question

PRK-8283 avatar image
0 Votes"
PRK-8283 asked Crystal-MSFT commented

Mandatory profile with Intune

Hello,
We have a lab environment with 20 computers that users are allowed to run a number of third party applications. All computers auto login with the same azure user account.
What we would like to do is have the computers wipe any saved or created files during a user session on reboot. Also if a user deletes a shortcut on the desktop that icon would reappear on reboot.
Is there any way to setup a mandatory profile on these computer with Intune?
We look into Kiosk mode however I think that this profile might be to restrictive for this environment.

Any help is greatly appreciated.

mem-intune-generalmem-intune-device-configurations
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered Crystal-MSFT commented

@PRK-8283, For shared device, we can try to configure shared multi-user profile which RahulJindal mentioned. In the profile, we can set "Share PC mode" as enable to turn on shared PC mode. In shared PC mode, only one user can sign in to the device at a time. set "Guest account" as guest to create a guest account locally on the device that will be shown on the sign-in screen. Set "Account management" as enable and "Account deletion" as "Immediately after log-out" to make sure that created guests accounts are deleted immediately after log-out;. We can also configure other settings we want. Here is the setting I configured in my environment:
144393-image.png
For apps, we can try to deploy app to the device group which are enrolled into Intune to get the apps we want:
https://oliverkieselbach.com/2020/02/19/intune-application-targeting-for-windows-10-win32-apps-explained/
Note: Here is a link for the reference.

I have deployed a win32 app to our device and then login the device using the guest account. When I try to delete the app in control panel, it shows "The system administrator has set policies to prevent this installation" to prevent the uninstall.
144297-image.png
144335-image.png

Also, I create a file on desktop, after restart, the file is not there.

I think this is what you want. You can try. Hope it can help.


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (30.3 KiB)
image.png (23.2 KiB)
image.png (8.0 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@PRK-8283, Hope things are going well. I am writing to see if there's anything unclear in our previous post. If yes, feel free to let us know. We are always glad to help.

Thanks and have a nice day!

0 Votes 0 ·