IntuneDeviceConfigurationKioskPolicyWindows10
Parameters
Parameter |
Attribute |
DataType |
Description |
Allowed Values |
EdgeKioskEnablePublicBrowsing |
Write |
Boolean |
Enable public browsing kiosk mode for the Microsoft Edge browser. The Default is false. |
|
KioskBrowserBlockedUrlExceptions |
Write |
StringArray[] |
Specify URLs that the kiosk browser is allowed to navigate to |
|
KioskBrowserBlockedURLs |
Write |
StringArray[] |
Specify URLs that the kiosk browsers should not navigate to |
|
KioskBrowserDefaultUrl |
Write |
String |
Specify the default URL the browser should navigate to on launch. |
|
KioskBrowserEnableEndSessionButton |
Write |
Boolean |
Enable the kiosk browser's end session button. By default, the end session button is disabled. |
|
KioskBrowserEnableHomeButton |
Write |
Boolean |
Enable the kiosk browser's home button. By default, the home button is disabled. |
|
KioskBrowserEnableNavigationButtons |
Write |
Boolean |
Enable the kiosk browser's navigation buttons(forward/back). By default, the navigation buttons are disabled. |
|
KioskBrowserRestartOnIdleTimeInMinutes |
Write |
UInt32 |
Specify the number of minutes the session is idle until the kiosk browser restarts in a fresh state. Valid values are 1-1440. Valid values 1 to 1440 |
|
KioskProfiles |
Write |
MSFT_MicrosoftGraphwindowsKioskProfile[] |
This policy setting allows to define a list of Kiosk profiles for a Kiosk configuration. This collection can contain a maximum of 3 elements. |
|
WindowsKioskForceUpdateSchedule |
Write |
MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule |
force update schedule for Kiosk devices. |
|
Description |
Write |
String |
Admin provided description of the Device Configuration. |
|
DisplayName |
Key |
String |
Admin provided name of the device configuration. |
|
Id |
Write |
String |
The unique identifier for an entity. Read-only. |
|
Assignments |
Write |
MSFT_DeviceManagementConfigurationPolicyAssignments[] |
Represents the assignment to the Intune policy. |
|
Ensure |
Write |
String |
Present ensures the policy exists, absent ensures it is removed. |
Present , Absent |
Credential |
Write |
PSCredential |
Credentials of the Admin |
|
ApplicationId |
Write |
String |
Id of the Azure Active Directory application to authenticate with. |
|
TenantId |
Write |
String |
Id of the Azure Active Directory tenant used for authentication. |
|
ApplicationSecret |
Write |
PSCredential |
Secret of the Azure Active Directory tenant used for authentication. |
|
CertificateThumbprint |
Write |
String |
Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. |
|
ManagedIdentity |
Write |
Boolean |
Managed ID being used for authentication. |
|
MSFT_DeviceManagementConfigurationPolicyAssignments
Parameters
Parameter |
Attribute |
DataType |
Description |
Allowed Values |
dataType |
Write |
String |
The type of the target assignment. |
#microsoft.graph.groupAssignmentTarget , #microsoft.graph.allLicensedUsersAssignmentTarget , #microsoft.graph.allDevicesAssignmentTarget , #microsoft.graph.exclusionGroupAssignmentTarget , #microsoft.graph.configurationManagerCollectionAssignmentTarget |
deviceAndAppManagementAssignmentFilterType |
Write |
String |
The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. |
none , include , exclude |
deviceAndAppManagementAssignmentFilterId |
Write |
String |
The Id of the filter for the target assignment. |
|
groupId |
Write |
String |
The group Id that is the target of the assignment. |
|
collectionId |
Write |
String |
The collection Id that is the target of the assignment.(ConfigMgr) |
|
MSFT_MicrosoftGraphWindowsKioskProfile
Parameters
Parameter |
Attribute |
DataType |
Description |
Allowed Values |
AppConfiguration |
Write |
