There’s another level here that I’ve been wanting to explore.
In our old Data Collection stations, we had a Windows Login and then and Kinetic Login. The Windows login was set up to autologin (like Kiosk mode). The Kinetic login was a shared username/password for that workstation. Not ideal.
It is possible to log into Windows using a local certificate. What would be better identity control is having users log into a browser profile on that machine using Entra. Now each user’s work is recorded under their ID.
The tough part is teaching the operators to switch to their profile. Will they time out if they walk away, etc.
I don’t think this is possible yet…