Many organizations across various sectors rely on kiosk devices , but configuring and managing them can sometimes be challenging. Healthcare organizations, for example, use kiosks as part of their check-in process to confirm personal data and collect payments, while retail organizations may use them as point-of-sale devices. Kiosks are also widely used in restaurants and quick-service retail environments for self-service ordering. Kiosk configurations also help organizations secure shared devices by limiting user access to approved applications and system features. Organizations that want to deploy kiosk devices have several endpoint options from which to choose, including Android tablets, iPads and Windows devices. For enterprises that choose Windows devices for kiosk deployments, administrators can configure Windows 11 kiosk mode using several different management methods depending on the number of devices, management tools and security requirements involved.
4 methods for deploying Windows 11 kiosk mode Windows 10 was the first OS to support Kiosk mode natively, so IT pros can lock down the OS and only allow users to use one or a few applications on any Windows 10 device. In many environments, administrators configure multi-app kiosks that allow a small set of approved applications while preventing access to the rest of the operating system. Organizations can still deploy Windows 10 kiosks on legacy hardware, but Microsoft ended support for Windows 10 in October 2025. Most new kiosk deployments should use Windows 11 to ensure ongoing security updates and long-term support. Here are four distinct methods IT professionals can use when setting up Windows 11 kiosk mode. Setting up Windows 11 kiosk mode from the machine’s local settings Kiosk mode in Windows 11, or Assigned Access, requires Windows 11 Pro .
Assigned Access is Microsoft’s built-in feature for locking a Windows device to one or more applications in a kiosk configuration. IT should only choose this option if they plan to set up one or two Windows 11 devices in kiosk mode, as manually setting up multiple kiosks can be time-consuming and prone to human error. When setting up a kiosk in Windows 11, a desktop admin is also creating a kiosk user account. They must turn kiosk mode on by going into Accounts under the desktop settings. Then, the desktop admin must choose Set up a Kiosk from the Other Users option. Next, the admin must click Get started .
Then they must enter a name for the new account. There’s also an option to use a local standard user account already on the device. Figure 1. Windows 11 Assigned Access settings allow administrators to choose which application runs when a kiosk user signs in. The desktop admin must next choose the app to run when the kiosk account signs in. They can only select apps that run above the lock screen, as shown in the list of available apps.
Here are some guidelines for choosing an app for a kiosk: Windows apps must be provisioned or installed for the assigned access account before a Windows admin can select them as the assigned access app. Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app, requiring the desktop Aadmin to update the assigned access settings to launch the updated app. Apps that the IT department created using the Desktop App Converter (Desktop Bridge) can’t be used as kiosk apps. Once the admin selects an app, the desktop admin must choose Close . Setting up Windows 11 kiosk mode with Windows PowerShell The next option IT admins can choose to set up and configure kiosk mode on Windows 11 is the PowerShell cmdlets method. PowerShell cmdlets are command-line instructions that allow administrators to script kiosk deployments and apply consistent configurations across multiple devices.
This method provides a flexible, scripted and repeatable approach to configure and deploy kiosk devices. Figure 2. PowerShell cmdlets can automate the deployment and management of Windows kiosk mode across multiple devices. IT admins must sign into the kiosk as an administrator, then create a user account for Assigned Access. After the admin signs in as the Assigned User account, they can install the Universal Windows apps that meet the assigned access/above the lock guidelines. When the installation is complete, they sign out of Assigned User account and back in as an administrator.
The PowerShell approach is especially effective for organizations that need to deploy several types of devices. Figure 2 shows some of the cmdlets that IT must use during the setup. PowerShell provides a flexible, scripted and repeatable approach to configure kiosk devices. Removing Assigned Access with PowerShell requires running the following cmdlet: Clear-AssignedAccess. Use the kiosk wizard in Windows Configuration Designer Microsoft offers another way to manage and configure Windows devices without having to create a base image for them: the Windows Configuration Designer application, available for free from the Microsoft Store. IT admins can more easily define a kiosk configuration with the app and deploy it to any managed device because the app’s kiosk wizard is user-friendly.
However, it’s important to note that only one instance of Windows Configuration Designer can run on a computer at a time. And while it can open multiple projects, it can build only one project at a time. Deploy kiosk settings from an MDM platform or Microsoft Intune Another method is to use mobile device management ( MDM ) tools to deploy and manage kiosk devices. This option works well for organizations with many kiosks in different physical locations, such as retail stores or restaurants, that require centralized IT management. MDM-based kiosk deployments are especially useful for organizations that manage kiosks across multiple locations and need centralized configuration, updates and security monitoring. Many organizations now deploy kiosk devices using automated provisioning workflows such as Windows Autopilot combined with Microsoft Intune policies, allowing administrators to configure kiosk mode remotely during device setup.
Platforms such as VMware Workspace ONE UEM and Microsoft Intune provide MDM capabilities that allow desktop admins to set up Windows 11 kiosk mode to manage devices remotely. These remote commands include the ability to lock some elements of Windows 11, turning these devices into kiosks. These tools can proactively alert IT when device problems require attention relating to storage, CPU usage, system errors or going offline. Using an MDM for remote kiosk management also helps IT ensure the kiosk devices receive the security patches and OS updates they need to remain secure and compliant. Windows kiosk mode provides organizations with a reliable way to deliver controlled user experiences on shared devices. Whether administrators configure kiosks locally, through scripts or with centralized device management platforms, the right deployment method depends on the number of devices and the level of control required.
Will Kelly is a freelance writer and content strategist who has written about cloud, DevOps, AI and enterprise mobility. Reda Chouffani runs a consulting practice he co-founded, Biz Technology Solutions Inc., and is CTO at New Charter Technologies. He is a technology consultant with a focus on healthcare and manufacturing, cloud expert and business intelligence architect who helps enterprises make the best use of technology.
Source :
For further details, visit: https://www.techtarget.com/searchenterprisedesktop/tip/Setting-up-Windows-10-kiosk-mode-with-4-different-methods
