Kiosk Mode for iPad, Android and Windows

Setting up Assigned Access

Assigned Access or Kiosk Mode is lively subject. We would remind you of our cautions below:

It’s tempting for IT to “learn” how to set up kiosk mode. That entails making mistakes. Some that will be very costly.  Better to use a mature tool and understand it first before thinking a few browser settings is going to thwart a hacker.

Kiosk mode is simple solution to controlling browser. Key there is “simple”. Good hackers are not so simple and basic protection is only that. Our advice is to learn from the best and then maybe think about a DIY solution. Last thing you need is some young inexperienced “looking-to-learn” MS-certified technician wanting to try his or her’s hand at iPad, Android or Linux. For that matter, ask them how many times their Windows network has been hacked. If they say zero, you know for sure they have no experience there either. Everybody in IT gets hacked.

We have articles detailing the flaws in browser-assigned access. People with thousands of licenses in the field.

Windows 10 — Microsoft ended Windows 10 support on October 14, 2025, for all consumer and business editions except those enrolled in ESU or Long-Term Servicing Channel (LTSC).

Here is the usual best pitch for Assigned Access along summary of TechTarget article.  They provide no cautions, warnings or insight.

Configuring Assigned Access on Windows and kiosk mode on iPad is essential for kiosk deployments because these features lock devices into specific apps or functionalities, preventing unauthorized access or unintended use. This setup ensures customers or users interact only with the intended service or application, maintaining security and protecting sensitive data from tampering or misuse. Kiosk mode also streamlines the user experience, reduces device management workload for IT teams, and minimizes operational disruptions. Ultimately, proper configuration safeguards devices while creating a controlled, dependable environment for customer engagement in public or business spaces. Nice article from TechTarget October 2025.

The article from TechTarget explains how to set up kiosk mode on various operating systems, focusing on iPad, Windows, Android, and Chromebook devices. For iPads, it details using Guided Access for basic single-app lockdown or using Single App Mode for supervised, centrally managed devices. Steps include enabling Guided Access via Accessibility settings or configuring Single App Mode through Apple Configurator or MDM tools.​

For Windows, it describes using Assigned Access to restrict a system to one or multiple apps, with setup possible via local settings, PowerShell, Windows Configuration Designer, or MDM platforms. Security and customization options, such as auto-login accounts and limited system access, are highlighted.​

For Android and Chromebooks, the article covers using dedicated kiosk management apps, enrollment profiles, or Chrome device management policies to restrict devices to specific apps and functionality. All methods emphasize security, control, and efficient deployment for self-service or public-facing scenarios.

Excerpt

The steps to set up a kiosk on a supervised iPad through Single App Mode vary based on the MDM platform. However, in Apple Configurator, admins can use the following steps:

1. Open the Apple Configurator on a Mac computer.
2. Select the devices chosen to be kiosks.
3. Control-click the selected devices and tap Actions > Advanced > Start Single App Mode.
4. Select the app that the kiosk will be restricted to.
5. To view and customize the features available in Single App Mode, select Options. After making any customizations, click Apply and Select App.

To set up Windows 10 kiosk mode using Windows Configuration Designer, take the following steps:

1. Create a new local user account for the kiosk mode to help seal off other parts of the system from users attempting to access the kiosk.
2. Assign the new account to the kiosk role.
3. Set the kiosk account to auto-login at startup.
4. Configure the kiosk account to launch a specific application, such as a web browser or custom application.
5. Configure the kiosk account to have limited access to the system. This might mean disabling the taskbar, start menu and keyboard shortcuts, for example.
6. Set up a security measure, such as a password or PIN required to exit kiosk mode.
7. Test the kiosk mode configuration to ensure it works as expected.
8. Deploy the kiosk mode configuration on all devices you want to use in kiosk mode.

To set up Android kiosk mode with a kiosk management app, use the following steps:

1. Install the chosen kiosk app on the device. These apps let IT lock the device to a specific app or set of apps and restrict access to other parts of the device.
2. Configure the kiosk management app to launch a specific app or set of apps when the device starts up.
3. Disable the device’s status bar, navigation buttons and notifications to prevent unauthorized users from accessing other parts of the device, such as the OS.
4. Set a password or PIN code to let authorized users exit kiosk mode.
5. Test the kiosk mode configuration to ensure it works as expected.
6. Deploy the kiosk mode configuration on all devices chosen to be kiosks.

More Kiosk Mode Assigned Access Resources

• Kiosk Mode vs. Kiosk Software for Windows
• Kiosk Mode – Secure Public Computing
• The Ultimate Guide to Configuring your iPad for Kiosk Use
• JAWS Software & Windows Kiosk Mode
• External
  • Sitekiosk — its tempting for IT to “learn” how to setup kiosk mode. That entails making mistakes. Some that will be very costly.  Better to use a mature tool and understand it first before thinking a few browser settings is going to thwart a hacker.
  • MS Edge Kiosk Mode by Microsoft — https://learn.microsoft.com/en-us/deployedge/microsoft-edge-configure-kiosk-mode
  • Chrome – https://support.google.com/chrome/a/answer/9273974?hl=en
  • Firefox — https://support.mozilla.org/en-US/kb/firefox-enterprise-kiosk-mode
• Typical vulnerabilities in kiosk mode (USB access, escape to OS, software patches), mitigation best practices (MDM, remote monitoring, health checks
• Comments from Heinz at Sitekiosk —
  • When you install SiteKiosk, it automatically runs under a restricted user account with all security (default) settings in place to lock down the browser and prevent access to OS/system-critical settings, etc.
  • Customers do not need to learn anything to secure the system with SK; they only need to install the software.
  • The default settings already restrict the system’s access.
  • Many of customers initially attempt to secure the system with assigned access mode and policies.
  • Still, they often encounter the shortcomings of these basic tools and end up using our software.
  • Time is money, and qualified labor is not cheap! It is more cost-effective to use SiteKiosk than to hire expensive IT personnel to lock down systems manually.
  • When these IT professionals quit their jobs, they often leave without providing documentation on how these systems are secured, leaving the company vulnerable.
  • The new IT person does not know where to start, so they decide to use an easier-to-handle kiosk solution with a Cloud-based remote management console, such as SiteKiosk Online.
  • Worth noting, SiteKiosk Online is not only a lockdown kiosk software, as it also provides remote management/monitoring and CMS with a Cloud-based design tool.
  • We have well over a thousand new customers using it now!
• https://kioskindustry.org/in-the-wild-la-z-boy-credit-application-kiosk-bounty — Here is a good example of a flawed implementation. The app is taking credit and banking information, which heightens the danger. Video included. So much for assigned access and protected app….