Intune offers single-app and multi-app (Android only) kiosk mode for fully managed iOS and Android devices. This device restriction allows an organization to lock down a mobile device to only a specific app (or apps if multi-app is used) and essentially have it act as a user affinity-less kiosk. Forcing the device into kiosk mode will prevent any of the device’s settings and functions outside of the deployed app to be accessible/useable and the only way to get around the restriction is by removing its assignment/changing the configuration within Intune.  

There are additional device settings that can be configured within the kiosk mode device restriction. Some examples of kiosk mode being utilized are shared iPads being used to display PDF designs, maps and blueprints through a file explorer app by field engineers or shared Zebra devices (Android) being used for their 1st party barcode scanning software in combination with 3rd party inventory software in a warehouse.  

Please see below for both iOS and Android instructions on how to configure kiosk mode: 

iOS: 

  1. Navigate to Devices -> iOS/iPadOS -> Configuration profiles 

  2. Create profile -> Profile type: Templates -> Device restrictions 

  3. Enter in a name for the new restriction profile and then navigate to Kiosk within the Configuration settings 


  4. There are 3 single app types to run kiosk mode in: Store App, Managed App, Built-in App. It is recommended to use Managed App if the application being deployed is already configured within the Intune environment. Selecting any of these options will require either the app’s URL or bundle ID. In this example, we are using a managed app – FE File Explorer – that is already configured within Intune.

    • Unfortunately for iOS, there is only single app kiosk mode available. To have a multi-app kiosk mode experience for iOS devices, it can be easily created with a combination of different device restrictions which encompasses locking down the home screen and restricting the available apps/settings as a shared, user less device.

  5. Lastly, enable or leave Not configured the additional setting restrictions for the kiosk mode experience and finish assigning before confirming and saving the new restriction profile. It is recommended to utilize Azure Active Directory device groups for kiosk mode assignments because user less devices can and most likely will be targeted for this restriction.

Android:

1.      Navigate to Devices -> Android-> Configuration profiles

2.      Create profile -> Platform: Android Enterprise -> Profile type: Fully Managed, Dedicated, and Corporate-Owned: Device restrictions

3.      Enter in a name for the new restriction profile and then navigate to Device experience within Configuration settings

4.      Select Dedicated device for Enrollment profile type and then either Single app or Multi-app for Kiosk mode

  • Single app

 

 

  • Multi-app


 

 

 

5. Android’s kiosk mode has a couple differences from the iOS version. It only offers additional setting restrictions for multi-app mode and it restricts the use of only managed apps that are currently configured within Intune. In this example, we are using a managed app – SBN Inspect+ – that is already configured within Intune.

6. Lastly, configure or leave Not configured the additional setting restrictions for the kiosk mode experience and finish assigning before confirming and saving the new restriction profile. It is recommended to utilize Azure Active Directory device groups for kiosk mode assignments because user less devices can and most likely will be targeted for this restriction.

Nikhil Chandy

Nikhil is one of our Modern Work and Security Engineers in the US. He works with clients to design, develop, and execute Endpoint Management solutions. His career started soon after he graduated from Rutgers University (New Brunswick) in 2014 with a Bachelor’s in Information Technology & Informatics and a minor in Political Science, gaining fundamental IT skills with his first job as part of a large international company’s IT team.

Shortly after, Nikhil transitioned and began to develop his career into Technology Consulting. With his educational and professional background, Nikhil has mastered the ability to provide clients an effective service while still maintaining a human element.