Setting up a Windows device in kiosk mode

To set up the Windows devices in kiosk mode, you can use either a domain or a local account for the kiosk user. To set up the assigned access by using the Windows MDM policy, you must have a user account - a domain user account or a local user account. The user account must be logged in at least one time before you can set up the assigned access otherwise the apps are disabled for that account.

About this task

For the Windows MDM policy, select an app that you want to set up in kiosk mode. To set up an assigned access by using the MDM, you must use the Universal Windows Platform (UWP) app that runs on the Windows desktop or tablet devices on the lock screen.
Note: Windows 11 supports only single-user mode. You do not need to enable the tablet mode. To improve your kiosk experience, consider applying the optional configurations.

Procedure

  1. Place the device in tablet mode to allow users to use the touch (on-screen) keyboard.
    1. Go to Settings.
    2. Click System and select Tablet mode.
    3. Click On to place the device in tablet mode.
  2. Hide the Ease of Access feature on the logon screen.
    1. Go to the Control Panel.
    2. Click Ease of Access > Ease of Access Center.
    3. Turn off all the accessibility tools.
  3. Disable the hardware power button.
    1. Go to Power Options.
    2. Click Choose what the power buttons do.
    3. Change the setting to Do nothing.
    4. Save your changes.
  4. Disable the camera.
    1. Go to Settings.
    2. Click Privacy and select Camera.
    3. Disable Let apps use my camera.
  5. Prevent the policy from affecting administrator users on the device. Do one of the following actions:
    1. Set the username for the kiosk user as a non-administrator (local user) on the device.
      Or,
    1. Go to the Group Policy Editor and click Computer Configuration.
    2. Click Administrative Templates and select System.
    3. Click Device Installation and select Device Installation Restrictions.
    4. Click Allow administrators to override Device Installation Restriction policies and select Enabled.
  6. Remove the power button/shut down options from the sign-in screen.
    1. Go to the Group Policy Editor and click Computer Configuration.
    2. Click Windows Settings and select Security Settings.
    3. Click Local Policies.
    4. Under Security Options, click Shutdown: Allow system to be shut down without having to log on.
    5. Click Disabled to remove the power button from the screen.
  7. Turn off the app notifications on the lock screen.
    1. Go to the Group Policy Editor and click Computer Configuration.
    2. Click Administrative Templates and select System.
    3. Click Logon and select Turn off app notifications on the lock screen.
    4. Click Enabled to turn off the app notifications on the lock screen.
  8. Disable removable media.
    1. Go to the Group Policy Editor and click Computer Configuration.
    2. Click Administrative Templates and select System.
    3. Click Device Installation and select Device Installation Restrictions.
    4. Click Prevent installation of removable devices and select Enabled.
    5. Review any additional policy settings in Device Installation Restrictions that apply to your environment.