Profile Configuration

Tip

You can always copy an existing profile.
Fields that require interaction when copying are marked with: Change on Copy

Create Profile

Under Device Profiles & Policies use the Create New Profile action to open the profile creation/edit wizard.

Create New Profile

• Select Windows
• Enter Profile Name, e.g. Kiosk_Prod_{Store/Location Name}_{Device Name} Change on Copy

Select Apps

Select Multi-App Kiosk Mode

Step 1: Select Mode

• For Configure Policy Mode:
  • Apply this policy using Scalefusion MDM Adgent App = TRUE
    • Enable Advanced Protection using App Locker = FALSE
  • Apply this policy using Windows MDM CSP = FALSE

Step 2: Add User Info

• For User Account selection:
  • Autocreate Kiosk User Account
    • Enter the Account Name
      = Kiosk User

Step 3: Select Apps

• Search for Edge & enable Microsoft Edge

Step 4: General Settings

• For Configure StartUp App (Optional):
  • Select one application that will be autolaunch
    = EMPTY (Select Nothing)
• For Display Settings:
  • Allow Taskbar = FALSE
  • Hide Recommended Section = TRUE
• For Folder Restrictions:
  • Allow all = FALSE
  • Block all = TRUE
  • Allow following = FALSE

Allowed Websites

Skip section.

Passcode Settings

Disable Override Global Password Policy

Browser Configurations

Policy Target

• Chrome Browser = TRUE
• Edge Browser = TRUE
• Firefox Browser = FALSE

Start Up

• For Startup Settings:
  • Home Page = Launch below URL
    • Home Page URL = {KIOSK HOME URL} Change on Copy
    • Launch URLs = {KIOSK HOME URL} Change on Copy
  • Home Button = Never Show

User Experience

• For User Experience Settings:
  • Bookmark folder name = NULL (Leave Empty)
  • Bookmark Bar = Disable
  • Bookmark Editing = Disable
  • Developer Tools = Block
  • Auto Fill = Disable Autofill

User Experience

• For Content:
  • Cookie Policy = Delete at End of Session
  • Run JavaScript = Allow
  • Popups = Block All
  • Flash Plugins = Block
  • Google Web Search = Do not enforce safe search
  • YouTube Restriction Mode = No Restriction
  • Extend Allowed Websites List Rules = NULL (Leave Empty)

Security

• For Security Settings:
  • Password Manager = Block
  • Incognito Mode = Block
  • Browser History = Never Save
  • Clear Browser History = Block Users from Clearing
  • Malicious Sites = Prevent users from 'proceeding anyways' to malicious sites
  • Browser Signin = Block
  • Force Ephemeral Mode = Erase local user data on session end
  • Configure Sidebar Visibility = Block

Network

• For Network Settings:
  • Proxy Settings = Never use Proxy

Search

• For Search Settings:
  • Search Suggestions = Never Allow
  • Default Search Provider = Lockdown to the selected provider
    • Search Provider Name = Google
    • Search Provider Keyword = google
    • Search Provider URL = https://google.com/?q=%s
    • Search Provider Icon URL = https://google.com/google.ico

Printing

• For Printing Settings:
  • Printing Settings = Disable

Extensions

• For Extension Management:
  • Extension Management Policy = Block All except Allowed
    • Configure extensions to be Allowed = NULL (Leave Empty)
    • Configure extensions to be force Installed = NULL (Leave Empty)
    • Configure extensions to be Allowed/Installed = NULL (Leave Empty)

Settings

Single/Kiosk App Mode

• For Configure Kiosk App:
  • Select Type of Application = Third Party Browser Application
  • Select the Browser App = Edge Browser
  • For Configure Browser Settings:
    • Default URL = {KIOSK HOME URL} Change on Copy
    • Set Installation Path = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Use Set this as Install Path from suggestion)
    • Show Forward, Back and Address Bar = FALSE
    • Show Session Restart dialog = FALSE
    • Show Home Button = FALSE
    • Show End Session Button = FALSE
  • For User Account selection for Kiosk:
    • Enter Primary Username = TRUE
      = Kiosk User
    • Autocreate Kiosk User Account = FALSE
  • For CSP Selection:
    • Use Shell Launcher CSP = TRUE
    • Use Assigned Access CSP = FALSE

Device Management

• For Branding:
  • Make Selection as Needed
• For Exchange & Email:
  • Skip
• For Certificates:
  • Skip

Security Settings

• For BitLocker:
  • Prompt for Device Encryption = FALSE
• For Windows Information Protector:
  • Configure Windows Information Protection = FALSE
• For Windows Hello:
  • Skip
• For Windows Defender:
  • Disable Configure Defender Policies
• For Windows AI:
  • Allow Image Creator for Windows Paint = FALSE
  • Allow AI Data Analysis (Windows Recall) = FALSE
  • Allow Windows Copilot = FALSE

Windows Updates

• For Scalefusion Agent Based Settings:
  • Override Global MDM Agent Update Settings_ = FALSE
  • Override Global MDM Agent based OS Upgrade Settings_ = FALSE
• For Windows MDM Based Settings:
  • Configure Update Policies = FALSE
• For Delivery Optimization Settings:
  • Skip

Third Party Application Updates

• For Third Party Application Updates/Patches:
  • Override Third Party App Update/Patch Settings = FALSE

