Back to top
Home / Knox Manage / Kiosk devices / Create kiosk devices /

Set up a Windows kiosk

Last updated February 28th, 2024

This article covers how to set up a Windows device as a kiosk through Knox Manage. On the Windows platform, Knox Manage implements kiosk configurations primarily through device policies.

Before you begin

Windows kiosks require extra preparation and configuration. Your prerequisite activites are to:

  1. Choose the kiosk type based on your use case
  2. Enroll the Windows device in Knox Manage
  3. Configure the apps for the kiosk

Configure Windows kiosk apps

Apps for both single- and multi-app Windows kiosks have quite specific requirements and configuration needs. In some cases, you must prepare the apps. Read this section carefully before you begin setting up a kiosk.

App requirements for multi-app kiosks

Multi-app kiosks can deploy with the Kiosk Browser, Microsoft Store (UWP) apps, or native Win32 apps. Each type has some exceptions you should keep in mind when you configure them in a profile:

App type Requirements Helpful links
Kiosk Browser This app type must be assigned and deployed to the device as a provisioning package (PPKG) before you can configure it.

Install the Kiosk Browser app on a multi-app kiosk

Add an internal Windows app

Assign a Windows app
Microsoft Store (UWP) app This app type must be pre-configured in your Knox Manage tenant with an Application User Model ID (AUMID). Prepare a Microsoft Store app for kiosks
Win32 app You must assign the app to the device before you can configure it.

Add an internal Windows app

Assign a Windows app

Prepare a Microsoft Store app for kiosks

Microsoft Store (UWP) apps require that you pre-configure them in your Knox Manage tenant with the correct Application User Model ID (AUMID).

To add a Windows app for kiosks:

  1. On your local PC, obtain the AUMID of the app. For more details about how to find this identifier, see Find the Application User Model ID of an installed app in the Windows documentation.
  2. On the Knox Manage console, go to Application.
  3. Start adding a new Microsoft store app or select an existing app and click Modify.
  4. In the app settings, fill the AUMID field with the app’s ID.
  5. Save your changes.

Once the app is configured with an AUMID, it’s available for selection during configuration.

Install the Kiosk Browser app on a multi-app kiosk

Unlike single-app kiosks, a multi-app kiosk needs a special offline license version of Microsoft’s Kiosk Browser if you want to use that app. Once you obtain it, you must manually install it to the device as a provisioning package (PPKG) file.

To install the Kiosk Browser app for a multi-app kiosk, first obtain the offline license version of the Knox Browser app:

  1. Sign in to the Microsoft Store for Business with a Microsoft account that has the admin role in your enterprise.

  2. Search for and select the official Kiosk Browser app in the shop.

  3. On the app’s page, copy the app’s package family name from the page’s URL. For more details, see Find a package family name (PFN) for per-app VPN in the Microsoft Configuration Manager docs.

  4. Select the Offline license type, then click Get the app.

    The entry for the Kiosk Browser app on Microsoft Store for Business.

    If you can’t select a different license type, go to Manage > Settings > Shopping Experience in the store and turn on Show offline apps.

  5. Click Management to see more options for the app.

  6. Obtain the app package and license:

    Downloading the offline license and package of the Kiosk Browser app on Microsoft Store for Business.

    • Under Download the package for offline use, click Download. The package is an APPXBUNDLE file.

    • Under Get app license, select Unencoded license and then click Generate license. The license is an XML file.

With the package, license, and package family name in hand, create a provisioning package that contains just the Kiosk Browser app:

  1. If you haven’t already, download and install the Windows Configuration Designer to your local PC.

  2. Run Windows Configuration Designer, and select Provision desktop devices on the introduction screen of the wizard.

  3. Follow the on-screen instructions of the wizard until you reach the Add applications step. For assistance with creating a provisioning package with the wizard, see Create a provisioning package in the Microsoft 365 docs.

  4. On the Add an Application screen:

    Adding the Kiosk Browser app on the Add an Application screen of the wizard in the Windows Configuration Designer.

    • For Application name, enter Kiosk Browser.

    • For Installer Path, attach the Kiosk Browser package (APPXBUNDLE file) you downloaded in the previous procedure.

    • For License path (optional), attach the Kiosk Browser license (XML file) you downloaded in the previous procedure.

    • Enter the Package family name you copied in the previous procedure.

  5. Add the app.

  6. Click Switch to Advanced Editor to customize the package in detail.

  7. Expand Runtime Settings, select the OOBE entry, then click ✕ Remove.

  8. Click Export > Provisioning package and follow the on-screen instructions to save the package as a PPKG file. You don’t need to encrypt or sign the package.

To save time on future kiosk deployments, you can reuse the PPKG file you just generated.

Finally, apply the provisioning package and install the Kiosk Browser app:

  1. Transfer the PPKG file to the Windows device you plan to deploy as a kiosk.
  2. Apply the provisioning package directly by double-clicking the PPKG file. For help, see Apply a provisioning package in the Microsoft 365 docs.

Now that the offline license version of Kiosk Browser is installed, the Windows device is ready to be set up as a multi-app kiosk with the browser.

Set up a single-app Windows kiosk

Before you can set up a single-app kiosk, you must decide whether the main app experience will be Microsoft Edge, Kiosk Browser, or some other app from Microsoft Store.

To set up a single-app kiosk:

  1. On the Knox Manage console, go to Profile.

  2. Create a new Windows profile or click the name of an existing profile to edit it.

  3. In the profile’s details, click Modify Policy. The Set Policy page opens.

  4. Open the Kiosk policy group.

  5. Set Kiosk App Settings to Single App to show the policies related to single-app mode.

    Setting the base single-app kiosk policy.

