I'm currently configuring Android Enterprise Fully Managed devices to function as shared devices for first-line workers. We can't go with a Dedicated (COSU) setup since we require Microsoft Tunnel, which is only compatible with Fully Managed devices. I'm looking for the best practices to make these Fully Managed devices operate similarly to shared or dedicated devices. Specifically, I need to ensure: 1) Only specific apps are accessible, 2) No alterations to system settings, 3) The Play Store is unavailable for personal use, and 4) Users can sign in and out cleanly. Also, should I create a separate 'technician/staging account' for device enrollment, or is there a better way to manage the initial Azure Active Directory (AAD) login? Any tips would be greatly appreciated!
3 Answers
I noticed you mentioned needing Microsoft Tunnel. It seems that users only really need the authenticator app—I'm not sure if the tunneling portion is absolutely necessary based on what I've seen. Maybe check the latest documentation? Also, how's everything going with your project?
Have you looked into using the Microsoft Managed Home Screen? It might provide the control you're looking for, but do be cautious as there are quite a few caveats. You can find more about that in the official documentation. Combining that with shared device mode could work, but I found many users dislike signing in with their Entra ID; we ended up purchasing a separate device for each user instead.
For your scenario, keeping to one user per device with Fully Managed is the way to go. Everything else you listed can definitely be managed through Microsoft Intune. If you're looking into kiosk mode features, Samsung’s Knox Authentication Manager might also be beneficial, but I usually find Intune covers most shared device needs quite well.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures