Share via

KIOSK PC - Automatic Logoff with AD & Azure AD User (With Intune License)

Veera Ragavan 56 Reputation points
2024-10-13T13:13:37.13+00:00

Hello Experts,

Requesting your help, on the following.

Environment : Windows 10 Kiosk PC

Device Managed : Intune

Device Type : Microsoft Intune Managed Device

KIOSK Hardware : Dell Optiplex, Desktop Models.

Users : Intune Suite -1 / E3 - E5..

Auto Pilot Profle : Tried on Both User Drive and Self Drive.

OS Image: Windows 10 US, and Tried with Default Recover Image from the Vendor OEM

Kiosk Profile :

  1. Device Restrictions - Customized Deskto Wallpaper / Lockscreen
  2. KIOSK Profile - Multi app kiosk, Auto logon as Microsoft Entra User or Group, Target devices running Windows 10/11 in S mode as No., With some Win32 Applications Browsers and Applications
  3. LAPS Enabled
  4. Most recent Windows 10 Updates with both Quality and Feature update

Device Enrollment :

  1. Device Enrollment Success with All Compliance Policy, Configuration Policies and Applications
  2. If we Add the "AD or AAD User (Microsoft Entra User) - It is automatically getting signed out

Output Scenario

  1. Device Enrollment is OK with "All Compliance Policy - Met"
  2. Login with LAPS --> Works --> No Sign out happens
  3. Login with AD or Microsoft Entra User --> Sign out happens automatically

If we use the Options as Auto logon (Windows 10, version 1803 and later, or Windows 11)

  1. Kiosk Profile login with KIOSK Account

No sign out happens, and the KIOSK Profile works as Expected. If any one came across the scenario, Please share your inputs.

So far..

  1. Tried out with giving Blank Device Config Policy
  2. Used the Windows 10 USA Based Image even the Systems are located in Europe
  3. LAPS with and Without same scenario

I will also raise the Open Case with Microsoft Premier Support and Share if I hear any good inputs and if it worked.

Microsoft Security | Intune | Configuration
Microsoft Security | Intune | Grouping
Microsoft Security | Intune | Enrollment
Windows for business | Windows Client for IT Pros | User experience | Other
Microsoft Security | Intune | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 54,171 Reputation points Microsoft External Staff
    2024-10-14T05:19:44.1333333+00:00

    @Veera Ragavan, Thanks for posting in Q&A. Research and find one issue may be related. Please check if the kiosk users have any conditional access policy set. If yes, try to exclude them to see if it works.

    https://free.blessedness.top/en-us/troubleshoot/mem/intune/device-configuration/users-cannot-logon-windows-multi-app-kiosk

    However, if it is still not working, Open case will be a good option to troubleshoot. If any solution you can get, I appreciate your help to share here to help others who have the same issue.

    Thanks and have a nice day!

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Veera Ragavan 56 Reputation points
    2024-10-14T08:22:49.4766667+00:00

    Thank you Crystal..

    Unfortunately, that is not solving our issue. Earlier we tried to Exclude the "Microsoft Entra account" with Conditional access Policy for "all applications" and it did not worked as Expected.

    Regards,

    Veera

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.