Kiosk

Introduction

With POS devices finding an exponential level of usage, single purpose devices are on the rise. But locking the device to a single app is an arduous task for admins, as they need to configure devices to ensure no other apps are installed and users do not navigate away from the locked app. Furthermore, the managing the settings for these devices adds to the difficulty of managing them. POS devices are usually at critical points in an organization and any modification to the settings may lead to loss of productivity. With MDM's Kiosk, locking down the devices to a single app and pre-configuring the settings over-the-air becomes a breeze. Another advantage is that Kiosk allows you to provision multiple apps under Kiosk. Once the settings are configured, you can ensure these settings cannot be modified by the users. Additionally, you can also let the users configure basic settings through Custom Settings app, if the device is provisioned under multi-app Kiosk. Kiosk is supported for all devices, however for Non-Samsung devices running 5.0 or above, Kiosk is applicable only if devices provisioned as Device Owner.

The advantage with Kiosk is that all types of notification services such as the edge notification window available in Samsung devices also get restricted by default, ensuring users cannot navigate away from the app(s) provisioned under Kiosk.

Choosing app(s) for Kiosk

Apps present on the Inventory, which includes both apps added to the App Repository and apps previously installed on the devices can be provisioned under Kiosk. If the chosen app is not present under Kiosk, the devices enter Kiosk with the available apps. The app(s) which were not present earlier, can be installed on the device when it is in Kiosk . To know more about App Repository, distributing Apps and verifying deployment status, you can refer App Management.

Custom Settings app

In case of Kiosk-provisioned devices, users in general cannot view/modify basic settings such as Brightness, Wi-Fi etc., as the screen gets locked to provisioned apps. Custom Settings app, as the name suggests, if configured allows the users to modify these basic settings, if the device is provisioned under Multi-app Kiosk. The advantage with this app, is that you can configure these irrespective of whether the status bar has been restricted or not.

It is better to have only one Kiosk Profile associated per device/group. When you associate two Kiosk profiles to the same device/group, the profile that is applied at last gets associated to the device/group. Hence to avoid confusion, it is not recommended to associate a new Kiosk profile when there is a Kiosk profile already associated to the device/group. If you want to make modifications, remove the existing profile and associate a new profile or modify the existing profile.

Profile Description

Only devices running Android 5.0 or above can be provisioned as Device Owner.

FEATURE DESCRIPTION SAMSUNG NON-SAMSUNG
CORE ANDROID PROFILE OWNER DEVICE OWNER
Kiosk mode

Single App Mode locks down the device to display only a single App.

Multiple Apps Mode locks down the device to display only a specific set of Apps that are required. All the chosen Apps appear on a Custom Home Screen set by the Admin.

Admin can decide the Apps that should be displayed on the user's device.

This will restrict user's access to all other features of the device.

Choose the launcher to be used in kiosk mode

You can choose the launchers to be used when a device is put into kiosk mode. The default device launcher allows the device to retain the same look and feel, thus making it easier for the users. You can also choose the launcher provided by MDM also.

Allowed apps

You can choose App(s) that should be to be provisioned on the user's device.

Choose Wallpaper

You can customize the device screen to display your company's logo etc.

Best Resolution: 960*800 px; Image Format: PNG, JPG; Image Size: 1MB

Show ME MDM app
(Can be configured only if Kiosk Mode is 'Multiple Apps')

You can choose to show ME MDM App on the user's device to enable the user to install distributed Apps from the App Catalog.

DEVICE RESTRICTIONS
Task Manager

Restricting this option, prevents users from accessing Task Manager on their devices. So the users will not be able to access App Settings or go to Default Launcher and exit Kiosk mode. Hence it is always recommended to keep the Task Manager restricted.

Restricted by default
Status Bar

Restricting this will disable users from viewing Status Bar details like battery, notifications, network details etc.

Status Bar Expansion

Restricting this will prevent users from expanding the Status Bar to access the status bar controls. The user will still be able to view the notifications.

Restricted by default

Restricted by default

Home Button

You can restrict Home button on the user's device.

Restricted by default

Volume Button

You can restrict Volume Buttons on the user's device

Power Button

You can restrict the usage of Power Button on the device.

When you restrict Power Button, user has to restart the device every time, to turn on the display.

Back Button

Restricting the Back Button on a device prevents users from using the Back button to navigate back and exit the app.

Unlock device without any passcode (Supported from Android 9.0 or later)

Enabling this ensures the Kiosk-provisioned device can be unlocked without any passcode.

Display app crash dialogs (Supported from Android 9.0 or later)

Enable/Disable the display of error messages when an app crashes on the device.

