Udostępnij za pośrednictwem


Deploy Microsoft Edge Legacy kiosk mode

Important

Microsoft 365 apps and services will not support Internet Explorer 11 starting August 17, 2021 (Microsoft Teams will not support Internet Explorer 11 earlier, starting November 30, 2020). Learn more. Please note that Internet Explorer 11 will remain a supported browser. Internet Explorer 11 is a component of the Windows operating system and follows the Lifecycle Policy for the product on which it is installed.

Applies to: Microsoft Edge Legacy (version 45 and earlier) on Windows 10, version 1809 or later Professional, Enterprise, and Education

Note

You've reached the documentation for Microsoft Edge Legacy (version 45 and earlier.) To see the documentation for Microsoft Edge version 77 or later, go to the Microsoft Edge documentation landing page. For information about kiosk mode in the new version of Microsoft Edge, see Microsoft Edge kiosk mode.

In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge Legacy as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge Legacy in kiosk mode.

In this topic, you'll learn:

  • How to configure the behavior of Microsoft Edge Legacy when it's running in kiosk mode with assigned access.
  • What's required to run Microsoft Edge Legacy kiosk mode on your kiosk devices.
  • You'll also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or an other MDM service.

At the end of this topic, you can find a list of supported policies for kiosk mode and a feature comparison of the kiosk mode policy and kiosk browser app. You also find instructions on how to provide us feedback or get support.

Kiosk mode configuration types

Policy = Configure kiosk mode (ConfigureKioskMode)

Microsoft Edge Legacy kiosk mode supports four configurations types that depend on how Microsoft Edge Legacy is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario.

Important things to note before getting started

  • There are [required steps to follow](#setup- required-for-microsoft-edge-legacy-kiosk-mode) in order to use the following Microsoft Edge Legacy kiosk mode types either alongside the new version of Microsoft Edge or prevent the new version of Microsoft Edge from being installed on your kiosk device.

  • The public browsing kiosk types run Microsoft Edge Legacy InPrivate mode to protect user data with a browsing experience designed for public kiosks.

  • Microsoft Edge Legacy kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge Legacy resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own.

  • Optionally, you can define a single URL for the Home button, Start page, and New Tab page. See Supported policies for kiosk mode to learn more.

  • No matter which configuration type you choose, you must set up Microsoft Edge Legacy in assigned access; otherwise, Microsoft Edge Legacy ignores the settings in this policy (Configure kiosk mode/ConfigureKioskMode).

    Learn more about assigned access:

Supported configuration types

Single-app

Full-sized view single-app digital/interactive signage

Digital/interactive signage

Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.

  • Digital signage does not require user interaction.

    Example. Use digital signage for things like a rotating advertisement or menu.

  • Interactive signage, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet.

    Example. Use interactive signage for things like a building business directory or restaurant order/pay station.

Policy setting = Not configured (0 default)

 

Full-sized view single-app public browsing

Public browsing

Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.

The single-app public browsing mode is the only kiosk mode that has an End session button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.

Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.

Policy setting = Enabled (1)

Multi-app

Full-sized view multi-app normal browsing

Normal browsing

Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.

Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable EnterpriseModeSiteList to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.

Policy setting = Not configured (0 default)

 

Full-sized view multi-app public browsing

Public browsing

Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.

In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable EnterpriseModeSiteList to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.

Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.

Policy setting = Enabled (1)


Set up Microsoft Edge Legacy kiosk mode

Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge Legacy kiosk mode:

  • Windows Settings. Use only to set up a couple of single-app devices because you perform these steps physically on each device. For a multi-app kiosk device, use Microsoft Intune or other MDM service.

  • Microsoft Intune or other MDM service. Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge Legacy kiosk mode experience using any of the Supported policies for kiosk mode.

Prerequisites

  • Microsoft Edge Legacy on Windows 10, version 1809 (Professional, Enterprise, and Education).

  • See Setup required for Microsoft Edge Legacy kiosk mode.

  • URL to load when the kiosk launches. The URL that you provide sets the Home button, Start page, and New Tab page.

  • For Microsoft Intune or other MDM service, you must have the AppUserModelID (AUMID) to set up Microsoft Edge Legacy:

    Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
    

Setup required for Microsoft Edge Legacy kiosk mode

When the new version of Microsoft Edge Stable channel is installed, Microsoft Edge Legacy is hidden and all attempts to launch Microsoft Edge Legacy are redirected to the new version of Microsoft Edge.

To continue using Microsoft Edge Legacy kiosk mode on your kiosk devices take one of the following actions:

  • If you plan to install Microsoft Edge Stable channel, want to allow it to be installed, or it is already installed on your kiosk device set the Microsoft Edge Allow Microsoft Edge Side by Side browser experience policy to Enabled.
  • To prevent Microsoft Edge Stable channel from being installed on your kiosk devices deploy the Microsoft Edge Allow installation default policy for Stable channel or consider using the Blocker toolkit to disable automatic delivery of Microsoft Edge.

Note

Microsoft Edge Legacy is no longer available. For more information, see New Microsoft Edge to replace Microsoft Edge Legacy in the Microsoft 365 Blog.

