I'm looking to set up kiosk mode on several Windows 11 devices that are joined to a domain. Unfortunately, I can't use Intune in this environment. The plan is straightforward: users need to sign in with their domain accounts, and Microsoft Edge must automatically launch and navigate directly to a specified website without any access to File Explorer. The website they visit will require Single Sign-On using their domain credentials. After they've completed their tasks, they should log off, leaving the machine ready for the next user. Most guides I've found focus on local accounts or devices that aren't domain-joined. Is there any way to achieve this using just Group Policy, or am I out of options without MDM? Has anyone managed to do something similar with domain users, Edge, and SSO?
1 Answer
From what I've seen, you won't be able to get seamless SSO in Edge's kiosk mode since it runs in an InPrivate session. However, if you set it up like a regular PC, you can tweak the shell registry key to replace Explorer with the Edge path and appropriate kiosk mode switches. Plus, make sure to configure Shared PC to clean up local profiles afterward.
Thanks for the info! How would you go about deploying these settings? Do you use a startup script for the PowerShell commands, or is it better to use Group Policy to implement a single Provisioning Package (PPKG) for this? If using a PPKG, can I set the default shell through that directly?