Share via

Quickstart: configure a kiosk experience with Shell Launcher

This quickstart provides practical examples of how to configure a kiosk experience on Windows with Shell Launcher. The examples describe the steps using a mobile device management solution (MDM) like Microsoft Intune, and PowerShell. While different solutions are used, the configuration settings and results are the same.

The examples can be modified to fit your specific requirements. For example, you can change the app used, the URL specified when opening Microsoft Edge, or change the name of the user that automatically signs in to Windows.

Prerequisites

Here's a list of requirements to complete this quickstart:

  • A Windows Enterprise or Education device
  • Microsoft Intune, or a non-Microsoft MDM solution, if you want to configure the settings using MDM
  • Access to the psexec tool, if you want to test the configuration using Windows PowerShell

Configure a kiosk device

The following instructions provide details how to configure your devices. Select the option that best suits your needs.

Tip

Use the following Graph call to automatically create a custom policy in your Microsoft Intune tenant without assignments nor scope tags.

When using this call, authenticate to your tenant in the Graph Explorer window. If it's the first time using Graph Explorer, you may need to authorize the application to access your tenant or to modify the existing permissions. This graph call requires DeviceManagementConfiguration.ReadWrite.All permissions.

POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
Content-Type: application/json

{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example_Kiosk - Shell Launcher", "description": "This is a sample policy created from an article on learn.microsoft.com.", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "ShellLauncher", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/ShellLauncher", "secretReferenceValueId": null, "isEncrypted": true, "value": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<ShellLauncherConfiguration\nxmlns=\"http://schemas.microsoft.com/ShellLauncher/2018/Configuration\"\nxmlns:V2=\"http://schemas.microsoft.com/ShellLauncher/2019/Configuration\">\n    <Profiles>\n        <DefaultProfile>\n            <Shell Shell=\"%SystemRoot%\\explorer.exe\"/>\n        </DefaultProfile>\n        <Profile Id=\"{EDB3036B-780D-487D-A375-69369D8A8F78}\">\n            <Shell Shell=\"%ProgramFiles(x86)%\\Microsoft\\Edge\\Application\\msedge.exe --kiosk https://www.contoso.com --edge-kiosk-type=fullscreen --kiosk-idle-timeout-minutes=2\" V2:AppType=\"Desktop\" V2:AllAppsFullScreen=\"true\">\n                <ReturnCodeActions>\n                    <ReturnCodeAction ReturnCode=\"0\" Action=\"RestartShell\"/>\n                    <ReturnCodeAction ReturnCode=\"-1\" Action=\"RestartDevice\"/>\n                    <ReturnCodeAction ReturnCode=\"255\" Action=\"ShutdownDevice\"/>\n                </ReturnCodeActions>\n                <DefaultAction Action=\"RestartShell\"/>\n            </Shell>\n        </Profile>\n    </Profiles>\n    <Configs>\n        <Config>\n            <AutoLogonAccount/>\n            <Profile Id=\"{EDB3036B-780D-487D-A375-69369D8A8F78}\"/>\n        </Config>\n    </Configs>\n</ShellLauncherConfiguration>" } ], }

Assign the policy to a group that contains as members the devices that you want to configure.

Alternatively, you can configure devices using a custom policy with the AssignedAccess CSP.

  • Setting: ./Vendor/MSFT/AssignedAccess/ShellLauncher
  • Value:
<?xml version="1.0" encoding="utf-8"?>
<ShellLauncherConfiguration
xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
    <Profiles>
        <DefaultProfile>
            <Shell Shell="%SystemRoot%\explorer.exe"/>
        </DefaultProfile>
        <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
            <Shell Shell="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe --kiosk https://www.contoso.com --edge-kiosk-type=fullscreen --kiosk-idle-timeout-minutes=2" V2:AppType="Desktop" V2:AllAppsFullScreen="true">
                <ReturnCodeActions>
                    <ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
                    <ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
                    <ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
                </ReturnCodeActions>
                <DefaultAction Action="RestartShell"/>
            </Shell>
        </Profile>
    </Profiles>
    <Configs>
        <Config>
            <AutoLogonAccount/>
            <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}"/>
        </Config>
    </Configs>
</ShellLauncherConfiguration>

User experience

After the settings are applied, reboot the device. A local user account is automatically signed in, opening Microsoft Edge.

Next steps

Learn more how to create a Shell Launcher configuration file:

Create a Shell Launcher configuration file