Use Windows Settings

Windows Settings is the simplest and the only way to set up one or a couple of single-app devices.

  1. On the kiosk device, open Windows Settings, and in the search field type kiosk and then select Set up a kiosk (assigned access).

  2. On the Set up a kiosk page, click Get started.

  3. Type a name to create a new kiosk account, or choose an existing account from the populated list and click Next.

  4. On the Choose a kiosk app page, select Microsoft Edge Legacy and then click Next.

  5. Select how Microsoft Edge Legacy displays when running in kiosk mode:

    • As a digital sign or interactive display - Displays a specific site in full-screen mode, running Microsoft Edge Legacy InPrivate protecting user data.

    • As a public browser - Runs a limited multi-tab version of Microsoft Edge Legacy, protecting user data.

  6. Select Next.

  7. Type the URL to load when the kiosk launches.

  8. Accept the default value of 5 minutes for the idle time or provide a value of your own.

  9. Click Next.

  10. Close the Settings window to save and apply your choices.

  11. Restart the kiosk device and sign in with the local kiosk account to validate the configuration.

Congratulations!

You’ve just finished setting up a single-app kiosk device using Windows Settings.

What's next?

  • User your new kiosk device.

    OR

  • Make changes to your kiosk device. In Windows Settings, on the Set up a kiosk page, make your changes to Choose a kiosk mode and Set up Microsoft Edge Legacy.

Use Microsoft Intune or other MDM service

With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge Legacy kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see Add apps to Microsoft Intune.

Important

If you are using a local account as a kiosk account in Microsoft Intune, make sure to sign into this account and then sign out before configuring the kiosk device.

  1. In Microsoft Intune or other MDM service, configure AssignedAccess to prevent users from accessing the file system, running executables, or other apps.

  2. Configure the following MDM settings to setup Microsoft Edge Legacy kiosk mode on the kiosk device and then restart the device.

    Setting Description
    ConfigureKioskMode

    Icon Mode

    Configure the display mode for Microsoft Edge Legacy as a kiosk app.

    URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode

    Data type: Integer

    Allowed values:

    • Single-app kiosk experience
      • 0 - Digital signage and interactive display
      • 1 - InPrivate Public browsing
    • Multi-app kiosk experience
      • 0 - Normal Microsoft Edge Legacy running in assigned access
      • 1 - InPrivate public browsing with other apps
    ConfigureKioskResetAfterIdleTimeout

    Icon Timeout

    Change the time in minutes from the last user activity before Microsoft Edge Legacy kiosk mode resets the user's session.

    URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout

    Data type: Integer

    Allowed values:

    • 0 - No idle timer
    • 1-1440 (5 minutes is the default) - Set reset on idle timer
    HomePages

    Icon HomePage

    Set one or more start pages, URLs, to load when Microsoft Edge Legacy launches.

    URI full path: ./Vendor/MSFT/Policy/Config/Browser/HomePages

    Data type: String

    Allowed values:

    Enter one or more URLs, for example,
       <https://www.msn.com><https:/www.bing.com>

    ConfigureHomeButton

    Icon Configure

    Configure how the Home Button behaves.

    URI full path: ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton

    Data type: Integer

    Allowed values:

    • 0 (default) - Not configured. Show home button, and load the default Start page.
    • 1 - Enabled. Show home button and load New Tab page
    • 2 - Enabled. Show home button & set a specific page.
    • 3 - Enabled. Hide the home button.
    SetHomeButtonURL

    Icon Set Home

    If you set ConfigureHomeButton to 2, configure the home button URL.

    URI full path: ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL

    Data type: String

    Allowed values: Enter a URL, for example, https://www.bing.com

    SetNewTabPageURL

    Icon New Tab

    Set a custom URL for the New Tab page.

    URI full path: ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL

    Data type: String

    Allowed values: Enter a URL, for example, https://www.msn.com

Congratulations!

You’ve just finished setting up a kiosk or digital signage with policies for Microsoft Edge Legacy kiosk mode using Microsoft Intune or other MDM service.

What's next?

Now it's time to use your new kiosk device. Sign into the device with the kiosk account selected to run Microsoft Edge Legacy kiosk mode.


Supported policies for kiosk mode

Use any of the Microsoft Edge Legacy policies listed below to enhance the kiosk experience depending on the Microsoft Edge Legacy kiosk mode type you configure. To learn more about these policies, see Policy CSP - Browser.

Make sure to check with your provider for instructions.

