Microsoft Egde Kiosk Mode Configuration Guide
The kiosk devices with browser access are increasingly found in most healthcare centers and hotels for check-in and check-out services. In educational institutes, these devices facilitate students enroll in various programs and promote a digital learning environment.
Setting kiosk browser mode requires careful consideration of various challenges, such as choosing a browser with maximum customization options and adequate security, like Microsoft Edge.
So, we will discuss 3 methods to set up Edge kiosk mode with varying abilities, steps and restrictions to limit devices, a troubleshooting guide, and the potential risks involved.
What is Edge Kiosk Mode?
Microsoft Edge kiosk mode is to run devices in a restricted mode with access to only single or a few websites or web applications in Edge browser. This leads to a secure working environment with improved productivity.
You might be wondering why users trust Edge browser for business purposes. Due to security features and two lockdown experiences Edge offers (digital/interactive signage and public browsing), choosing it over other browsers for kiosk mode is highly effective. Its integration with Windows Defender SmartScreen and the availability of Application Guard helps improve security.
Edge kiosk mode also works for Mac and Linux devices, but some limitations exist, such as users being unable to utilize the assigned access and Windows Shell integration options.
How to Configure Microsoft Edge Kiosk Mode?
2.1Windows MDM Solution
Why do we recommend setting up Edge kiosk mode with an MDM solution? Particularly for enterprises, it facilitates bulk configuration, enhances security, and enforces control.
- Limited Set of Configurations: Without MDM, the enterprise can face a hard time configuring the kiosk mode and require a manual setup of it on every device individually. Moreover, MDM enables users to tailor browser features and settings to meet specific needs.
- Inability to Execute Remote Management: Without MDM, the enterprise is unable to remotely control and manage the devices. This makes it impossible to push the updates across all the devices in the ecosystem.
- Security Risks: The manual configuration of kiosk mode increases the security risks for enterprises.
Create Edge browser kiosk mode with MDM Solution
Sign up AirDroid Business MDM account and log into the dashboard
Go to 'policy & kiosk' > '+ create config file' > Windows Policy > Kiosk Mode
Choose Single App Mode/Multi-app Mode > Add App > Choose Microsoft Edge > Click "Operations" to fill in the details of your Edge browser > Ok
Optional: Add the allowed websites to the browser whitelist and complete the relevant browser settings restrictions.
Finally, apply this profile to your target Windows devices to complete the Edge kiosk configuration.
2.2Official Methods
Method 1. Assigned Access
Assigned Access is supportive on Windows 10 and 11 devices (except Home Edition). It requires creating a kiosk profile in the device settings. Here are the steps to configure it:
- Open the Device Settings > Accounts > Family and Other Users. Then choose ‘Set up a kiosk’.
- Click the ‘Get Started’ button appeared on the screen.
- Add the account name for kiosk profile and choose ‘Microsoft Edge Browser’ from the list of apps.
- Choose either the ‘digital signage display’ option or the ‘public browser’. For full-screen mode, choose the first option and click the ‘Next’ button.
- Enter the website URL you want to run on the device in kiosk mode and click ‘Next’. Then press the close button and restart the device. It will reboot with the set kiosk profile.
Method 2. Command Prompt
Using command prompt is the simplest way to configure Microsoft Edge kiosk mode, users can configure it directly from the Windows device by performing the below steps:
- Press the Win + R command to open ‘Run’ program. Type ‘cmd’ in the search box and press ‘Enter’.
- Once the cmd opens, type the command to configure Edge in kiosk mode. Here is the script:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.airdroid.com/business/ (This is just an example for how to set the path. You can choose the exact path and required website as per your device)
Troubleshooting
Setting the Edge kiosk mode demands careful consideration of various factors. Let’s discuss the major issues like Edge kiosk browser not auto-launching, generally encountered and their possible solutions to save time and avoid disruptions.
Compatibility issues of Edge browser
Sometimes, the Edge kiosk mode may not launch as expected. This could be due to compatibility issues between the Edge browser version and the operating system or other software/extensions.
Edge Kiosk does not auto-launch
On device reboot, the kiosk mode is not automatically enabled, and the device runs normally without any restriction. This is because the auto-launch of Edge kiosk is not properly configured.
Apps Configured in Allowlist are Blocked
Sometimes, due to minor mistakes, the apps configured in the allowlist cannot run on Windows devices when they are in kiosk mode. The primary reason for such cause can be the misconfigured URLs, domain-level restrictions, and incorrect syntax based on the type of method utilized to set the kiosk mode.
Potential Risks & How to Solve
System Security and Jailbreaking Risks
Even when running in Kiosk Mode, Microsoft Edge can still be vulnerable to "jailbreaking" if system applications or keyboard shortcuts are not adequately restricted.
Attackers can exploit combinations of keys (such as Ctrl+O, Ctrl+P) or protocol calls (like ftp:// or special uses of msedge.exe) to access File Explorer, PowerShell, or other tools.
Once broken out of the Kiosk Mode, attackers can execute arbitrary commands, access system files, or install malicious software, posing severe security threats.
How to solve?
Restrict or Remap Function Keys: Disable or remap key combinations like Ctrl, Alt, and F1-F12 in Kiosk Mode. Close unnecessary system shortcuts to minimize the risk of exiting the restricted environment via keyboard operations.
Implement Application Whitelisting: Use tools like AppLocker or MDM Solution to strictly limit executable file paths and signatures. Ensure only authenticated Edge processes can run, preventing attackers from downloading and renaming executable files.
Regular Security Testing: Conduct penetration tests or "Red Team" exercises to identify and patch potential jailbreaking methods.
User Privacy and Improper Session Data Cleanup
If Kiosk Mode is not properly configured, user data such as login information, browsing history, and downloaded files may remain in the system after the browser is closed or restarted.
When multiple users share a device, residual data can lead to privacy breaches or provide opportunities for subsequent attacks. Attackers can exploit leftover browsing records or cached files to conduct social engineering or take advantage of automatic logins from residual account information.
How to solve?
Enable Automatic Browsing Data Cleanup: Use policies (such as Edge's "Clear browsing history/downloads on exit") or scripts to automatically clear browser cache, form data, and file download records at the end of each session.
Combine with Operating System-Level Cleanup: Place kiosk users in "Guest" or temporary accounts (or use virtualization/container technology). Automatically delete user profiles after login sessions to prevent personal data from persisting.
Strictly Limit Local Storage Locations: Restrict download directories and temporary folders to fixed, secure paths and schedule regular automated cleanup scripts to prevent sensitive files from lingering in the system.
Implement MDM Solution: Configure Edge kiosk mode and set policies to periodically clear browser data, login information, and cache to ensure user security.
Leave a Reply.