From the frontlines: Accelerating retail worker shared device experience (Part one)

By: Yusuke Shinoki – Sr Product Manager | Microsoft Intune

This is the second article in the "From the frontlines" series. I'm Yusuke Shinoki, I wanted to share the insights I’ve gained from my retail customers who often talk to me be about their frontline worker device scenarios. 

Technology has revolutionized the retail industry by enhancing operational efficiency and customer experiences. Retail employees now use shared devices to access inventory data, check product availability, and manage orders on the go. Store staff monitor sales and productivity digitally, enabling frontline workers to better serve customers by quickly accessing essential information. In supermarkets and pharmacies operating 24/7, shared devices are rotated among shift workers to perform tasks critical to the business operations. 

Collaboration and real time access to data is becoming increasingly important for frontline workers.  Simultaneously, it’s essential to maintain secure access in line with the Zero Trust security strategy. Let’s discuss how retail associates can benefit from using Intune-managed devices at work while balancing productivity and security.  

Retail associates device needs 

Let’s say retail giant ‘Contoso’ wants to provide shared devices to retail associates, so they can help customers and drive sales. They want each associate to be able to pick up a device at the beginning of their shift and allow them to feel like it’s their own for the duration of the shift. Additionally, they want their associates to be able to collaborate with other associates via Microsoft Teams and access their internal employee portal. At the end of their shift, they want associates to log off and return their devices to the central pool, confident that their personal data won’t be seen by the next associate. 

To support this scenario on shared devices, use Intune’s Android Enterprise dedicate devices enrollment solution with Microsoft Entra shared mode (Fig. 1) and Managed Home Screen.  

Fig. 1 – Setting up an Android Enterprise corporate-owned dedicated device with Microsoft Entra shared mode enrollment profile.

Android Enterprise dedicated devices with Microsoft Entra shared mode and Managed Home Screen allows IT admins to provide consistent shared device user experience. In Contoso’s case, the Contoso IT team needs to provide user experiences for retail associates such as: 

• Easy experience for device sign-in when starting their shift and sign-out at the end of their shift.
• Setting a temporary session PIN for individual associates during their shifts while using devices.
• Easy app switching. 

Associates experience

The Contoso IT team must ensure seamless device sign-in to maximize associate productivity during limited shift hours. Intune and Managed Home Screen provide options to reduce shift swapping time by allowing workers to simply enter their Microsoft Entra ID account into the device and sign in. Microsoft Entra ID accounts require entering a User Principal Name such as "user@contoso.com". By configuring the "Domain name" setting in Managed Home Screen, associates will automatically see the domain name options available to them. This allows associates to quickly enter their ID and start using the device efficiently. (Fig. 2) 

Fig. 2 – Managed Home Screen sign in screens with domain name configuration.

After completing the initial Microsoft Entra ID authentication on the Managed Home Screen, associates set up a temporary session PIN (Fig. 3). This session PIN allows them to securely use shared devices for their tasks throughout their shift.  

Fig. 3 – Entering session PIN on the managed shared device.

The associates’ credentials are then used to enable a single sign-on experience with supported apps. Usually switching apps in Kiosk mode is cumbersome, but Managed Home Screen leverages the virtual app switcher button to switch between apps quickly, just like they do on their regular Android devices. (Fig. 4) This feature enhances the user experience by allowing seamless transitions between applications, ensuring that workers can maintain productivity without unnecessary delays. 

Fig. 4 – Managed Home Screen with app switcher.

Once the associate's shift ends, they can easily log out and return the device to the pool. This ensures that all apps are securely signed out, preventing the next shift's associate from accessing any personal data handled by the previous user (Fig. 5).  

Fig. 5 – Signing out device session

Even if the previous user forgets to sign out at the end of their shift, it's not a problem. The next user can easily start their session by using the “Switch User” option (Fig. 6).  

Fig. 6 – Managed Home Screen “Switch user” option.

These streamlined user experiences allow retail associates to concentrate on their tasks without delays, improving productivity and user experience. 

Setting up Managed Home Screen and the new simplified sign-in option 

Configuring Managed Home Screen can be done through the device configuration profile (Fig. 7) but if you need advanced customization you can use app configuration policies (Fig. 8).  This configuration is the same as described previously for the healthcare scenario:  From the frontlines: Revolutionizing healthcare workers experience.  For step-by-step instructions on setting up Managed Home Screen, refer to the blog: How to setup Microsoft Managed Home Screen in kiosk mode on Dedicated and Fully managed devices.  

Fig. 7 – Kiosk mode multi-app device experience profile for Android Enterprise dedicated devices.

Fig. 8 – Setting up Managed Home Screen (MHS) app configuration policy in the Intune admin center.

In addition to “Domain name” configuration, we’ve been working on further simplifying the sign-in experience. As of March 2025, we introduced QR code sign-in as a public preview. This new feature aims to streamline the initial sign-in process for frontline workers.   

For additional details on QR code authentication, refer to the following information: 

• Simplify frontline workers’ sign-in experience with QR code authentication | Microsoft Community Hub
• How to enable QR code authentication in Microsoft Entra ID (preview) - Microsoft Entra ID | Microsoft Learn. 

Summary 

In this post, we explored how retail shop associates can use Android Enterprise dedicated devices with Entra Shared Mode and Managed Home Screen powered by Microsoft Intune throughout their shifts. This same type of configuration can be used in many other Android shared device scenarios such as warehouse operations, factory floor, and more.  

For more guidance review the Microsoft Learn articles: 

• For information on how to set up shared Android devices refer to: Enroll Android Enterprise dedicated, fully managed, or corporate-owned work profile devices in Intune
• You can find more information on Managed Home Screen and how it can improve the user experience refer to: Configure the Microsoft Managed Home Screen app
• If you’d like to learn more about how Microsoft Entra Shared Device Mode can help your users easily sign in and sign out leveraging single sign-on review: Shared Device Mode overview - Microsoft identity platform
• To learn about how to setup maintenance windows and define application update conditions refer to: Corporate-owned Android Enterprise device restriction settings in Microsoft Intune
• For information on enabling new QR code authentication refer to:  How to enable QR code authentication in Microsoft Entra ID (preview) - Microsoft Entra ID. 

 If your device usage is similar to that of frontline workforces, consider using this solution and let us know how it works for you by leaving a comment below or reaching out to us on X @IntuneSuppTeam! 

 In our next “From the frontlines”, we’ll dive into scenarios involving dedicated devices tailored for specific tasks that enhance customer service and efficiency in the retail industry. Check out From the frontlines: Frontline worker management with Microsoft Intune to see more “From the frontlines” blogs. Stay tuned!