Network Settings

• For WiFi & Network:
  • Skip
• For VPN:
  • Configure VPN Settings = FALSE

Custom Settings

• For Custom Settings:
  • Send payload as Atomic Command = FALSE
  • Select Conflict Resolution Method = Custom Payload Wins over Device Profile Settings
  • Custom Payload = NULL (Leave Empty)

Scalefusion Agent Settings

• For Management Settings:
  • Remove Local Admin Privileges for Enrolled User = FALSE
  • Auto Enroll to Modern Management = TRUE
  • Remove/Migrate device from 3rd party MDM (Modern Management) = FALSE
• For Kiosk Settings:
  • Show System Tray = FALSE
  • Show option to relax Kiosk mode and sign-in to Microsoft Office application = FALSE
• For General:
  • Scalefusion Sync Interval = 15 Minutes
  • Enable Broadcast Messages View = FALSE
  • Block Input Devices = FALSE
  • USB Peripheral Settings
    • Block Input Devices = FALSE
    • Block Media Devices = FALSE
    • Block Network Adapters = FALSE
  • Policy Change Alert Settings
    • Show an Alert on Policy Change = TRUE
    • Message = Dieses Gerät wird in 5 Minuten automatisch neu gestartet. Bitte schließen Sie Ihre Bestellung rechtzeitig ab. Wenn Sie Fragen haben, wenden Sie sich bitte an das Personal.
    • Sign Out/Reboot Device = After 5 Minutes

Advanced Settings

• For Policy Targets:
  • Allowed Websites = Device
  • Browser Configurations = Device
  • VPN Policy = Device
• For Configure Settings App:
  • Configure Setting Options = FALSE
• For Edge Browser:
  • Cookie Policy = Allow all cookies from all sites
  • Enter Start Page URL = {KIOSK HOME URL} Change on Copy
  • Autofill = Restrict
  • Popups = Restrict
  • Address bar dropdown = Restrict
  • Browser Extension = Restrict
  • Clear browsing history on close browser = Allow
  • Allow accessing “about:flags” = Restrict
  • Allow Flash = Restrict
    • AutoRun Flash = Restrict
  • Developer Tools = Restrict
  • In-Private Browsing = User Control
  • Save Password Locally = Restrict
  • Search suggestions in address bar = Restrict
  • Force Fraudulent Website Warning = User Control
    • Override Fraudulent Websites warning = User Control
    • Override malicious file warning = User Control
  • Allow “Do Not Track” request = Restrict
• For General Settings:
  • System Settings
    • Allow USB Connections And Storage Card (SD) = TRUE
    • Microsoft Feedback Notifications = FALSE
    • Modify Date & Time = TRUE
    • Allow Bluetooth = FALSE
    • Allow Bluetooth Pre-pairing = FALSE
    • Allow Bluetooth Services Advertising = FALSE
    • Telementry = Security
  • Start Layout Settings
    • Hide Switch Account = FALSE
    • Hide Sign out = FALSE
    • _Hide User tile = FALSE
    • Hide Account Settings = FALSE
    • Hide People Bar = TRUE
    • Hide Lock = TRUE
    • Hide Hibernate = FALSE
    • Hide Sleep = FALSE
    • Hide Restart = FALSE
    • Hide Power Options = FALSE
    • Hide Shutdown = FALSE
    • Allow End Task = TRUE
  • Display Settings
    • Configure Settings when Plugged In (5-60 minutes)
      • Configure Display Off Timeout = FALSE
      • Configure Hibernate Timeout = FALSE
      • Configure Unattended Sleep Timeout = FALSE
      • Allow Stand By Device Sleep = Disabled
        • Configure Stand By Timeout = FALSE
      • Lid Close Behavior = User Control
      • Sleep Button Behavior = User Control
      • Power Button Behavior = User Control
    • Configure Settings when on Battery (5-60 minutes)
      • Configure Display Off Timeout = FALSE
      • Configure Hibernate Timeout = FALSE
      • Configure Unattended Sleep Timeout = FALSE
      • Allow Stand By Device Sleep = Disabled
        • Configure Stand By Timeout = FALSE
      • Lid Close Behavior = User Control
      • Sleep Button Behavior = User Control
      • Power Button Behavior = User Control
  • Folder Settings
    • File Explorer = User Control
    • Documents = User Control
    • Downloads = User Control
    • Music = User Control
    • Videos = User Control
    • Pictures = User Control
    • Personal = User Control
    • Network = User Control
    • Settings = User Control
  • Application Settings
    • Install Non Store Apps = TRUE
    • Store app data in Device Memory = TRUE
    • Install apps in Device Memory = TRUE
  • Configure Ctrl + Alt + Del options for Enrolled user
    • Disable Task Manager = FALSE
    • Disable Change Password = FALSE
    • Disable Log Off = FALSE
    • Disable Lock Computer = TRUE
  • Security & Search
    • Camera = Restrict
    • Cortana = Restrict
    • Microsoft account Connection = Allow
    • Add Non Microsoft Accounts = Allow
    • Sync Settings across Devices = Restrict
    • Reset Device = Restrict
    • Developer Unlock = None
    • Location Services = None

Run Commands

Skip

Software Meetering

Skip

Publish Apps Change on Copy

Under Application Management goto Enterprise Store

Apply the follwing steps for all of these applications:

• Kiosk Settings
• Kiosk User Settings

Steps:

• Find the app and click Publish
• Click Publish
• Select your newly created profile
• Click Publish