By: Peter Egerton – FastTrack Subject Matter Expert | Microsoft Intune
Warehouses rely on a wide range of specialized devices to keep goods moving - from vehicle-mounted scanners to rugged handhelds used by engineers and associates. Each role has specific device requirements, and IT teams need a way to securely configure, manage, and support them at scale.
The following examples show how Microsoft Intune supports Android-based industrial devices commonly used in warehouses, mapped to key roles: the maintenance engineer, the equipment operator, and the warehouse associate. Role-based configurations - such as work profile enrollment, kiosk modes, and OEMConfig profiles - enable secure, task-specific setups that empower frontline workers while giving IT full visibility and control.
I’m Peter Egerton, I work in Microsoft FastTrack assisting a multitude of different organizations with onboarding and getting the most out of their investment in Microsoft Intune. In this article, part of our “From the frontlines” series, we look at some examples of how Intune can be used to support typical frontline workers in the world’s continuously operating warehouses.
The maintenance engineer
The maintenance engineer role is as critical as any in a warehouse. They keep vital equipment functioning including conveyors, specialist machinery, and materials handling equipment.
Generally, the person in this role moves from task to task during the working day but still needs to stay in touch with employee communications and call or support others using their mobile device. In addition, this person may be expected to participate in an on-call schedule requiring contact outside of typical working hours.
Figure 1. – A maintenance engineer checking equipment.
For this role we’d recommend using an Android device enrolled as a Corporate-owned device with a work profile. This allows the worker to take their mobile device with them wherever they go, including away from the warehouse when on-call. These devices would often be ruggedized, due to the environmental conditions of the warehouse. Using this enrollment type means our engineer can switch the work profile on and off as needed, such as when the engineer is off-duty or needs to focus without the distraction of work notifications. Importantly, the IT admin retains overall ownership of the device in case they need to run remote actions such as wipe, remove apps and configuration, or find a lost device.
Figure 2. – Remote actions for Corporate owned device with work profile.
The device may also be capable of scanning barcodes. As part of their responsibilities the maintenance engineer can scan the unique barcode of each piece of machinery checked as part of their proactive maintenance, and upload that into their maintenance tracking app.
With Intune, the device can be configured based on the original equipment manufacturers (OEM) specific capabilities to further meet the engineer’s needs. OEMConfig is a standard for the Android Enterprise platform that enables OEM and enterprise mobility management (EMM) providers to build, configure and support OEM-specific features in a standardized way on Android Enterprise devices.
The first step for creating an OEMConfig profile is to add the appropriate OEMConfig application into Intune. A list of supported OEMConfig apps is provided and the app must be in the application list prior to creation of the profile.
When creating OEMConfig profiles in Intune you choose the supported OEMConfig app of the devices that you will target. This enables manufacturer specific features available for configuration in the Intune admin center alongside the rest of your device configurations.
The warehouse equipment operator
In logistics and manufacturing locations, parts and products are often moved around with a forklift-truck or other type of materials handling equipment. With a vehicle mounted device, operators gain real-time access to warehouse management systems.
Intune enables you to configure an Android Enterprise vehicle-mounted device operating in dedicated mode, where a single warehousing application is utilized by the operator. This scenario is referred to as a single-app kiosk. Each worker logs into the application for identification and uses a barcode scanner on the device when checking in or moving goods.
You can configure this in Intune with a device restrictions profile. In this profile type, you list the package ID of the app to use for kiosk mode.
Figure 3. – An example configuration for a single-app kiosk device.
In single-app kiosk mode, only the app selected for kiosk mode is launched. In the example depicted in the following screenshots, we see the Microsoft Warehouse Management mobile app. This Warehouse Management app is used by organizations to complete warehouse tasks using a mobile device. The app enables workers to complete material handling, receiving, picking, put away, cycle counting, and production tasks from the warehouse floor.
Figure 4. – An example of a single-app kiosk device using the Microsoft Warehouse Management app.
