Kiosk mode for Android Enterprise

Kiosk mode is for devices intended for a single use or an extremely limited scope of use. Kiosk mode (also known as dedicated device mode) locks fully managed devices to a single app or set of apps. The user experience for this management mode is extremely focused. The user can only perform specific tasks enabled by the whitelisted apps. Kiosk mode is often used for retail devices, self check-in stations, restaurant self-service kiosks, etc.

NOTE: Kiosk mode is a subset of fully managed mode. Before devices can be put into kiosk mode, they must be enrolled in fully managed mode. For information about enrolling devices, see Enrolling devices in Android Enterprise.

To create a kiosk mode policy

1.Navigate to Tools > Modern Device Management > Agent Settings.

2.Select the Mobility folder.

3.Create a new Mobile Android configuration.

4.Click New.

5.In the General tab, enter the necessary information.

6.Select the Kiosk Mode tab.

7.Select which enterprise account this policy will be associated with. This determines which devices the policy can apply to and which approved apps are available to be whitelisted.

8.Select whether the device will be locked to a single app or a list of whitelisted apps.

9.Select the app(s) the device will be locked to.

10.Select any managed configurations you would like to include with the app(s). For more information about creating managed configurations, see Distributing Android Enterprise apps.

11.Save the policy.

12.Distribute the policy to fully managed devices. For information about distributing policies, see Distributing MDM agent settings.

Additional recommended settings

We recommend using the following additional Mobile Android Configuration settings to ensure the highest level of device security.

Device Settings

System update should be set to a windowed time period outside of working hours to prevent device down-time.

Device Restrictions

Allow reboot device in safe boot should be disabled to prevent escaping locked applications. (This is disabled by default.)

Allow screen captures should be disabled to prevent data breaches.

Allow use of camera should be disabled to prevent data breaches.

Allow factory reset should be disabled to prevent device theft.