Android enterprise kiosk devices

Android enterprise kiosk devices


With this feature, administrators have the ability to lock the use of a device ( authorized applications,…). Thus the user cannot install his applications (social networks, games,…). It’s important to note that registration is done without a user account. The equipment is therefore not associated with any end user.

  • Android version 5.1 and later
  • Have an android distribution with GMS connectivity (Google Mobile Services)

Configure Android kiosk device management

It’s necessary first to configure Android for Works in Intune. This point will be the subject of a future article. Thereafter, it’s necessary to create a registration profile. Following the creation of a registration profile, a registration token as well as a QR code is generated.

Registration Profile :

From the Intune portal, select Device Enrollment then Android Enrollement. In the central panel, click on Kiosk and task device enrollments.

Android enterprise kiosk devices

Click on Create and enter the name you want. If you want you can enter a description. You need enter Token Expiration Date (maximum:90 days).

Create configuration policy Android enterprise kiosk devices

Click on Create to proceed with the creation.

Create policy Android enterprise kiosk devices

From the Token tab, it is possible to replace, delete or view the Token.

View token

Create Security group

We will use a dynamic security group in order to allow the automatic connection of device registered in Kiosk mode to a security group. Thus it’s possible to automate profil or application deployment following device Registered.

Into the Intune platform, click on Azure Active Directory then on Groups. In the central panel click on New Group.

Create new group Android enterprise kiosk devices

From the Group Type drop-down list select Security. Enter the name and description that you want and select Dynamic Device from the Membership drop-down list.

Create dynamic group Android enterprise kiosk devices

Click on Add dynamic query and choose Simple rule. Configure the filter as below:

  • In the first drop-down list choose : attribute enrollmentProfileName
  • In the middle drop-down list choose: match
  • In the last drop-down list enter : enrollment profile name (Kiosk-IT for me)

Click on Add query then on Create.

Create policy Android enterprise kiosk devices

The group is now been created.

Android enterprise kiosk devices

Android enterprise kiosk devices

Enroll Kiok Device

The enrollemnt method depending on the version of your Android.

  • Android 5.1 or later : Use NFC (Near Field Communication)
  • Android 6 or later : Use Token entry
  • Android 7 or later : Use QR Code
  • Android 8 : Zero Touch

I own a Samsung with an Android 6, so I will choose the enrollment by token entry. On the first time, you need execute factory reset on your device (unless the equipment comes out of the box).

In the wizard, select the language and connect the equipment to a Wi-Fi network.

Connect device to wifi network

When adding the Gmail account enter afw#setup then press Next.

Connect google account

Press Install to install Android Device Policy. Download is in progress.

Policy is downloaded Android enterprise kiosk devices

After installation, press Configure to configure Device Policy . The device and Google Play Store are updated.

update google play

With your mobile and intune portal, scan the QR Code or enter manually the token.

Scan QR code

Enrollment in Microsoft Intune is now complete. You can see on the device that the interface is limited. Moreover, the applications available in the Google Play Store are only those deployed by the IT team.

Android enterprise kiosk devices
Android enterprise kiosk devices
Android enterprise kiosk devices

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.