This covers kiosk computers pretty extensively, but what about computers that are shared between multiple users where you don't want to use device policies to restrict all users on the device, just a selected few? In our case, we have to stick with using GPOs because of licensing requirements and user policies from Intune being applied a while after they sign in. Any chance we could see a follow up video to adress these issues? 😊🎉
I'll see what we can deliver, some of the controls today are the whole system, so it would be a compromise
@@IntuneTraining That's great, thanks! Btw, I tried the "HideRecommendedSection" csp using the device-context and it didn't work. The policy is applied successfully according to intune, but the corresponding registry key never gets created. I'm on a Windows 11 Pro SKU that's been lifted to Windows 11 Business via a Business Premium license. Forum posts seem to indicate that the SKU could be the reason behind this behavior 😢😊
@SweDownhill the CSP setting only requires pro : learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-start#hiderecommendedsection
I would confirm it's landing on the device with this: oliverkieselbach.com/2019/10/11/windows-10-mdm-client-activity-monitoring-with-syncml-viewer/
But also make sure if your using the local account that you use the device version of the csp not the user version
@@IntuneTraining Hi, I tried also to remove this Recommended Section (on w11 Pro/Business 24h2) and it didn't apply, and also found online that the Pro SKU could be the problem (opposed to what the m$ site is saying...)
Would love to know how you deployed Kiosk Mode using VM. Assuming this is In a Self-Deploy Mode as it failsHon my end due to Hardware Attestation....
We aren't using the self deploying nature of autopilot for the demo, so you need to authenticate with a user to complete the provisioning
Love these videos guys, but only criticism is length… vids like this are great, but an 1 hour + is a tough ask, could you consider a mini version and then have the directors cut edition on the side… or maybe add chapter markers !
Thanks for the feedback. Short answer is, no, we don’t have time to do that.
Directors cut: We used to have someone who would add chapters but haven’t gotten back into doing them. Ultimately it’s easier for you to pause the video and come back to it than for us to spend time editing. We have always prioritized putting as much time into the content as we can and as little time into post production efforts. Basically, this is the best we can do given our limited time we can allocate to this channel.
the beards, they're a growin