IntuneDeviceConfigurationKioskPolicyWindows10

Parameters

Parameter Attribute DataType Description Allowed Values
EdgeKioskEnablePublicBrowsing Write Boolean Enable public browsing kiosk mode for the Microsoft Edge browser. The Default is false.
KioskBrowserBlockedUrlExceptions Write StringArray[] Specify URLs that the kiosk browser is allowed to navigate to
KioskBrowserBlockedURLs Write StringArray[] Specify URLs that the kiosk browsers should not navigate to
KioskBrowserDefaultUrl Write String Specify the default URL the browser should navigate to on launch.
KioskBrowserEnableEndSessionButton Write Boolean Enable the kiosk browser's end session button. By default, the end session button is disabled.
KioskBrowserEnableHomeButton Write Boolean Enable the kiosk browser's home button. By default, the home button is disabled.
KioskBrowserEnableNavigationButtons Write Boolean Enable the kiosk browser's navigation buttons(forward/back). By default, the navigation buttons are disabled.
KioskBrowserRestartOnIdleTimeInMinutes Write UInt32 Specify the number of minutes the session is idle until the kiosk browser restarts in a fresh state. Valid values are 1-1440. Valid values 1 to 1440
KioskProfiles Write MSFT_MicrosoftGraphwindowsKioskProfile[] This policy setting allows to define a list of Kiosk profiles for a Kiosk configuration. This collection can contain a maximum of 3 elements.
WindowsKioskForceUpdateSchedule Write MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule force update schedule for Kiosk devices.
Description Write String Admin provided description of the Device Configuration.
DisplayName Required String Admin provided name of the device configuration.
Id Key String The unique identifier for an entity. Read-only.
Assignments Write MSFT_DeviceManagementConfigurationPolicyAssignments[] Represents the assignment to the Intune policy.
Ensure Write String Present ensures the policy exists, absent ensures it is removed. Present, Absent
Credential Write PSCredential Credentials of the Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
ApplicationSecret Write PSCredential Secret of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.

MSFT_DeviceManagementConfigurationPolicyAssignments

Parameters

Parameter Attribute DataType Description Allowed Values
dataType Write String The type of the target assignment. #microsoft.graph.groupAssignmentTarget, #microsoft.graph.allLicensedUsersAssignmentTarget, #microsoft.graph.allDevicesAssignmentTarget, #microsoft.graph.exclusionGroupAssignmentTarget, #microsoft.graph.configurationManagerCollectionAssignmentTarget
deviceAndAppManagementAssignmentFilterType Write String The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. none, include, exclude
deviceAndAppManagementAssignmentFilterId Write String The Id of the filter for the target assignment.
groupId Write String The group Id that is the target of the assignment.
collectionId Write String The collection Id that is the target of the assignment.(ConfigMgr)

MSFT_MicrosoftGraphWindowsKioskProfile

Parameters

Parameter Attribute DataType Description Allowed Values
AppConfiguration Write MSFT_MicrosoftGraphWindowsKioskAppConfiguration The App configuration that will be used for this kiosk configuration.
ProfileId Write String Key of the entity.
ProfileName Write String This is a friendly nameused to identify a group of applications, the layout of these apps on the start menu and the users to whom this kiosk configuration is assigned.
UserAccountsConfiguration Write MSFT_MicrosoftGraphWindowsKioskUser[] The user accounts that will be locked to this kiosk configuration. This collection can contain a maximum of 100 elements.

MSFT_MicrosoftGraphWindowsKioskAppConfiguration

Parameters

Parameter Attribute DataType Description Allowed Values
AllowAccessToDownloadsFolder Write Boolean This setting allows access to Downloads folder in file explorer.
Apps Write MSFT_MicrosoftGraphWindowsKioskAppBase[] These are the only Windows Store Apps that will be available to launch from the Start menu. This collection can contain a maximum of 128 elements.
DisallowDesktopApps Write Boolean This setting indicates that desktop apps are allowed. Default to true.
ShowTaskBar Write Boolean This setting allows the admin to specify whether the Task Bar is shown or not.
StartMenuLayoutXml Write String Allows admins to override the default Start layout and prevents the user from changing it.The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in Binary format.
UwpApp Write MSFT_MicrosoftGraphWindowsKioskUWPApp This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode
Win32App Write MSFT_MicrosoftGraphWindowsKioskWin32App This is the win32 app that will be available to launch use while in Kiosk Mode
odataType Write String The type of the entity. #microsoft.graph.windowsKioskMultipleApps, #microsoft.graph.windowsKioskSingleUWPApp, #microsoft.graph.windowsKioskSingleWin32App

