Kiosk management
Kiosk mode allows locking a device to only be able to run one or a small set of applications. It turns an Android or Apple phone or tablet into a dedicated device that can only run one or more specified app(s). Kiosk mode provides complete control over the device usage and ensures that the devices can be used only for the intended purposes. Mobile devices can run tasks in a kiosk mode by configuring the settings through a policy. This feature is applicable only for company owned devices. In a dedicated or supervised device, the device user can access only the apps allowed as per the active kiosk policy.
For example, in Medical Offices to run custom healthcare applications, at Point of Sale locations, or care dealerships, or to provide digital signage.
Supported OS versions
- Android version 10.0 or later
- iOS 9.3 or greater for Multi-Appmode; IOS 6.0 or greater for Single App mode
Supported enrollment types
- Android: Device must be a dedicated device enrolled as Device Owner in Android Enterprise.
- iOS/iPadOD: Device must be a supervised device.
Enabling Kiosk mode
- Create a Kiosk policy to
specify one or more apps to lock down a device in kiosk mode.
- For Apple mobile devices, also create an Appstore policy with the
apps specified in the kiosk policy included. The Appstore policy
deploys the applications and the kiosk policy locks the device to
those apps. Both the policies must specify the same app or apps.
Both these policies should be included within a Policy Group and
when the Policy Group is defined it handles both the app
installation and the lockdown together.Important: If you are deploying single-app kiosk mode for Apple devices as part of a Policy Group, include only VPP apps or specify an app that is already owned by the user (who’s apple ID is used on the target device). This is because, deploying a “Public” Appstore app could lead to an undesirable result as user interaction with the App store is required to complete the install, and such interaction will be blocked as soon as the kiosk policy is processed.
- For Apple mobile devices, also create an Appstore policy with the
apps specified in the kiosk policy included. The Appstore policy
deploys the applications and the kiosk policy locks the device to
those apps. Both the policies must specify the same app or apps.
Both these policies should be included within a Policy Group and
when the Policy Group is defined it handles both the app
installation and the lockdown together.
- Associate the kiosk policy (and Appstore policy as well in case of Apple
devices) with policy
group targeted for the following enrollment types only.
- Android - Dedicated
- iOS and iPadOS - Over the Air Enrollment, Automated Device Enrollment
- Deploy the policy group to MDM server or directly onto the selected devices.
Kiosk mode policy
- From the Kiosk policy page - recommended.
- As a custom policy with kiosk settings and upload the custom policy through WebUI.
- From Custom from Template page.Note: Kiosk custom policy template is available only for Android. The name of the template isDedicated Device Example Template.
Single app kiosk mode
Single app kiosk mode restricts device access to a single application. In Android devices, you can set a single app as the device’s home app, so that the app is launched automatically when the device starts up or even rebooted.
Multiple app kiosk mode
You can install multiple apps as per the organization's requirements and lock down a device on Kiosk mode. However, Kiosk mode limits the device usage to the specified applications by running only those apps that the user needs to access.
A device can only have a single designated kiosk app. However, for Android, if a Kiosk app links to other apps, these additional apps can be added as well. Multi-app mode does provide some lock down capabilities, but uses are not permanently locked to a specific app and can choose from the apps that are whitelisted on the device although all other apps present on the device are hidden from view and inaccessible.
Targeting specific devices at Pre-enrollment
By deploying a Policy Group to the MDM servers and supplying a suitable Smart Group, kiosk mode configuration can be limited through Device Attribute rules, where for example, a list of serial numbers can be provided and only those enrollments where the device matches one of the serial numbers will it get the kiosk mode setup.
Disabling Kiosk mode
- Android
- To take out kiosk mode, the devices need to be unenrolled from MCM.
- Apple
- Devices can be taken out of kiosk mode through the Remove Policy action in webUI and selecting the specific kiosk mode policy that is installed on the device.