Android Kiosks in Intune – Part 3
In Part 2 of this series, I explained how to prepare the ingredients to create an Android Kiosk device in Intune and in this part, part 3, I will explain how to enroll an Android device.
Now that you have your environment set up for Android Kiosk device management, you have the Android enrollment profile, a group which will contain the devices, some managed apps and most importantly the QR code, you can now enroll the Android device and provision it as a kiosk device.
So I am going to enroll my Samsung C5 Pro using the QR code. To do this, at the first screen I see, after wiping the device, I tap the screen multiple times to launch the QR Reader:
Next you need to select a network to connect to, so that the QR reader can download and so that the device can connect to your Intune service and download the profile.
After checking for updates etc, the QR reader (app) is installed:
Once the QR reader is installed you will be able to point the devices camera at the QR code, like the one below and enroll the device:
The enrollment profile prompts the device user to accept a few terms and conditions, after informing that your admin can monitor and manage the device:
The device downloads the Managed Google Play Services and Registers the device in your Azure AD:
After a while (like 15 – 20 minutes) the device is “managed by your organization” as can be seen from the lock screen:
The device automatically starts downloading the apps that were assigned in step number 9 of part 2:
Finally, you have a Kiosk device that only has the apps that you assigned to it. The user of the device can’t install any apps, or remove the existing apps:
There are other options to enroll Kiosk devices other than the QR code, but essentially they will end up going through the same steps, just without the QR reader app.
How you enroll your Android devices depends on the operating system.
| Enrollment method | Minimum Android OS version for dedicated and fully managed devices |
|---|---|
| Near Field Communication | 5.1 |
| Token entry | 6.0 |
| QR code | 7.0 |
| Zero Touch | 8.0* |
* On participating manufacturers.
So get going and configure those kiosk devices. Read the Microsoft Documentation on Android dedicated device enrollment. Comment if you need some help, or just want to comment on the blog.
Thanks!
Hi,
I was wondering, do you need a Google Account / GSuite Account / Cloud Identify account for each device? If not – how can it use the Play Store to download things?
Thanks,
Peter
Hi Peter
As mentioned in Part 1, you need only one Google account known as a “Managed Google Play Account” which is then linked to the enrollment profile/s. The devices then use that account which is a Google account for the work play store (different to the commercial play store) to download and install approved apps.
Hope this helps.
Matt
Hi
When a unit is in kiosk mode, how do I do a factory reset?
Great question. Unfortunately, follow the hard reset procedure for the device you are using. I used the Samsung Galaxy C5-Pro in my testing and to reset it, I had to use the key combination documented online.