Forum Discussion

FloMarks's avatar
FloMarks
Copper Contributor
Apr 13, 2022

Intune doesn't show sync when uses kiosk autostart profile

Goal 

We want to use Intune MDM to create kiosk devices with multiple applications. To set up the devices, we use Autopilot with a SelfDeployment profile. The device will be assigned a Kiosk profile with auto-enrollment enabled.

 

Problem 

Setting up the devices works without any problems and also new apps or changes are synchronized, but we do not get any feedback in intune if changes were successful or not. So to speak, there is only a one-sided synchronization. For example, we can successfully update an application after a successful setup, but Intune always shows us the old version. We know that the autostart function creates a local user and logs in with it and logically this user cannot synchronize. But is this intentional or are we missing something here? There must be a way to synchronize a device with an Autostart Kiosk.

 

If you guys need any information, please let me know.

Intune
Kiosk
mobile device management (mdm)
Synchronize

6 Replies

  • Mr_Helaas's avatar
    Mr_Helaas
    Iron Contributor
    Apr 13, 2022

    hi FloMarks,

     

    how are your apps and configuration assigned? Are those assigned to an user group or a device group? 

    Normally you should assign them to a device group, because the Aad user wil not logon to the device. So, I am just curious how did you configure the kiosk profile. 

    kind regards,

     

    Rene 

  • nhtkid's avatar
    nhtkid
    Iron Contributor
    Apr 13, 2022
    Interesting.
    We run the Zoom Rooms on W10 with Self Deploying enrollment profile and kiosk profile (with default kioskuser0 user only).

    We don't have such a problem you described. And we often push out app updates.

    Are you doing W32 apps or LOB with MSI?
    • FloMarks's avatar
      FloMarks
      Copper Contributor
      Apr 13, 2022

      Thanks for the answer.

      We use Win32 apps the most. So you only use the local kiosk user and don't have a primary user or another account on the device which can trigger the sync?

       

      We get the following error every time we sync on such autostart kiosk devices:

       

      Failed to get AAD token. len = 34 using client id fc0f3af4-6835-4174-b806-f7db311fd2f3 and resource id 26a4ae64-5862-427f-a9b0-044e62572a4f, errorCode = 3399548929]LOG]!><time="14:43:11.1117969" date="4-7-2022" component="IntuneManagementExtension" context="" type="1" thread="20" file="">
<![LOG[Need user interaction to continue.]LOG]!><time="14:43:11.1117969" date="4-7-2022" component="IntuneManagementExtension" context="" type="1" thread="20" file="">
<![LOG[AAD User check is failed, exception is Intune Management Extension Error.
Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed.

       

      nhtkid 

      • nhtkid's avatar
        nhtkid
        Iron Contributor
        Apr 14, 2022
        Interesting! why you are getting AAD user error? How did you configure your kiosk profile?

        We only utilize the default kiosk user. We select "Auto logon" as the log-on type under the kiosk profile, not the local user, not the AAD user.

        And all assignments should go to the device groups.

Resources