COSU Configuration and Enrollment using the QR code enrollment method

Hi Thom,

Thanks for all your great questions! I'll do my best to address them all individually. See my responses in bold.

Is there any requirement to push the Intune Company Portal app? I don't believe so as we have it working without it but in your screenshot you have it there.

You will not need to deploy the Company Portal app in this scenario. The apps on the left of the screenshot are the apps that I’ve chosen to be included in the Kiosk profile while the apps on the right are all of the approved Managed Play Apps and web links that are in the “All Apps” list.

Enforcing device PIN - this doesn't seem to work, it would be great to have a video seeing how this happens

I understand the feedback here, however I can confirm the enforcement does work. The user experience at this time is that you will not receive any type of prompt to set a PIN, but when manually navigating to set a PIN, you will see the requirements are there and you won’t be able to set a swipe or pattern as your password.

Web links - We deployed the Microsoft Edge Browser to allow web apps to open, however it nags the end user to sign in with a work account and has unnecessary UI (we don't want them to add new tabs or browse other sites). Are you able to control/hide this, perhaps with an Intune App Configuration Policy?

I am not currently aware of a workaround/solution to this behavior. Intune App Configuration Policies can only apply to Work Profile apps so unfortunately that wouldn’t be possible. We’d like to hear more from you on this so please feel free to open a support case so we can look for a better solution for you.

On our test devices, when using the multi-app kiosk mode, it doesn't have a "home" or "app-switch" button. The only button they get is the "back" one. This makes it very troublesome to get back to the home screen or move between apps. Is that the as-designed behaviour or have I set something wrong?

This is an intentional design choice from Google to heavily lock down the available actions a user can take on the device. Feel free to read about App Pinning and Lock task mode here: https://developer.android.com/work/cosu#pinning

Is the "Kiosk mode" flexible? I can't find any documentation specifically about what restrictions get enforced or if they can be customized (change wallpaper, allow status bar etc)

Not at this time, there are new features yet to come. Stay tuned!

I'm a bit confused on what you say about exiting the Kiosk mode. I take it there is no secret process, e.g. tap somewhere 3 times to enter an "admin unlock" code. If the store manager needed to get to the settings screen to modify something (especially during our early testing phases) is that possible. You say "all you need to do is remove the Managed Home Screen app deployment" but we didn't deploy the app, we just sync'd it and used the kiosk profile to utilize it. Same question if you are only in "single app" mode.

The Managed Home Screen needs to be deployed as Required to your device group for the Kiosk experience to take place. By removing the deployment, the targeted devices will be removed from the Kiosk experience and will allow you to make any changes needed.