  6. Set Running App Type to the desired kiosk experience:

    • Microsoft Edge Browser

    • Kiosk Browser

    • Store App

Next, configure the app based on the kiosk experience you chose:

Microsoft Edge Browser

  1. Click Configure to define the Microsoft Edge settings.

  2. Configure the settings:

    Setting the Microsoft Edge policies on the Set Policy page.

    • For Kiosk URL, enter the path to the web page that the kiosk will open.

    • For Kiosk Mode, select Public Browsing (InPrivate) for a session-based browser, or Digital/Interactive Signage (InPrivate) for an interactive sign. If you make the kiosk a sign, the browser can only open the web page you specified in the Kiosk URL setting.

    • For Reset Browser after Idle Time (Min), enter the maximum session length, in minutes. If you leave this field blank or enter 0, then a session only expires when the device user manually ends it.

  3. Save the profile for now and assign it to a group or organization later, or Save & Assign it immediately.

  4. Deploy the kiosk.

Kiosk Browser

  1. Click Configure to define the Kiosk Browser settings.

  2. Configure the settings:

    Setting the Kiosk Browser policies.

    • For Default Homepage URL, enter the path to the browser’s home page.

    • For Home Button, select whether to show or hide the home button on the browser’s navigation bar.

    • For Navigation Button, select whether to show or hide the forward and back buttons.

    • For End Session Button, select whether to show or hide the button that ends the user session.

    • For Reset Browser after Idle Time (Min), enter the maximum session length, in minutes. If you leave this field blank or enter 0, then a session only expires when the device user manually ends it.

    • By default, the device user can go to any web page. If needed, you can add one or more URLs to Allowed Websites to restrict their browsing. Sub-domains are automatically included. For example, if you enter example.com, help.example.com is also included. This setting doesn’t support wildcards (*).

  3. Save the profile for now and assign it to a group or organization later, or Save & Assign it immediately.

  4. Deploy the kiosk.

Store App

Before you configure a Microsoft Store app, consult the detailed requirements of this app type and make the necessary arrangements so that the chosen app can deploy without issues.

  1. Click Add to specify the app that the kiosk runs. The Select Application dialog opens.

  2. Select an app from the list.

    Selecting a Microsoft Store app on the Select Application dialog.

  3. Save the profile for now and assign it to a group or organization later, or Save & Assign it immediately.

  4. Deploy the kiosk.

Set up a multi-app Windows kiosk

Before you can set up a multi-app kiosk profile, consult the detailed exceptions for each type of app in Manage Windows kiosks and make the necessary arrangements so that the chosen apps can deploy without issues.

To set up a multi-app Windows kiosk:

  1. On the Knox Manage console, go to Profile.

  2. Create a new Windows profile or click the name of an existing profile to edit it.

  3. In the profile’s details, click Modify Policy. The Set Policy page opens.

  4. Open the Kiosk policy group.

  5. Set Kiosk App Settings to Multi Apps to show the policies related to multi-app mode.

    Setting the base multi-app kiosk policies on the Set Policy page.

  6. Add and configure one or more apps.

  7. (Optional) Modify the arrangement of the app grid:

    1. Create a custom Start layout.

    2. Set Alternative Start Layout to Apply to show the Layout Configuration policy.

    3. Click Configure, paste the contents of the layout XML into the dialog, and click Save.

  8. (Optional) Configure the Windows Task Bar policy to enable or disable the taskbar.

  9. (Optional) Configure the Access to Downloads Folder policy to allow or block the device user from reading and writing files in the Downloads directory of the kiosk’s user account.

  10. Save the profile for now and assign it to a group or organization later, or Save & Assign it immediately.

  11. Deploy the kiosk.

Configure an app for a multi-app kiosk

To configure an app for a multi-app kiosk:

  1. Click Add to open the Select Application dialog.

  2. Select the app type and configure its specific settings:

    1. Kiosk Browser — Configure the browser settings:

      • For Default Homepage URL, enter the path to the browser’s home page.

      • For Home Button, select whether to show or hide the home button on the browser’s navigation bar.

      • For Navigation Button, select whether to show or hide the forward and back buttons.

      • For End Session Button, select whether to show or hide the button that ends the user session.

      • For Reset Browser after Idle Time (Min), enter the maximum session length, in minutes. If you leave this field blank or enter 0, then a session only expires when the device user manually ends it.

      • By default, the device user can go to any web page. If needed, you can add one or more URLs to Allowed Websites to restrict their browsing. Sub-domains are automatically included. For example, if you enter example.com, help.example.com is also included. This setting doesn’t support wildcards (*).

    2. Store App — Click Add to select a Microsoft Store app.

    3. Win32 App — Define a native Windows app:

      • For Application Name, enter a unique name for the app.

      • For Local Path to App Executable, enter the path to the app on the kiosk’s Windows volume. Use the %windir% substitution string to reference the C:\Windows directory.

      • For App User Model ID (AUMID), enter the AUMID of the app. For more details about how to find this identifier, see Find the Application User Model ID of an installed app in the Windows docs.

  3. (Optional) Set Auto Launch to Yes to make the app launch when the session starts. If another app is already set to auto-launch, selecting Yes overrides it.

  4. (Optional) Choose a Tile Size to specify how large the app’s launch tile appears on the desktop.

  5. Click Save to finish adding the app.

Deploy a Windows kiosk

After you assign a profile to a device with the appropriate kiosk policies, it’s ready for deployment as a kiosk.

To deploy a Windows kiosk:

  1. Restart the device.

  2. On boot, the device will provision the kiosk user account and then enter kiosk mode.

    Three screens that appear during the provsioning process, consisting of the standard sign-in screen and two account creation screens.

  3. When you see the welcome screen or app grid, the kiosk is ready for use.

See also

On this page

Is this page helpful?