MSFT_MicrosoftGraphWindowsKioskAppConfiguration |
The App configuration that will be used for this kiosk configuration. |
|
ProfileId |
Write |
String |
Key of the entity. |
|
ProfileName |
Write |
String |
This is a friendly nameused to identify a group of applications, the layout of these apps on the start menu and the users to whom this kiosk configuration is assigned. |
|
UserAccountsConfiguration |
Write |
MSFT_MicrosoftGraphWindowsKioskUser[] |
The user accounts that will be locked to this kiosk configuration. This collection can contain a maximum of 100 elements. |
|
MSFT_MicrosoftGraphWindowsKioskAppConfiguration
Parameters
Parameter |
Attribute |
DataType |
Description |
Allowed Values |
AllowAccessToDownloadsFolder |
Write |
Boolean |
This setting allows access to Downloads folder in file explorer. |
|
Apps |
Write |
MSFT_MicrosoftGraphWindowsKioskAppBase[] |
These are the only Windows Store Apps that will be available to launch from the Start menu. This collection can contain a maximum of 128 elements. |
|
DisallowDesktopApps |
Write |
Boolean |
This setting indicates that desktop apps are allowed. Default to true. |
|
ShowTaskBar |
Write |
Boolean |
This setting allows the admin to specify whether the Task Bar is shown or not. |
|
StartMenuLayoutXml |
Write |
String |
Allows admins to override the default Start layout and prevents the user from changing it.The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in Binary format. |
|
UwpApp |
Write |
MSFT_MicrosoftGraphWindowsKioskUWPApp |
This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode |
|
Win32App |
Write |
MSFT_MicrosoftGraphWindowsKioskWin32App |
This is the win32 app that will be available to launch use while in Kiosk Mode |
|
odataType |
Write |
String |
The type of the entity. |
#microsoft.graph.windowsKioskMultipleApps , #microsoft.graph.windowsKioskSingleUWPApp , #microsoft.graph.windowsKioskSingleWin32App |
MSFT_MicrosoftGraphWindowsKioskAppBase
Parameters
Parameter |
Attribute |
DataType |
Description |
Allowed Values |
AppType |
Write |
String |
The app type. Possible values are: unknown, store, desktop, aumId. |
unknown , store , desktop , aumId |
AutoLaunch |
Write |
Boolean |
Allow the app to be auto-launched in multi-app kiosk mode |
|
Name |
Write |
String |
Represents the friendly name of an app |
|
StartLayoutTileSize |
Write |
String |
The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large. |
hidden , small , medium , wide , large |
DesktopApplicationId |
Write |
String |
Define the DesktopApplicationID of the app |
|
DesktopApplicationLinkPath |
Write |
String |
Define the DesktopApplicationLinkPath of the app |
|
Path |
Write |
String |
Define the path of a desktop app |
|
AppId |
Write |
String |
This references an Intune App that will be target to the same assignments as Kiosk configuration |
|
AppUserModelId |
Write |
String |
This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode |
|
ContainedAppId |
Write |
String |
This references an contained App from an Intune App |
|
ClassicAppPath |
Write |
String |
This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode |
|
EdgeKiosk |
Write |
String |
Edge kiosk (url) for Edge kiosk mode |
|
EdgeKioskIdleTimeoutMinutes |
Write |
UInt32 |
Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440 |
|
EdgeKioskType |
Write |
String |
Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen. |
publicBrowsing , fullScreen |
EdgeNoFirstRun |
Write |
Boolean |
Edge first run flag for Edge kiosk mode |
|
odataType |
Write |
String |
The type of the entity. |
#microsoft.graph.windowsKioskDesktopApp , #microsoft.graph.windowsKioskUWPApp , #microsoft.graph.windowsKioskWin32App |
MSFT_MicrosoftGraphWindowsKioskUWPApp
Parameters
Parameter |
Attribute |
DataType |
Description |
Allowed Values |
AppId |
Write |
String |
This references an Intune App that will be target to the same assignments as Kiosk configuration |
|
AppUserModelId |
Write |
String |
This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode |
|
ContainedAppId |
Write |
String |
This references an contained App from an Intune App |
|
AppType |
Write |
String |
The app type. Possible values are: unknown, store, desktop, aumId. |
unknown , store , desktop , aumId |
AutoLaunch |
Write |
Boolean |
Allow the app to be auto-launched in multi-app kiosk mode |
|
Name |
Write |
String |
Represents the friendly name of an app |
|
StartLayoutTileSize |
Write |
String |
The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large. |
hidden , small , medium , wide , large |
DesktopApplicationId |
Write |
String |
Define the DesktopApplicationID of the app |
|
DesktopApplicationLinkPath |
Write |
String |
Define the DesktopApplicationLinkPath of the app |
|
Path |
Write |
String |
Define the path of a desktop app |
|
ClassicAppPath |
Write |
String |
This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode |
|
EdgeKiosk |
Write |
String |
Edge kiosk (url) for Edge kiosk mode |
|
EdgeKioskIdleTimeoutMinutes |
Write |
UInt32 |
Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440 |
|
EdgeKioskType |
Write |
String |
Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen. |
publicBrowsing , fullScreen |
EdgeNoFirstRun |
Write |
Boolean |
Edge first run flag for Edge kiosk mode |
|
odataType |
Write |
String |
The type of the entity. |
#microsoft.graph.windowsKioskDesktopApp , #microsoft.graph.windowsKioskUWPApp , #microsoft.graph.windowsKioskWin32App |
MSFT_MicrosoftGraphWindowsKioskWin32App
Parameters
Parameter |
Attribute |
DataType |
Description |
Allowed Values |
ClassicAppPath |
Write |
String |
This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode |
|
EdgeKiosk |
Write |
String |
Edge kiosk (url) for Edge kiosk mode |
|
EdgeKioskIdleTimeoutMinutes |
Write |
UInt32 |
Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440 |
|
EdgeKioskType |
Write |
String |
Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen. |
publicBrowsing , fullScreen |
EdgeNoFirstRun |
Write |
Boolean |
Edge first run flag for Edge kiosk mode |
|
AppType |
Write |
String |
The app type. Possible values are: unknown, store, desktop, aumId. |
unknown , store , desktop , aumId |
AutoLaunch |
Write |
Boolean |
Allow the app to be auto-launched in multi-app kiosk mode |
|
Name |
Write |
String |
Represents the friendly name of an app |
|
StartLayoutTileSize |
Write |
String |
The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large. |
hidden , small , medium , wide , large |
DesktopApplicationId |
Write |
String |
Define the DesktopApplicationID of the app |
|
DesktopApplicationLinkPath |
Write |
String |
Define the DesktopApplicationLinkPath of the app |
|
Path |
Write |
String |
Define the path of a desktop app |
|
AppId |
Write |
String |
This references an Intune App that will be target to the same assignments as Kiosk configuration |
|
AppUserModelId |
Write |
String |
This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode |
|
ContainedAppId |
Write |
String |
This references an contained App from an Intune App |
|
odataType |
Write |
String |
The type of the entity. |
#microsoft.graph.windowsKioskDesktopApp , #microsoft.graph.windowsKioskUWPApp , #microsoft.graph.windowsKioskWin32App |
MSFT_MicrosoftGraphWindowsKioskUser
Parameters
Parameter |
Attribute |
DataType |
Description |
Allowed Values |
GroupName |
Write |
String |
The name of the AD group that will be locked to this kiosk configuration |
|
DisplayName |
Write |
String |
The display name of the AzureAD group that will be locked to this kiosk configuration |
|
GroupId |
Write |
String |
The ID of the AzureAD group that will be locked to this kiosk configuration |
|
UserId |
Write |
String |
The ID of the AzureAD user that will be locked to this kiosk configuration |
|
UserPrincipalName |
Write |
String |
The user accounts that will be locked to this kiosk configuration |
|
UserName |
Write |
String |
The local user that will be locked to this kiosk configuration |
|
odataType |
Write |
String |
The type of the entity. |
#microsoft.graph.windowsKioskActiveDirectoryGroup , #microsoft.graph.windowsKioskAutologon , #microsoft.graph.windowsKioskAzureADGroup , #microsoft.graph.windowsKioskAzureADUser , #microsoft.graph.windowsKioskLocalGroup , #microsoft.graph.windowsKioskLocalUser , #microsoft.graph.windowsKioskVisitor |
MSFT_MicrosoftGraphWindowsKioskForceUpdateSchedule
Parameters
Parameter |
Attribute |
DataType |
Description |
Allowed Values |
DayofMonth |
Write |
UInt32 |
Day of month. Valid values 1 to 31 |
|
DayofWeek |
Write |
String |
Day of week. Possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. |
sunday , monday , tuesday , wednesday , thursday , friday , saturday |
Recurrence |
Write |
String |
Recurrence schedule. Possible values are: none, daily, weekly, monthly. |
none , daily , weekly , monthly |
RunImmediatelyIfAfterStartDateTime |
Write |
Boolean |
If true, runs the task immediately if StartDateTime is in the past, else, runs at the next recurrence. |
|
StartDateTime |
Write |
String |
The start time for the force restart. |
|
Description
Intune Device Configuration Kiosk Policy for Windows10
Permissions
Microsoft Graph
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions
-
Read
- DeviceManagementConfiguration.Read.All
-
Update
- DeviceManagementConfiguration.ReadWrite.All
Application permissions
-
Read
- DeviceManagementConfiguration.Read.All
-
Update
- DeviceManagementConfiguration.ReadWrite.All
Examples
Example 1
This example is used to test new resources and showcase the usage of new resources being worked on.
It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$Credscredential
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneDeviceConfigurationKioskPolicyWindows10 'Example'
{
Assignments = @(
MSFT_DeviceManagementConfigurationPolicyAssignments{
deviceAndAppManagementAssignmentFilterType = 'none'
dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget'
}
);
Credential = $Credscredential;
DisplayName = "kiosk";
EdgeKioskEnablePublicBrowsing = $False;
Ensure = "Present";
Id = "7fea73fd-20d3-439a-9fa4-73955e082dc5";
KioskBrowserBlockedUrlExceptions = @();
KioskBrowserBlockedURLs = @();
KioskBrowserDefaultUrl = "http://bing.com";
KioskBrowserEnableEndSessionButton = $False;
KioskBrowserEnableHomeButton = $True;
KioskBrowserEnableNavigationButtons = $False;
KioskProfiles = @(
MSFT_MicrosoftGraphwindowsKioskProfile{
ProfileId = '17f9e980-3435-4bd5-a7a1-ca3c06d0bf2c'
UserAccountsConfiguration = @(
MSFT_MicrosoftGraphWindowsKioskUser{
odataType = '#microsoft.graph.windowsKioskAutologon'
}
)
ProfileName = 'profile'
AppConfiguration = MSFT_MicrosoftGraphWindowsKioskAppConfiguration{
Win32App = MSFT_MicrosoftGraphWindowsKioskWin32App{
EdgeNoFirstRun = $True
EdgeKiosk = 'https://domain.com'
ClassicAppPath = 'msedge.exe'
AutoLaunch = $False
StartLayoutTileSize = 'hidden'
AppType = 'unknown'
EdgeKioskType = 'publicBrowsing'
}
odataType = '#microsoft.graph.windowsKioskSingleWin32App'
}
}
);
WindowsKioskForceUpdateSchedule = MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule{
RunImmediatelyIfAfterStartDateTime = $False
StartDateTime = '2023-04-15T23:00:00.0000000+00:00'
DayofMonth = 1
Recurrence = 'daily'
DayofWeek = 'sunday'
};
}
}
}