KIOSK PC - Automatic Logoff with AD & Azure AD User (With Intune License)

Veera Ragavan 26 Reputation points
2024-10-13T13:13:37.13+00:00

Hello Experts,

Requesting your help, on the following.

Environment : Windows 10 Kiosk PC

Device Managed : Intune

Device Type : Microsoft Intune Managed Device

KIOSK Hardware : Dell Optiplex, Desktop Models.

Users : Intune Suite -1 / E3 - E5..

Auto Pilot Profle : Tried on Both User Drive and Self Drive.

OS Image: Windows 10 US, and Tried with Default Recover Image from the Vendor OEM

Kiosk Profile :

  1. Device Restrictions - Customized Deskto Wallpaper / Lockscreen
  2. KIOSK Profile - Multi app kiosk, Auto logon as Microsoft Entra User or Group, Target devices running Windows 10/11 in S mode as No., With some Win32 Applications Browsers and Applications
  3. LAPS Enabled
  4. Most recent Windows 10 Updates with both Quality and Feature update

Device Enrollment :

  1. Device Enrollment Success with All Compliance Policy, Configuration Policies and Applications
  2. If we Add the "AD or AAD User (Microsoft Entra User) - It is automatically getting signed out

Output Scenario

  1. Device Enrollment is OK with "All Compliance Policy - Met"
  2. Login with LAPS --> Works --> No Sign out happens
  3. Login with AD or Microsoft Entra User --> Sign out happens automatically

If we use the Options as Auto logon (Windows 10, version 1803 and later, or Windows 11)

  1. Kiosk Profile login with KIOSK Account

No sign out happens, and the KIOSK Profile works as Expected. If any one came across the scenario, Please share your inputs.

So far..

  1. Tried out with giving Blank Device Config Policy
  2. Used the Windows 10 USA Based Image even the Systems are located in Europe
  3. LAPS with and Without same scenario

I will also raise the Open Case with Microsoft Premier Support and Share if I hear any good inputs and if it worked.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,783 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,933 questions
Microsoft Intune Grouping
Microsoft Intune Grouping
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Grouping: The arrangement or formation of people or things in a group or groups.
61 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,380 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,255 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Crystal-MSFT 49,861 Reputation points Microsoft Vendor
    2024-10-14T05:19:44.1333333+00:00

    @Veera Ragavan, Thanks for posting in Q&A. Research and find one issue may be related. Please check if the kiosk users have any conditional access policy set. If yes, try to exclude them to see if it works.

    https://learn.microsoft.com/en-us/troubleshoot/mem/intune/device-configuration/users-cannot-logon-windows-multi-app-kiosk

    However, if it is still not working, Open case will be a good option to troubleshoot. If any solution you can get, I appreciate your help to share here to help others who have the same issue.

    Thanks and have a nice day!


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Veera Ragavan 26 Reputation points
    2024-10-14T08:22:49.4766667+00:00

    Thank you Crystal..

    Unfortunately, that is not solving our issue. Earlier we tried to Exclude the "Microsoft Entra account" with Conditional access Policy for "all applications" and it did not worked as Expected.

    Regards,

    Veera


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.