By: Carol Burns - Principal Product Manager | Microsoft Intune and Sucheta Gawade, Microsoft MVP (Azure & Security / Intune)
Practitioner perspective from Sucheta Gawade, Microsoft MVP (Azure & Security / Intune), with deep experience in secure frontline mobility, including regulated healthcare environments.
Frontline devices have evolved from a small set of task-specific tools into the way day-to-day work gets done. As new workflows, apps, locations, and teams get added over time, device estates expand quickly, making it harder to maintain consistency and visibility.
For many organizations, the reality of the estate isn't easy to keep track of. Devices may have been purchased locally, inherited through acquisitions, shared across teams, or left unused in lockers. They may be repurposed for new workflows or kept running far longer than originally planned.
This creates a gap between what teams think they have, how they expect devices to be used, and what happens in the field.
“Frontline estates aren’t complex because teams don’t care, they’re complex because operations evolve faster than governance.” -Sucheta Gawade, Microsoft MVP
If teams don’t close this gap early, it tends to show up during pilots and cutover: devices fail in real conditions, frontline teams revert to workarounds, and the migration slows down through rework, exceptions, and avoidable disruption.
To understand the estate, teams need to start by determining what the business needs devices to do and not just who happens to use them.
Start with what devices need to do
While some devices are assigned to individual users, many are shared across shifts, used for specific tasks, or operate without a fixed user at all.
Designing a migration around users or roles can obscure what really matters: the job the device must perform, when it must be available, and the impact if it isn’t.
Anchoring on business needs helps teams:
- Focus on outcomes rather than ownership models
- Simplify stakeholder conversations
- Make clearer tradeoffs, when required, around user experience, productivity and security
One simple way for teams to gather this information is by mapping business tasks to what devices must reliably do.
|
Business Task |
What the device must do |
When it must work |
Impact if unavailable |
|
Take payment for goods |
Run secure POS applications |
Store open hours |
Lost revenue |
|
Pick inventory |
Scan bar codes quickly and accurately |
During shifts |
Orders delayed |
|
Document patient observations |
Capture and submit clinical data |
During care delivery |
Delayed or incomplete care |
This framing applies equally across retail, healthcare, manufacturing, transport, logistics and utilities. It creates a shared language between IT, operations, and security - one that is grounded in business impact rather than tooling.
Once business needs and intended device usage are clear, the next step is understanding how those devices support frontline work day to day.
Understand how devices are used in practice
Frontline usage patterns often diverge from what business owners and IT expect. Devices may be shared across shifts or used by alternate users. They may also be repurposed to support new workflows or kept running beyond their intended lifecycle, all without IT or executive oversight.
These gaps are best identified by partnering with operational and business owners to validate real-world usage through quick workflow walk-throughs, targeted questions, and a review of how devices are accessed and supported day-to-day. Some helpful questions:
- How are devices shared?
- When are they offline or unavailable?
- What workarounds exist to keep critical tasks moving?
It’s also critical to confirm whether corporate-assigned devices have been used for personal activity. Personally used devices may also be treated as work devices, whether authorized or otherwise. This affects wipe and re-enroll decisions because personal use can introduce data retention, user impact, and acceptance risks.
|
Intended usage |
Actual observed use |
Notes/Workarounds |
|
Assigned device |
Shared across the shift |
Shared credentials used |
|
Always connected |
Intermittent Wi-Fi |
Offline workarounds |
|
Single-app device |
Multi-app usage |
Local exceptions for multiple apps |
This is also where identity assumptions surface, particularly in environments where devices are shared but access shouldn’t be.
“Identity reality matters: shared devices should not mean shared credentials. Migration is often the right moment to address this. Otherwise, teams simply re‑platform the same risks.” -Sucheta Gawade, Microsoft MVP
Teams often uncover important dependencies at this stage. For example, some frontline workflows rely on constant connectivity, while others must function reliably in low‑bandwidth or offline conditions. Similarly, older operating systems or unsupported device models may still be in active use because replacing them has operational or budgetary implications.
Understanding these realities early helps teams avoid designing for ideal conditions that don’t exist in the field.
Ground plans in device inventory
Inventory is most valuable when it supports planning decisions, not when it aims for completeness. For frontline migrations, teams need decision relevant information rather than a perfect asset register.
Understanding how devices are procured and funded across the organization is important. For example, whether devices are purchased centrally through IT or sourced locally by business/departments. Procurement paths often explain why inventory is fragmented and help determine who owns refresh cycles, warranties, and enrollment readiness.
At a minimum, this includes:
- Device types and OEMs
- OS version ranges and supportability
- Whether devices are active, dormant, or missing
- How devices align to business-critical tasks
- Where specialist or certified devices are required such as intrinsically safe or ruggedized devices
This helps surface ecosystem considerations early:
- Are required apps and services supported on the OS versions in use today?
- Do OEMs still support the hardware?
- Do environment constraints affect enrollment, updates, or day‑to‑day operation?
These questions are not about selecting solutions yet. They’re about understanding constraints that will shape options later.
With business needs understood, usage patterns mapped, and inventory validated, teams are ready to start designing approaches that work in frontline conditions.
Migration is also a good opportunity to plan for standardization and set a future procurement standard. Even if you migrate the current estate as-is, defining an approved OEM or model catalog for future purchases improves consistency. It can also accelerate troubleshooting and strengthen lifecycle governance as devices reach end of support.
What we’ve learned
The key lesson is simple: validate reality before designing anything.
Teams that invest time here:
- Reduce rework during pilots
- Avoid late‑stage surprises
- Have stronger conversations with operational, security, and platform stakeholders
“We don’t declare success at enrollment. We declare success when a frontline workflow can run end-to-end with predictable support.” -Sucheta Gawade, Microsoft MVP
In future articles, we’ll look at how these insights shape design decisions. In the meantime, we’re interested in hearing what gaps you’ve uncovered between intended and actual device usage in your frontline environments. Leave a comment below or reach out on X @IntuneSupportTeam.