MSFT_MicrosoftGraphWindowsKioskAppBase

Parameters

Parameter Attribute DataType Description Allowed Values
AppType Write String The app type. Possible values are: unknown, store, desktop, aumId. unknown, store, desktop, aumId
AutoLaunch Write Boolean Allow the app to be auto-launched in multi-app kiosk mode
Name Write String Represents the friendly name of an app
StartLayoutTileSize Write String The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large. hidden, small, medium, wide, large
DesktopApplicationId Write String Define the DesktopApplicationID of the app
DesktopApplicationLinkPath Write String Define the DesktopApplicationLinkPath of the app
Path Write String Define the path of a desktop app
AppId Write String This references an Intune App that will be target to the same assignments as Kiosk configuration
AppUserModelId Write String This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode
ContainedAppId Write String This references an contained App from an Intune App
ClassicAppPath Write String This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode
EdgeKiosk Write String Edge kiosk (url) for Edge kiosk mode
EdgeKioskIdleTimeoutMinutes Write UInt32 Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440
EdgeKioskType Write String Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen. publicBrowsing, fullScreen
EdgeNoFirstRun Write Boolean Edge first run flag for Edge kiosk mode
odataType Write String The type of the entity. #microsoft.graph.windowsKioskDesktopApp, #microsoft.graph.windowsKioskUWPApp, #microsoft.graph.windowsKioskWin32App

MSFT_MicrosoftGraphWindowsKioskUWPApp

Parameters

Parameter Attribute DataType Description Allowed Values
AppId Write String This references an Intune App that will be target to the same assignments as Kiosk configuration
AppUserModelId Write String This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode
ContainedAppId Write String This references an contained App from an Intune App
AppType Write String The app type. Possible values are: unknown, store, desktop, aumId. unknown, store, desktop, aumId
AutoLaunch Write Boolean Allow the app to be auto-launched in multi-app kiosk mode
Name Write String Represents the friendly name of an app
StartLayoutTileSize Write String The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large. hidden, small, medium, wide, large
DesktopApplicationId Write String Define the DesktopApplicationID of the app
DesktopApplicationLinkPath Write String Define the DesktopApplicationLinkPath of the app
Path Write String Define the path of a desktop app
ClassicAppPath Write String This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode
EdgeKiosk Write String Edge kiosk (url) for Edge kiosk mode
EdgeKioskIdleTimeoutMinutes Write UInt32 Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440
EdgeKioskType Write String Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen. publicBrowsing, fullScreen
EdgeNoFirstRun Write Boolean Edge first run flag for Edge kiosk mode
odataType Write String The type of the entity. #microsoft.graph.windowsKioskDesktopApp, #microsoft.graph.windowsKioskUWPApp, #microsoft.graph.windowsKioskWin32App

MSFT_MicrosoftGraphWindowsKioskWin32App

Parameters

Parameter Attribute DataType Description Allowed Values
ClassicAppPath Write String This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode
EdgeKiosk Write String Edge kiosk (url) for Edge kiosk mode
EdgeKioskIdleTimeoutMinutes Write UInt32 Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440
EdgeKioskType Write String Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen. publicBrowsing, fullScreen
EdgeNoFirstRun Write Boolean Edge first run flag for Edge kiosk mode
AppType Write String The app type. Possible values are: unknown, store, desktop, aumId. unknown, store, desktop, aumId
AutoLaunch Write Boolean Allow the app to be auto-launched in multi-app kiosk mode
Name Write String Represents the friendly name of an app
StartLayoutTileSize Write String The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large. hidden, small, medium, wide, large
DesktopApplicationId Write String Define the DesktopApplicationID of the app
DesktopApplicationLinkPath Write String Define the DesktopApplicationLinkPath of the app
Path Write String Define the path of a desktop app
AppId Write String This references an Intune App that will be target to the same assignments as Kiosk configuration
AppUserModelId Write String This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode
ContainedAppId Write String This references an contained App from an Intune App
odataType Write String The type of the entity. #microsoft.graph.windowsKioskDesktopApp, #microsoft.graph.windowsKioskUWPApp, #microsoft.graph.windowsKioskWin32App

