Within the latest build of Windows 11 released in the Dev Channel to Windows Insider Program members, Microsoft is testing a new system lockdown feature through a multi-app kiosk mode. Here is the latest information about it.
When enabled, the new feature allows administrators to configure Windows 11 to limit which apps users can access while logged into their session, on the machine in kiosk mode. On this subject, Amanda Langowski and Brandon LeBlanc from Microsoft specify: “Multi-app kiosk mode is a lockdown feature for Windows 11 that allows an IT admin to select a set of apps that are allowed to run on the device, while all other functionality is blocked“.
As for the use of the kiosk mode in practice, several scenarios are possible, in particular on a machine with free access in the entrance hall of an establishment where the visitor can access various information. Thus, the user can only use one or more applications without having direct access to the system.
Microsoft also says it’s possible to create multiple app profiles and apply them to different users, all on a single Windows 11 machine. Each user will have the right to his environment limited to certain applications.
By configuring Windows 11 multi-app kiosk mode (starting with Windows 11 Insider Preview Build 25169), administrators will be able to:
- Restrict access to Settings, except for certain pages (for example, Wi-Fi settings and screen brightness)
- Lock the Start menu to show only authorized apps.
- Block notifications and pop-ups that lead to unwanted UI.
To configure this new mode, administrators can rely on PowerShell and the WMI Bridge. Going forward, Microsoft plans to add support for Intune/MDM configurations and the ability to create provisioning packages.
Here is some documentation for setting up and managing a restricted Start menu: