Event banner
Event details
Some issues with Multi-App Kiosk Mode, all with Win10 22H2: 1. Local Kiosk account was prompted to connect with a Microsoft account - this should never happen 2. Win+L works on local kiosk account - shouldn't be able to lock a kiosk account, or should at least be able to turn this off 3. Large size tile for Microsoft Edge does not display icon - needed to reduce to Medium size or less 4. Tile size selection for allowed apps ought to allow the choice of "Hidden" - do not want to have to do a custom XML for this 5. Allowed app has a taskbar icon that is not showing although the app itself runs fine and taskbar is set to show - should allow taskbar icons for allowed apps 6. Allowed Win32 apps should not require entry of AUMID - path should be sufficient. (If you have a Modern/Store app you are going to add via AUMID anyway) 7. Setting Device Lock max timeout for my organization results in Kiosk mode not logging in. Reversing the setting doesn't fix the problem. I ended up having to reimage the system. I am now having to target Device Lock max timeout to an assigned Device Group to avoid "contaminating" my kiosks. There should be a better way to get around this - maybe allow a setting in Kiosk configuration to allow override of Device Lock. EDIT 2-4-24: Also Intune does not allow you to Duplicate Kiosk configuration profiles... why? I can duplicate other types of configuration profiles. Also if you configure a PC with multiple monitors for Kiosk mode, the kiosk login will not succeed. Sorry for the long post but my organization really relies on kiosk mode!
- Elizabeth_Greene
Microsoft
The keyboard filter feature is supposed to block Win+L and several other kiosk breaks. Are you configuring the kiosk via Intune or a WICD provisioning package? Given your other question about duplicating profiles I assume it's the latter but wanted to be sure.- Intune... where can I configure keyboard filter in Intune? Thanks!
- Elizabeth_GreeneApologies; WICD configures this by default, but it doesn't look like Intune has a way to configure it natively. Assigned access does block several combinations but not Win-L, Ctrl-Alt-Delete, etc. The overview for Keyboard Filter is here: https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/customize/keyboardfilter It's a Windows Enterprise or Education feature that's not enabled by default. This dism command will enable it. Dism /online /Enable-Feature /FeatureName:Client-KeyboardFilter It's natively configured via WMI, but some sample PowerShell scripts to configure it are here: https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/customize/keyboardfilter-powershell-script-samples I hope this helps.
- KevinMineweaser_MSFTHi David, Thank you for the detailed list. Some of these we are aware of, others will need investigation. I will send your feedback to the feature team. You may want to consider opening a support ticket for the issues you consider blockers as the support teams can help us prioritize and accelerate issues, particularly when multiple customers are impacted. Thank you for the feedback. -Kevin
- Thank you!