MSFT_MicrosoftGraphWindowsKioskUser

Parameters

Parameter Attribute DataType Description Allowed Values
GroupName Write String The name of the AD group that will be locked to this kiosk configuration
DisplayName Write String The display name of the AzureAD group that will be locked to this kiosk configuration
GroupId Write String The ID of the AzureAD group that will be locked to this kiosk configuration
UserId Write String The ID of the AzureAD user that will be locked to this kiosk configuration
UserPrincipalName Write String The user accounts that will be locked to this kiosk configuration
UserName Write String The local user that will be locked to this kiosk configuration
odataType Write String The type of the entity. #microsoft.graph.windowsKioskActiveDirectoryGroup, #microsoft.graph.windowsKioskAutologon, #microsoft.graph.windowsKioskAzureADGroup, #microsoft.graph.windowsKioskAzureADUser, #microsoft.graph.windowsKioskLocalGroup, #microsoft.graph.windowsKioskLocalUser, #microsoft.graph.windowsKioskVisitor

MSFT_MicrosoftGraphWindowsKioskForceUpdateSchedule

Parameters

Parameter Attribute DataType Description Allowed Values
DayofMonth Write UInt32 Day of month. Valid values 1 to 31
DayofWeek Write String Day of week. Possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. sunday, monday, tuesday, wednesday, thursday, friday, saturday
Recurrence Write String Recurrence schedule. Possible values are: none, daily, weekly, monthly. none, daily, weekly, monthly
RunImmediatelyIfAfterStartDateTime Write Boolean If true, runs the task immediately if StartDateTime is in the past, else, runs at the next recurrence.
StartDateTime Write String The start time for the force restart.

Description

Intune Device Configuration Kiosk Policy for Windows10

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • DeviceManagementConfiguration.Read.All

  • Update

    • DeviceManagementConfiguration.ReadWrite.All

Application permissions

  • Read

    • DeviceManagementConfiguration.Read.All

  • Update

    • DeviceManagementConfiguration.ReadWrite.All

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        IntuneDeviceConfigurationKioskPolicyWindows10 'Example'
        {
            Assignments                         = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget'
                }
            );
            Credential                          = $Credscredential;
            DisplayName                         = "kiosk";
            EdgeKioskEnablePublicBrowsing       = $False;
            Ensure                              = "Present";
            Id                                  = "7fea73fd-20d3-439a-9fa4-73955e082dc5";
            KioskBrowserBlockedUrlExceptions    = @();
            KioskBrowserBlockedURLs             = @();
            KioskBrowserDefaultUrl              = "http://bing.com";
            KioskBrowserEnableEndSessionButton  = $False;
            KioskBrowserEnableHomeButton        = $True;
            KioskBrowserEnableNavigationButtons = $False;
            KioskProfiles                       = @(
                MSFT_MicrosoftGraphwindowsKioskProfile{
                    ProfileId = '17f9e980-3435-4bd5-a7a1-ca3c06d0bf2c'
                    UserAccountsConfiguration = @(
                        MSFT_MicrosoftGraphWindowsKioskUser{
                            odataType = '#microsoft.graph.windowsKioskAutologon'
                        }
                    )
                    ProfileName = 'profile'
                    AppConfiguration = MSFT_MicrosoftGraphWindowsKioskAppConfiguration{
                        Win32App = MSFT_MicrosoftGraphWindowsKioskWin32App{
                            EdgeNoFirstRun = $True
                            EdgeKiosk = 'https://domain.com'
                            ClassicAppPath = 'msedge.exe'
                            AutoLaunch = $False
                            StartLayoutTileSize = 'hidden'
                            AppType = 'unknown'
                            EdgeKioskType = 'publicBrowsing'
                        }
                        odataType = '#microsoft.graph.windowsKioskSingleWin32App'
                    }
                }
            );
            WindowsKioskForceUpdateSchedule     = MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule{
                RunImmediatelyIfAfterStartDateTime = $False
                StartDateTime = '2023-04-15T23:00:00.0000000+00:00'
                DayofMonth = 1
                Recurrence = 'daily'
                DayofWeek = 'sunday'
            };
        }
    }
}