Apr 12 2022 11:22 PM
Goal
We want to use Intune MDM to create kiosk devices with multiple applications. To set up the devices, we use Autopilot with a SelfDeployment profile. The device will be assigned a Kiosk profile with auto-enrollment enabled.
Problem
Setting up the devices works without any problems and also new apps or changes are synchronized, but we do not get any feedback in intune if changes were successful or not. So to speak, there is only a one-sided synchronization. For example, we can successfully update an application after a successful setup, but Intune always shows us the old version. We know that the autostart function creates a local user and logs in with it and logically this user cannot synchronize. But is this intentional or are we missing something here? There must be a way to synchronize a device with an Autostart Kiosk.
If you guys need any information, please let me know.
Apr 13 2022 04:46 AM
Apr 13 2022 05:11 AM - edited Apr 13 2022 05:14 AM
Thanks for the answer.
We use Win32 apps the most. So you only use the local kiosk user and don't have a primary user or another account on the device which can trigger the sync?
We get the following error every time we sync on such autostart kiosk devices:
Failed to get AAD token. len = 34 using client id fc0f3af4-6835-4174-b806-f7db311fd2f3 and resource id 26a4ae64-5862-427f-a9b0-044e62572a4f, errorCode = 3399548929]LOG]!><time="14:43:11.1117969" date="4-7-2022" component="IntuneManagementExtension" context="" type="1" thread="20" file="">
<![LOG[Need user interaction to continue.]LOG]!><time="14:43:11.1117969" date="4-7-2022" component="IntuneManagementExtension" context="" type="1" thread="20" file="">
<![LOG[AAD User check is failed, exception is Intune Management Extension Error.
Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed.
Apr 13 2022 02:25 PM
hi @FloMarks,
how are your apps and configuration assigned? Are those assigned to an user group or a device group?
Normally you should assign them to a device group, because the Aad user wil not logon to the device. So, I am just curious how did you configure the kiosk profile.
kind regards,
Rene
Apr 13 2022 10:41 PM
Apr 14 2022 12:14 AM
Thanks for the answers!
All our configuration profiles, apps and scripts are assigned to devices and not to users.
This is our kiosk profile with the autologon function:
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
>
<Profiles>
<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
<AllAppsList>
<AllowedApps>
<App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Aplication\msedge.EXE" />
<App DesktopAppPath="%ProgramFiles(x86)%\TeamViewer\TeamViewer.EXE" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CDViewer.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\concentr.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\cpviewer.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Ctx64Injector64.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CtxBrowserInt.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CtxCFRUI.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CtxTwnPA.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\HdxBrowser.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\HdxRtcEngine.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\icaconf.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\migrateN.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\NMHost.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\pcl2bmp.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\PdfPrintHelper.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\RawPrintHelper.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\redirector.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SetIntegrityLevel.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\ssonsvr.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\WebHelper.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\wfcrun32.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\wfcwow64.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\wfica32.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\XpsNativePrintHelper.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\XPSPrintHelper.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\AuthManager\AuthManSvr.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\AuthManager\PrimaryAuthModule.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\AuthManager\storebrowse.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Browser\Browser.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Browser\CtxWebBrowser.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Browser\HdxBrowserCef.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Citrix Screen Casting for Windows\WinDocker.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CitrixBrowser\CitrixBrowser.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CitrixBrowser\CitrixBrowser_proxy.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CitrixBrowser\native_bridge.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CitrixBrowser\92.1.1.33\chrome_pwa_launcher.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CitrixBrowser\92.1.1.33\notification_helper.exe.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Drivers64\usbinst.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\Ceip.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\CitrixReceiverUpdater.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\ConfigurationWizard.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\PrefPanel.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\Receiver.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\SRProxy.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\UpdaterService.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\FeatureFlag\CWAFeatureFlagUpdater.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\CrashReporting\crashpad_handler.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\DiagnosticTools\CdfCollector.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\DiagnosticTools\DiagnosticTool.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\CemAutoEnrollHelper.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\CleanUp.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\NPSPrompt.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\SelfService.exe" rs5:AutoLaunch="true" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\SelfServiceUninstaller.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\x64\ssoncom.exe" />
</AllowedApps>
</AllAppsList>
<StartLayout>
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6">
<start:Group Name="">
<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Citrix Workspace.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
<Taskbar ShowTaskbar="true"/>
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount rs5:DisplayName="Kiosk"/>
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
</Configs>
</AssignedAccessConfiguration>
Apr 20 2022 03:58 AM