By: Saurabh Sarkar – Product Manager 2 | Microsoft Intune

I'm Saurabh Sarkar and I've had the opportunity to collaborate with several customers on effectively managing their Windows kiosk devices to enhance productivity with Microsoft Intune. This post covers some of my experience, recommendations, and additional takeaways from these collaborations. It’s a continuation of our From the frontlines series which focuses on frontline worker scenarios. In this post, we’ll explore how to effectively utilize Intune to enhance the productivity of frontline workers in two example sectors: the airline industry and the food and beverage sector (restaurants).

Background

Kiosk devices are integral to modern business operations, particularly in retail, manufacturing, and the airline industry. These devices serve as dedicated terminals for specific tasks, enhancing efficiency and productivity. In retail, kiosks are commonly used for customer service functions such as self-checkout, product information, and order placement. They provide a seamless and interactive experience for customers, reducing wait times and improving satisfaction. In manufacturing and factory settings, kiosk devices are utilized for various operational purposes including inventory management, allowing workers to quickly check stock levels and update records in real-time. Additionally, kiosks facilitate employee check-ins, shift scheduling, and access to important safety information, ensuring smooth and safe operations on the factory floor.

From a technological standpoint, managing these kiosk devices is crucial to maintaining their functionality and security. As shared in the introduction to this series, Intune allows organizations to centrally control and manage their kiosk devices. With Intune, administrators can centrally manage and remotely configure settings, deploy applications, and enforce security policies, reducing the risk of data breaches and unauthorized access. Moreover, this centralized management approach using Intune not only enhances the reliability of kiosk devices but also ensures compliance with organizational policies and industry regulations.

Self-service kiosks in airports and restaurants

Self-service kiosks at airports offer numerous advantages that improve passenger experience and operational efficiency. They help reduce wait times by allowing passengers to check in, select seats, and print boarding passes quickly and conveniently which is especially beneficial during peak travel times. For airlines, self-service kiosks reduce the reliance on staffing resources and ticket agents resulting in cost savings and allowing airlines to reallocate staff to other critical areas, such as customer service and baggage handling. These kiosks can be activated as needed during busy periods, eliminating the need for temporary staffing solutions. Passengers benefit from the user-friendly interfaces of these kiosks, which are designed to be accessible to people of all ages and tech-savviness. Multilingual support further enhances accessibility for international travelers.

Similarly self-ordering kiosks in restaurants reduces wait times and speeds up the ordering process. They also improve order accuracy, as customers input their selections directly, minimizing errors that can occur with verbal communication. The interface allows customers to browse the menu at their own pace, customize their orders, and make payments easily, leading to a more satisfying dining experience. Additionally, kiosks help restaurants save on labor costs by reducing the need for cashiers, allowing staff to focus on food preparation and customer service.

Kiosk device provisioning scenario using Windows Autopilot

Imagine a busy pizza delivery restaurant that strives to deliver a seamless ordering experience for its customers while streamlining staff operations. The restaurant equips its tables and waiting area with userless Windows devices, each configured to meet the below requirements:

• These devices are userless, eliminating the need for individual user logins before placing an order.
• They are configured to display the restaurant's website exclusively, with restrictions on accessing any other URLs or opening any other browser tabs or applications.
• If the device remains inactive during a session, the browser should automatically refresh and redirect to the homepage, ensuring it’s prepared for the next customer.

The IT team leverages Windows Autopilot’s self-deploying mode to transform standard Windows hardware into dedicated ordering terminals. As soon as a device powers on and connects to the internet, it automatically joins Microsoft Entra ID, enrolls in Intune, and configures itself for kiosk use. Microsoft Edge launches in full-screen kiosk mode, locking the device to the restaurant’s website and preventing access to other URLs, tabs, or system applications. The kiosk profile set by Intune ensures that customers only see what they need for ordering, with no distractions or risk of tampering.

The restaurant’s digital signage hides unnecessary browser controls, such as the home button, and disables features that could allow customers to exit the ordering environment. If a session remains inactive for 15 minutes, the browser refreshes and returns to the homepage, erasing any previous selections and preparing the device for the next guest. Meanwhile, secure Wi-Fi configurations - automatically deployed via Intune and authenticated using robust device-based certificates - keep each device connected to the network, regardless of user or shift changes.

With this setup, the restaurant empowers customers to order efficiently and autonomously, eliminates the need for staff to manage devices, and ensures every kiosk remains secure and ready for use throughout the day. This scenario highlights how Windows Autopilot, Intune, and Microsoft Edge kiosk mode work together to support innovative ordering solutions in the food service industry.

Considering the above scenario and requirements, you can deploy a Kiosk type device configuration policy to managed Windows devices as shown in Fig. 1 below.

Fig. 1 – Setting up Kiosk configuration profile for Windows.

The figure below illustrates the configuration settings that need to be applied in the kiosk profile to fulfill the specified requirements. This is the second page of the Kiosk device configuration profile wizard that is shown after the admin initiates the creation of the profile.

Fig. 2 – Configuring settings in Single app Kiosk mode profile for Windows.

The following are key points about the configuration:

• With the logon type set to “Auto logon”, users don’t need to manually sign in to use the device. Note: The auto logon process uses KioskUser0 account and cannot be changed.
• By configuring digital/interactive signage, you ensure that the home button isn’t visible and prevents users from opening additional tabs in the browser.
• By configuring the browser's idle time, you ensure that after 15 minutes of inactivity, the browser restarts and redirects to the restaurant's homepage. This process prepares the device for the next user and clears any cached data in the browser.

You can also deploy a Wi-Fi profile from Intune that automatically connects the device to allowed SSIDs. You can further automate this connection by deploying and utilizing a device-based certificate using an organization provided PKI and the Certificate Connector for Microsoft Intune  or using Microsoft Cloud PKI for Microsoft Intune.

The below screenshot shows the user experience in a Windows device running with the Single app Kiosk mode. As we can see, the user doesn't have the home button visible in the browser and is restricted from opening any additional tabs.

Fig. 3 – User experience in a Windows device configured with Single app mode Kiosk mode.

This is one example of how Intune assists in the management of kiosk devices in various industries. Other examples include the use of kiosk devices in movie theatres for ticketing and information distribution or retail shops for self-checkout and gathering product information. Please refer to the documentation Microsoft Edge Browser Policy Documentation for additional settings that can be configured in Microsoft Edge when using Kiosk mode.

This post is part of the “From the frontlines” series which aims to guide customers by exploring recommended practices for deploying, managing, and securing frontline devices using Intune and Windows Autopilot. We’ll publish additional posts on other healthcare scenarios and industries, such as retail and airlines, in the upcoming months so stay tuned and check back frequently!

Resources:

Please refer to the documentation here for more guidance:

• To learn about how to get started with kiosk device setup for Windows refer to Frontline worker for Windows devices in Microsoft Intune
• To learn about the various settings available in the kiosk profile for Windows in Intune refer to Windows 10/11 and newer device settings to run as a kiosk in Intune
• To learn about all the Windows kiosks configuration options, refer to aka.ms/kiosk
• To learn about the advances that have been made over the past 12 months for kiosk scenarios with Windows 11 please check our recording from technical Takeoff session Windows 11 kiosks: Cloud management for the win - Microsoft Technical Takeoff

We’d love to hear how you're leveraging Intune in your frontline worker scenarios! Feel free to share your experiences or ask questions by leaving a comment below, or by reaching out to us on X (@IntuneSuppTeam or @MSIntune). You can also connect with us on LinkedIn.