This post outlines the investments Microsoft is making to simplify the configuration and management of kiosk devices, improving Windows 10 as a kiosk platform for IT organizations. Our investments in kiosk and Firstline Worker scenarios are part of a bigger mission to simplify IT in the modern workplace.
You see kiosks everywhere you go: in airports, supermarkets, movie theaters, restaurants, banks, and many other places. Kiosks have many forms and functions. What most people don’t realize is that many of them are powered by Windows.
Windows has long been the platform of choice for kiosk devices because of its security capabilities, the availability of applications, enterprise software assurance support, and a broad ecosystem of device and peripheral partners. Today we see a growing number of IT organizations developing and deploying their own kiosk solutions using standard hardware and, in some cases, repurposing existing hardware.
We use the term “kiosk” as an umbrella term for a broad category of devices, but it generally boils down to two main scenarios:
Kiosks that are used in the “public” domain and do not require users to login or authenticate.
Kiosks that are shared by Firstline Workers to complete a specific task, which typically requires the user to authenticate before accessing the device.
Both usage scenarios have a few requirements in common:
The need for security, regardless of where the kiosks are deployed.
A consistent experience for each person who uses them, so that no one person can modify the device in a way that impacts the next user.
The need for an intuitive experience that is focused on the task at hand.
In the past year, with every Windows feature update, we’ve introduced significant improvements to our kiosk capabilities:
Multi-app kiosks now support both Universal Windows Platform (UWP) apps and classic Win32 apps.
You can deploy curated kiosk experiences directly from the cloud using Microsoft Intune.
We continue to add more policies that enable IT to tailor the experience for end users. To name a few: power settings to enable any device to run 24/7, touch keyboard configuration policies, locked down Start screen, and more.
With the upcoming release of Windows 10, version 1803, we are taking the next steps in our efforts to make kiosks even more capable – and easier to deploy and configure. Some key assigned access enhancements include:
Support for multiple screens for digital signage use cases.
The ability to ensure all MDM configurations are enforced on the device prior to entering assigned access using the Enrollment Status page.
The ability to configure and run Shell Launcher in addition to existing UWP Store apps.
A simplified process for creating and configuring an auto-logon kiosk account so that a public kiosk automatically enters a desired state after a reboot, a critical security requirement for public-facing use cases.
For multi-user Firstline Worker kiosk devices, instead of specifying every user, it’s now possible to assign different assigned access configurations to Azure AD groups or Active Directory groups.
To help with troubleshooting, you can now view error reports generated if an assigned access-configured app has issues.
We are excited to complete the circle of support for classic Windows desktop apps and UWP Store Apps with a new Kiosk Browser app. The Kiosk Browser app is built on Microsoft Edge and can be used to create a tailored browsing experience. Kiosk Browser is great for presenting interactive web apps and digital signage content. Kiosk Browser can be configured to navigate to a default URL without showing any UI. When used with other types of kiosks, it can be configured with a list of allowed URLs and the UI elements that should be presented (e.g. navigation buttons). It can also be configured to automatically clear user data between sessions.
To ensure IT has control, Kiosk Browser can only be configured through provisioning or an MDM provider such as Intune. Please refer to our documentation for more information on how to deploy and configure Kiosk Browser.
This post would not be complete without sharing some of our future plans. We will continue to make it easier for IT departments to manage, configure, and deploy Windows 10 kiosks for customers and Firstline Workers, and plan to include the following capabilities in a future Windows 10 feature update:
Deploy a kiosk device with minimal user interaction, thanks to Windows AutoPilot and device management support. Simply unbox the device, start it up, and the device is ready to go. Stay tuned; this will be available to Windows Insiders in preview soon.
Enabling device management to remotely trigger a Windows AutoPilot Reset to bring a kiosk back to a pristine state for a reliable kiosk experience.
Integration of the Kiosk Browser’s functionality directly into Microsoft Edge to support a larger scope of web scenarios.
To learn more about Windows kiosks, check out our Windows kiosk documentation. I encourage you to try out the capabilities and leave a comment below if there are other enhancements and scenarios you would like from the platform.