To configure computers as kiosks by using Intune, use the following procedure:
- In the Microsoft Intune admin center, navigate to Devices | Configuration profiles.
- Create a new profile for Windows 10 and later, using the Kiosk template.
- In the Kiosk wizard, add a Name and Description on the Basics tab and click Next.
- On the Configuration settings tab, in the Select a kiosk mode list, choose
• Single app, full-screen kiosk
• Multi app kiosk - Assuming Single app, full-screen kiosk, which is typical, then configure
• Use logon type Auto logon, Local user account, or Azure AD user or group
• Application type Microsoft Edge browser, Kiosk browser, or Store app - If you chose Microsoft Edge browser, specify the URL and related properties, as shown in Figure 3-32.
FIGURE 3-32 Provisioning a kiosk with Intune
- Click Next, and then define Scope tags as needed.
- On the Assignments page, target the necessary group of devices.
- On the Applicability Rules tab, define any necessary settings.
- Finally, on the Review + create page, click Create.
Configure and implement profiles on Android devices
The process of creating configuration profiles for Android doesn’t vary enormously from the process used for Windows, iOS, or macOS. However, since Intune supports several Android platforms, there is an additional step or two.
Intune supports the following Android platforms:
- Android device administrator
- Android Enterprise
- Android open source project devices (AOSP)
When you start creating, configuring, and assigning an Android configuration profile in Intune, you must select the appropriate platform. Depending on which platform you select will determine what type of profiles you can create. These are described in Table 3-12.
TABLE 3-12 Summary of Android profile types
| Android device administrator | Android (AOSP) | Android enterprise |
| Custom Devicerestrictions MXprofile Certificates VPN Wi-Fi | Devicerestrictions Certificates Wi-Fi | Fully-managed corporate: Derived credential Device restrictions Certificates VPN Wi-Fi Personally-owned work: Custom Device restrictions Certificates VPN Wi-Fi |
Plan and implement Microsoft Tunnel for Intune
Microsoft Tunnel is your organization’s virtual private network (VPN) gateway for Android and iOS devices. It’s designed to allow users of those devices to connect to your on-premises resources.
Microsoft Tunnel for Intune runs in a container on Linux in your on-premises environment and enables access to on-premises resources from iOS and Android devices. Tunnel has the following requirements:
- Microsoft Defender for Endpoint (as the Microsoft Tunnel client app)
- Intune VPN profiles
Note Additional Requirements
You might also need to provision a solution such as Azure ExpressRoute to extend your on-premises network to the cloud.
Prerequisites
Before you can set up the tunnel, you’ll require the following:
- An Azure subscription
- An Intune subscription
- A Linux server running containers in your on-premises network
- A transport layer security (TLS) certificate for the Linux server
- Devices running iOS or Android
- Client apps:
- Android Microsoft Defender for Endpoint
- iOS Microsoft Defender for Endpoint or Microsoft Tunnel client app