Figure 5. – An example of a single-app kiosk device using the Microsoft Warehouse Management app.
You can further configure the device to meet the needs of the task, for example disabling or enabling a camera or setting app permissions. Using an OEMConfig profile, you can additionally configure the OEM specific capabilities of the device such as the barcode scanner, keyboard mappings, sensors, or software updates.
If the device has been misplaced or lost, you can remotely locate the device, play the lost device sound and even remotely wipe the device.
Figure 6. – Intune remote actions for Android dedicated devices.
Furthermore, using the additional capabilities of Remote Help from Microsoft Intune Suite an Intune IT admin can offer the device operator remote assistance should they run into any problems. You can use Remote Help when a user is actively using the device, or when no user is using the device. These are respectively called attended and unattended mode. For guidance on implementing Remote Help refer to: Use Remote Help on Android to assist users authenticated by your organization.
The warehouse associate
No warehouse is complete without associates who typically perform a variety of tasks to support the day-to-day operations of a warehouse or factory.
For this role, we recommend using Android devices configured as a single-app kiosk which we’ll focus on in this blog, or even a multi-app kiosk if the role requires a number of different applications. In previous “From the frontlines” series of articles, we’ve covered some examples of using multi-app kiosk we’d recommend reviewing those for a better understanding of those use cases.
Figure 7. – A warehouse associate scanning items.
Many industrial or rugged devices include customisable physical buttons provided by the device manufacturer. Utilizing Intune allows us to leverage the benefits of OEMConfig profiles once more to configure the capabilities of these buttons, leverage extended hardware capabilities and enhance the users experience.
As an example, for greater efficiency, you can use a configurable button by mapping these buttons to launch or activate alternate apps or hardware capabilities. For example, to enable Microsoft Teams Walkie Talkie push-to-talk (PTT) experience to help workers communicate easily with each other and resolve queries quickly. A step-by-step guide for configuring this is available in a previous blog: How to enable Microsoft Teams push-to-talk (PTT) capabilities on Samsung XCover Pro with Intune.
Figure 8. – Microsoft Teams PTT functionality highlighting the location of the hardware button on a Samsung XCover Pro device.
(Source:How to use Microsoft Teams Walkie Talkie on your Galaxy XCover Pro | (samsung.com)).
You can also configure the device to align with standard corporate compliance policies and configuration requirements. Additionally, you can configure a simple lock screen message in a device restriction profile to let people know where the device belongs.
Figure 9. – Adding a lock screen message in a device restrictions profile.
As you can see, there are whole host of options for the eco-system of industrial devices that are often used in warehousing environments. Intune helps empower your frontline workers and integrates seamlessly with OEM device functionality through a supported OEMConfig app. As soon as an OEM updates their app with new features, those are also available to configure with Intune right away.
I hope this blog helps you to envision some use cases in your own organization to get the most out of Intune.
Refer to the documentation for more guidance:
- For information on how to set up shared Android devices refer to: Enroll Android Enterprise dedicated, fully managed, or corporate-owned work profile devices in Intune
- To learn more about using OEMConfig with Intune refer to: Use OEMConfig on Android Enterprise devices in Microsoft Intune
- If you want to know more about the remote actions you can perform with Intune, refer to: Run remote actions on devices with Microsoft Intune
- To learn more about Remote Help from Intune Suite, refer to: Use Remote Help to assist users authenticated by your organization
For information about Teams push-to-talk capabilities with Intune refer to: How to enable Microsoft Teams push-to-talk (PTT) capabilities on Samsung XCover Pro with Intune.
Let us know how you’re using Intune in your frontline worker scenarios or if you have questions by leaving a comment below or reaching out to us on X @IntuneSuppTeam or @MSIntune. You can also connect with us on LinkedIn. Stay tuned for the next post in our series of “From the frontlines” articles or catch up by reviewing: From the frontlines: Frontline worker management with Microsoft Intune.