MDM Setting Digital /
Interactive signage
Public browsing
single-app
Public browsing
multi-app
Normal
mode
AllowAddressBarDropdown Not supported Not supported Not supported Supported
AllowAutofill Not supported Not supported Not supported Supported
AllowBrowser Not supported Not supported Not supported Not supported
AllowConfigurationUpdateForBooksLibrary Not supported Not supported Not supported Supported
AllowCookies Supported Supported Supported Supported
AllowDeveloperTools Not supported Not supported Not supported Supported
AllowDoNotTrack Supported Supported Supported Supported
AllowExtensions Not supported Not supported Not supported Supported
AllowFlash Supported Supported Supported Supported
AllowFlashClickToRun Supported2 Supported Supported Supported
AllowFullscreen* Not supported Supported Supported Supported
AllowInPrivate Not supported Not supported Not supported Supported
AllowMicrosoftCompatibilityList Not supported Not supported Supported1 Supported
AllowPasswordManager Not supported Not supported Not supported Supported
AllowPopups Not supported Supported Supported Supported
AllowPrelaunch* Not supported Not supported Not supported Supported
AllowPrinting* Supported Supported Supported Supported
AllowSavingHistory* Not supported Not supported Not supported Supported
AllowSearchEngineCustomization Not supported Not supported Not supported Supported
AllowSearchSuggestionsinAddressBar Not supported Supported Supported Supported
AllowSideloadingExtensions* Not supported Not supported Not supported Supported
AllowSmartScreen Supported Supported Supported Supported
AllowSyncMySettings Not supported Not supported Not supported Supported
AllowTabPreloading* Not supported Not supported Not supported Supported
AllowWebContentOnNewTabPage* Not supported Not supported Not supported Supported
AlwaysEnabledBooksLibrary Not supported Not supported Not supported Supported
ClearBrowsingDataOnExit Not supported Not supported Not supported Supported
ConfigureAdditionalSearchEngines Not supported Supported Supported Supported
ConfigureFavoritesBar* Not supported Supported Supported Supported
ConfigureHomeButton* Supported Supported Supported Supported
 ConfigureKioskMode* Supported Supported Supported Supported
 ConfigureKioskResetAfterIdleTimeout* Not supported Supported Not supported Not supported
ConfigureOpenEdgeWith* Supported Supported Supported Supported
ConfigureTelemetryForMicrosoft365Analytics* Supported Supported Supported Supported
DisableLockdownOfStartPages Not supported Not supported Not supported Supported
Experience/DoNotSyncBrowserSettings* and Experience/PreventTurningOffRequiredExtensions* Not supported Not supported Not supported Supported
EnableExtendedBooksTelemetry Not supported Not supported Not supported Supported
EnterpriseModeSiteList Not supported Not supported Supported1 Supported
FirstRunURL Not supported Not supported Not supported Not supported
HomePages Supported Supported Supported Supported
LockdownFavorites Not supported Supported Supported Supported
PreventAccessToAboutFlagsInMicrosoftEdge Not supported Supported Supported Supported
PreventCertErrorOverrides* Supported Supported Supported Supported
PreventFirstRunPage Supported Supported Supported Supported
PreventLiveTileDataCollection Not supported Not supported Not supported Supported
PreventSmartScreenPromptOverride Supported Supported Supported Supported
PreventSmartScreenPromptOverrideForFiles Supported Supported Supported Supported
PreventTurningOffRequiredExtensions* Supported Supported Supported Supported
PreventUsingLocalHostIPAddressForWebRTC Supported Supported Supported Supported
ProvisionFavorites Not supported Supported Supported Supported
SendIntranetTraffictoInternetExplorer Not supported Not supported Supported1 Supported
SetDefaultSearchEngine Not supported Supported Supported Supported
SetHomeButtonURL* Not supported Supported Supported Supported
SetNewTabPageURL* Not supported Supported Supported Supported
ShowMessageWhenOpeningInteretExplorerSites Not supported Supported Supported1 Supported
SyncFavoritesBetweenIEAndMicrosoftEdge Not supported Not supported Supported1 Supported
UnlockHomeButton* Not supported Not supported Not supported Supported
UseSharedFolderForBooks Not supported Not supported Not supported Supported

* New policy as of Windows 10, version 1809.

1) For multi-app assigned access, you must configure Internet Explorer 11.
2) For digital/interactive signage to enable Flash, set AllowFlashClickToRun to 0.

Legend:

       Not supported = Not applicable or not supported
       Supported = Supported


Feature comparison of kiosk mode and kiosk browser app

In the following table, we show you the features available in both Microsoft Edge Legacy kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.

Feature Microsoft Edge Legacy kiosk mode Microsoft Kiosk browser app
Print support Supported Not supported
Multi-tab support Supported Not supported
Allow/Block URL support Not Supported Supported
Configure Home Button Supported Supported
Set Start page(s) URL Supported Supported

Same as Home button URL

Set New Tab page URL Supported Not supported
Favorites management Supported Not supported
End session button Supported Supported

In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration introduced in version 1808.

Reset on inactivity Supported Supported
Internet Explorer integration (Enterprise Mode site list) Supported

Multi-app mode only

Not supported
Available in Microsoft Store Not supported Supported
SKU availability Windows 10 October 2018 Update
Professional, Enterprise, and Education
Windows 10 April 2018 Update
Professional, Enterprise, and Education

*Windows Defender Firewall

To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both, using IP addresses. For more details, see Windows Defender Firewall with Advanced Security Deployment Guide.


Provide feedback or get support

To provide feedback on Microsoft Edge Legacy kiosk mode in Feedback Hub, select Microsoft Edge as the Category, and All other issues as the subcategory.

For multi-app kiosk only. If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select Microsoft Edge as the Category, and All other issues as the subcategory.