Intune doesn't show sync when uses kiosk autostart profile

Copper Contributor

Goal 

We want to use Intune MDM to create kiosk devices with multiple applications. To set up the devices, we use Autopilot with a SelfDeployment profile. The device will be assigned a Kiosk profile with auto-enrollment enabled.

 

Problem 

Setting up the devices works without any problems and also new apps or changes are synchronized, but we do not get any feedback in intune if changes were successful or not. So to speak, there is only a one-sided synchronization. For example, we can successfully update an application after a successful setup, but Intune always shows us the old version. We know that the autostart function creates a local user and logs in with it and logically this user cannot synchronize. But is this intentional or are we missing something here? There must be a way to synchronize a device with an Autostart Kiosk.

 

If you guys need any information, please let me know.

6 Replies
Interesting.
We run the Zoom Rooms on W10 with Self Deploying enrollment profile and kiosk profile (with default kioskuser0 user only).

We don't have such a problem you described. And we often push out app updates.

Are you doing W32 apps or LOB with MSI?

Thanks for the answer.

We use Win32 apps the most. So you only use the local kiosk user and don't have a primary user or another account on the device which can trigger the sync?

 

We get the following error every time we sync on such autostart kiosk devices:

 

Failed to get AAD token. len = 34 using client id fc0f3af4-6835-4174-b806-f7db311fd2f3 and resource id 26a4ae64-5862-427f-a9b0-044e62572a4f, errorCode = 3399548929]LOG]!><time="14:43:11.1117969" date="4-7-2022" component="IntuneManagementExtension" context="" type="1" thread="20" file="">
<![LOG[Need user interaction to continue.]LOG]!><time="14:43:11.1117969" date="4-7-2022" component="IntuneManagementExtension" context="" type="1" thread="20" file="">
<![LOG[AAD User check is failed, exception is Intune Management Extension Error.
Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed.

 

@nhtkid 

hi @FloMarks,

 

how are your apps and configuration assigned? Are those assigned to an user group or a device group? 

Normally you should assign them to a device group, because the Aad user wil not logon to the device. So, I am just curious how did you configure the kiosk profile. 

kind regards,

 

Rene 

Interesting! why you are getting AAD user error? How did you configure your kiosk profile?

We only utilize the default kiosk user. We select "Auto logon" as the log-on type under the kiosk profile, not the local user, not the AAD user.

And all assignments should go to the device groups.

@nhtkid 

@Mr_Helaas 

Thanks for the answers!

 

All our configuration profiles, apps and scripts are assigned to devices and not to users.

This is our kiosk profile with the autologon function:

<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
    xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
    xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
	>
	<Profiles>
		<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
			<AllAppsList>
				<AllowedApps>
					<App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Aplication\msedge.EXE" />
					<App DesktopAppPath="%ProgramFiles(x86)%\TeamViewer\TeamViewer.EXE" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CDViewer.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\concentr.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\cpviewer.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Ctx64Injector64.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CtxBrowserInt.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CtxCFRUI.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CtxTwnPA.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\HdxBrowser.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\HdxRtcEngine.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\icaconf.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\migrateN.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\NMHost.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\pcl2bmp.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\PdfPrintHelper.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\RawPrintHelper.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\redirector.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SetIntegrityLevel.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\ssonsvr.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\WebHelper.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\wfcrun32.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\wfcwow64.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\wfica32.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\XpsNativePrintHelper.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\XPSPrintHelper.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\AuthManager\AuthManSvr.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\AuthManager\PrimaryAuthModule.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\AuthManager\storebrowse.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Browser\Browser.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Browser\CtxWebBrowser.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Browser\HdxBrowserCef.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Citrix Screen Casting for Windows\WinDocker.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CitrixBrowser\CitrixBrowser.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CitrixBrowser\CitrixBrowser_proxy.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CitrixBrowser\native_bridge.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CitrixBrowser\92.1.1.33\chrome_pwa_launcher.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\CitrixBrowser\92.1.1.33\notification_helper.exe.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Drivers64\usbinst.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\Ceip.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\CitrixReceiverUpdater.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\ConfigurationWizard.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\PrefPanel.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\Receiver.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\SRProxy.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\UpdaterService.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\FeatureFlag\CWAFeatureFlagUpdater.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\CrashReporting\crashpad_handler.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\DiagnosticTools\CdfCollector.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\Receiver\DiagnosticTools\DiagnosticTool.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\CemAutoEnrollHelper.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\CleanUp.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\NPSPrompt.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\SelfService.exe" rs5:AutoLaunch="true" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\SelfServicePlugin\SelfServiceUninstaller.exe" />
					<App DesktopAppPath="%ProgramFiles(x86)%\Citrix\ICA Client\x64\ssoncom.exe" />
				</AllowedApps>
			</AllAppsList>
			<StartLayout>
                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
                      <LayoutOptions StartTileGroupCellWidth="6" />
                      <DefaultLayoutOverride>
                        <StartLayoutCollection>
                          <defaultlayout:StartLayout GroupCellWidth="6">
                          	<start:Group Name="">
                          		<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk" />
                          		<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Citrix Workspace.lnk" />
                          		<start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk" />
                          	</start:Group>
                          </defaultlayout:StartLayout>
                        </StartLayoutCollection>
                      </DefaultLayoutOverride>
                    </LayoutModificationTemplate>
                ]]>
            </StartLayout>
            <Taskbar ShowTaskbar="true"/>
        </Profile>
    </Profiles>
    <Configs>
    	<Config>
 <AutoLogonAccount rs5:DisplayName="Kiosk"/>
            <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
    	</Config>
    </Configs>
</AssignedAccessConfiguration>

 

Looks similar to ours.

We are also running Multi-App Kiosk mode with the Auto Logon, which just uses the default Kiosk user.