CUSTOM SETTINGS APP (Can be configured only in multi-app Kiosk)
Wi-Fi

Allow the user to configure Wi-Fi settings as well as switch between different SSIDs.

Flashlight

Allow the usage of Flashlight by the device users.

Brightness

Allow the users to modify the brightness of the device screen.

Screen Rotation

Pre-configure the screen orientation or allow users to modify the same.

Screen Timeout

Pre-configure the screen timeout or allow users to modify the same.

Mobile Networks

Allow users to modify the mobile networks for the device.

Pausing Kiosk on devices

    

While managing devices under Kiosk, there might be a pertinent need to pause Kiosk for certain purposes. Assume there is an enterprise app provisioned under Kiosk and it has stopped working. So, the IT admin will have to view the logs to understand and diagnose the issue. MDM lets you pause Kiosk in three different methods:

Security Commands

Pause kiosk is available as a conventional security command. To execute the security command, click on the Inventory tab on the top menu and select the device. Now, click on Actions and select Pause Kiosk from the dropdown. You can choose to automatically resume Kiosk after some time, by specifying the same when requested. Once you are done troubleshooting the device, you can provision the device back into Kiosk by executing the security command, Resume Kiosk. In case of devices being on field and not in the organization, you can try using the Pause Kiosk passcode.

Pause Kiosk passcode

Pause Kiosk passcode is one of the easiest methods of temporarily revoking Kiosk as it requires no Admin intervention. The passcode is to be specified by the user on the device to temporarily pause Kiosk. Though this makes it easy for IT admins, it also brings the problem of device users randomly pausing Kiosk mode, without the IT Admin being notified. However, the Admin still has some control over this method, as only the Admin and technicians with requisite access can view the passcode and share it with the users. This one-time and time-bound passcode is available when you click on the Pause Kiosk security command. To prevent passcodes from being easily guessable, MDM auto-generates Pause Kiosk passcode every time, as an arbitrary sequence of letters and numbers fortifying the passcode strength. Another advantage with Pause Kiosk passcode is that it doubles up as the passcode for temporarily revoking management. To pause Kiosk, you need to press the back button four times and then provide the Pause Kiosk passcode in the space provided. In case of multi app-Kiosk, you can also choose to tap the top of the home screen four times and then provide the Pause Kiosk passcode

Remote Chat commands

The most probable reason for pausing Kiosk is to troubleshoot the device and this is usually done via Remote Troubleshoot. MDM lets you pause Kiosk right from the device view screen using chat. You can use the chat option present in the device view screen not only to interact with the user but also to execute certain commands such as pausing Kiosk and resuming it if need be. You can pause Kiosk using the command /EXIT-KIOSK, troubleshoot the device and the resume Kiosk using the command /ENTER-KIOSK. You can know more about chat commands here.

Troubleshooting tips

  1. It is recommended to configure Kiosk as a standalone policy in a profile and then associate it to devices. For example, assume you create a profile with multiple policies including Kiosk, where an enterprise app is provisioned under Kiosk and distributed to devices. Now, an update is available for the enterprise app provisioned under Kiosk and the latest APK version gets added to the MDM App Repository. Henceforth, whenever you distribute the profile containing Kiosk or modify other policies(not Kiosk) available in the profile and redistribute it, the newer app version gets provisioned under Kiosk. This means the latest version of the enterprise app, which may not have been tested standalone and/or in Kiosk is now in deployment. Thus, it is recommended to configure Kiosk as a separate policy in a separate profile and always test the app to be provisioned under Kiosk, before deploying it in bulk.
  2. You can add app(s) which are present in the Inventory, into Kiosk Mode. In case the app(s) is/are not present, first add the app(s) to the App Repository. To know more about App Repository, distributing apps and verifying deployment status, you can refer App Management.
  3. Kiosk mode is associated to the devices, even if none of the Kiosk-provisioned apps are present on the device.
  4. On configuring Kiosk Profile, if you choose to restrict Power Button on a device, it is recommended to keep the screen-out time on the device to "None", so that the device does not go to Sleep Mode. In case the device goes to Sleep Mode, it is required to restart the device by long-pressing the Power Button.
  5. Once the Kiosk Profile is associated to devices, ensure that these devices don't lose network connectivity. Else, these devices will be locked into Kiosk mode.
  6. In case the app(s) in Kiosk mode have been updated, it is recommended to test them on a select set of devices before deploying it in production environment.

MDM supports pausing Kiosk and resuming Kiosk using different methods. For example, you can pause Kiosk using remote chat commands and resume it using security commands.

See Also:  Associating Profiles to Groups, Associating Profiles to Devices,  App Management, Distribute Apps to Devices, Distribute Apps to Groups
Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine