With October being Cyber Security Awareness Month, it is only right to write another blog in relation to security. In this blog I am going to talk about Intune Shared Device Mode with the use of the Microsoft Managed Home Screen.
Device Management is something that it is critical to business’s of any size, especially in this digital age. The standard scenario for device management is for a user to be specifically assigned to a device, but there is a scenario where devices might be used by multiple users. At Shine we had this exact scenario where for our Live Register project we were going to need to have android tablets at different locations and be able to have multiple users log in at anyone time, as our coaches are not always based at the same location, this is where the shared device mode with the Managed Home Screen comes into play.
Intune Shared Device Mode allows multiple users to sign in and out of a single device, each accessing a personalised experience. This setup is ideal for environments where devices are shared, such as retail, healthcare, or education. It ensures that each user can work efficiently and securely. To configure the shared device mode, you need to configure a enrolment type and then configure a configuration profile:
Finish the steps and add screenshots
1. Browse to the Intune Portal (https://intune.microsoft.com)
2. Browse to Devices > Android > Enrolment
3. Select Corporate-owned dedicated devices
4. Select Create policy
5. Complete the wizard:
- Name: Android Entra Shared Mode
- Token type: Select Corporate-owned dedicated device with Microsoft Entra shared mode
- Token expiration date: Select a date furthest in the future.
6. Select Create
7. Browse back to the Android device section and select Configuration
8. Select Create, followed by New Policy
9. Select Android Enterprise under the platform drop down menu
10. Select Device restrictions under the Fully Managed, Dedicated, and Corporate-Owned Work Profile
11. Select Create
12. Enter a name for the policy, for example I named my policy AND – Shared Device
13. Enter the device experience section:
- Device device experience type: Kiosk mode (dedicated and fully managed)
- Kiosk mode: Multi-App
- Custom app layout: Enable
- Grid Size: Select Grid Size
- Home Screen: Select the apps you wish to display on the home screen
- Screen orientation: Autorotate
- App notification badges: Enable
- Shortcut to setting menu: Disable
- WIFI configuration: Enable
- Bluetooth configuration: Enable
- Media volume control: Enable
- Quick access to device information: Enable
- Screen saver mode: Enable
- Number of seconds the device shows screen saver before turning off screen: 900
- Number of seconds the device is inactive before showing screen saver: 900
- Detect media before starting screen: Enable
- MHS Sign in screen: Enable
- Require user to set a PIN for sign-in session: Enable
- Choose complexity of PIN for sign-in session: SImple
- Required user to enter session PIN if screensaver has appeared: Enable
- Automatically sign-out of MHS and Shared device mode applications after inactive: Enable
- Number of seconds device is inactive before automatically signing user out: 18000
- Number of seconds to give user notice before automatically signing them out: 60
The Managed Home Screen complements this mode by offering a simplified, locked-down interface. Users only see the apps and tools they need, reducing distractions and potential security risks. It’s like having a digital concierge, guiding each user to their personalised workspace on the same device.
The security features of Intune Shared Device Mode provides peace of mind. Administrators can enforce strict access policies and protect sensitive information, crucial for maintaining operational integrity. Obviously the settings I’ve shown are for what I needed for my requirement, that doesn’t mean that you have to follow this, every organisation is different.
Comments are closed