Multi-App KIOSK Mode In iOS/iPad OS

This article describes how to enable multi-app kiosk mode on iOS using Intune.

Kiosk mode is a lockdown mechanism that restricts the device to access only the allowed app with restricted access to the remaining functionality of the device. Such devices are used for a specific purpose, such as digital signage and ticket printing, and are traditionally company owned and not associated with any user. The multi-app kiosk mode helps you to allow the device to run only a few applications ensuring that the device is not used for anything other than the apps pushed to it.

As per Microsoft, these devices can be configured to run multiple applications in kiosk mode (available only for Android KNOX and Android Enterprise devices) or a single app available for Android and supervised iOS devices. However

What if you still want to configure your iOS/iPad OS devices to run in multi-app kiosk mode?? There is a workaround for it. However, you will not get a single-app kiosk’s exact look and feel. Let’s see how you can achieve it:

---

Create an Apple Enrollment Profile:

A few months back, I wrote a post with detailed steps and a walkthrough for creating an Apple enrollment profile. For now, we will create a profile for multi-app kiosk devices. Follow the steps below to configure the profile:

• From the Microsoft Endpoint Manager portal, navigate to Devices > iOS/iPadOS > iOS/iPadOS enrollment > Enrollment program tokens.

• Select a token, and then select Profiles.Select Create profile > iOS/iPadOS.

• Provide a Name and Description for the profile (These details will not be visible to users, and click Next.

• In the management settings page, select “Enroll without User Affinity,” We will use this profile to enroll devices as multi-app kiosks.

• For locked enrollment, I would recommend using “Yes” for supervised devices, as it disables iOS/iPadOS settings for removing the management profile from the device. The only option to remove the profile is to wipe it.
• If you allow users to sync their devices with any computer, select “Allow All” from Sync with the Computer option.
• Configure naming template or cellular data if required and click Next to proceed.
• On the Setup Assistant page, update settings for “Department” & “Department Phone Number”.
• Next, you can toggle the options to modify the Setup Assistant screens on the device during user setup.

---

Sync managed devices

Now that Intune has permission to manage your devices, we have to synchronize Intune
with Apple to see your managed devices in Intune portal.

---

Add Apps to Devices

Assign the desired apps to the device group from Intune the conventional way. (Client Apps -> Add App).

---

Multi-App Kiosk Mode

1. Sign in to the Microsoft Endpoint Manager admin center.
2. Select Devices > Configuration profiles > Create profile.
3. Enter the following properties:
   • Platform: Choose the platform as iOS for your devices.
4. Select Device restrictions. Or, select Templates > Device restrictions. Select Create.
5. In Basics, enter the Name and Description for the profile.
6. In the Configurations pane, select “Show or Hide apps,” as illustrated below. In the ‘Visible Apps’ section, you can select multiple apps that will be visible to the user while everything else remains hidden.
7. You can arrange the Dock also on the device to pin the allowed apps there.
8. In Assignments, select the device groups that will receive your profile. 

---

This is what your multi-app kiosk device will look like:

That’s all for this week. Stay safe and have a nice weekend 🍕🥂🍻