AzureFeeds

By: Shawn Catlin – Product Manager 2 | Microsoft Intune

This is the fourth blog in the “From the frontlines” series focused on frontline worker scenarios. I’m Shawn Catlin, and I’ve had the privilege of working closely with retail customers to enhance their digital experiences. In today’s rapidly evolving retail landscape, technology plays a crucial role in enhancing operational efficiency and flexibility. This article delves into how Intune can empower IT professionals to effectively manage retail devices, ensuring seamless operations and a balanced work-life experience for retail managers. Join me as we explore practical scenarios and insights on leveraging Intune to transform retail device management.

Advancements in technology have significantly transformed the retail sector, enhancing both operational efficiency and flexibility. Retail managers play a crucial role in overseeing frontline workers (FLWs) in fulfillment, ensuring accurate and swift delivery of goods to consumers, and managing the unloading and unboxing of shipments to stock shelves more quickly and efficiently. By making technology accessible and meaningful, we can directly impact day-to-day operations and improve overall productivity.

Here’s a walkthrough of a scenario where Intune can help administrators effectively manage a retail manager’s company-issued device, while still supporting work-life balance without compromising the device’s manageability or security.

Setup a manager’s device in retail

Managers in retail fulfillment must oversee daily operations, ensuring that tasks are completed efficiently while maintaining a high level of productivity. Their responsibilities include directing and supervising employees, inventory control (stocking and receiving merchandise), and administrative tasks such as scheduling shifts, managing payroll, and reporting sales. Additionally, they communicate with the store’s general manager about staff performance and customer feedback.

To handle these responsibilities, a shift manager is always on the move overseeing tasks. Since they may also perform shift work while still managing employee shifts (cancels, shift changes, etc.) as well as personal aspects outside of typical working hours, companies can leverage Intune enrollment of Android Enterprise corporate owned devices with work profile. This allows a manager the flexibility to shift between work and personal tasks as a value add for the in-and-out nature of their role.

To achieve this, their scenario ideally fulfills the following:

• Access to apps like Microsoft Teams for store-to-store communications, human resource applications for feedback and reviews, Microsoft 365 apps for productivity, and line-of-business applications related to respective store tasks such as inventory, fulfillment, and employee clock in/out.


• Their device must allow some personal aspects like calendaring and texting outside of shift hours to communicate with employees from their phone or manage unrelated work activities like checking family calendars for kids’ school trips, etc.


• Ability to configure restrictions that block notifications and apps outside of operating hours.


• Staged enrollment so admins can partially provision devices, saving users setup time and energy.

Let’s start with an example: there are a total of 200 retail locations, each requiring a device for that location’s manager. First, you’ll create the Android Enterprise Corporate-owned with work profile in Intune to provision the devices and enable  (Fig. 1) in this profile.

Fig 1. – Setting up an Android Enterprise corporate owned with work profile with device staging.

Next, you’ll create an enrollment profile and staging enrollment token in the admin center. This process includes setting a token expiration date, applying a device naming template, and assigning a enrollment time group. Afterward, admins or technicians will complete all userless setup steps before sending the device to shift managers. The manager will then sign in to the Microsoft Intune app using their work or school account, completing the full enrollment process (Fig. 2).

Fig 2. – Left picture depicts admin or technician kicking off userless staging steps. Right picture shows a user signing into the Microsoft Intune app.

You can add and assign Managed Google Play apps to ensure that Teams and other applications required by the shift manager are installed shortly after device enrollment. This enables shift managers to be productive as soon as possible and equips them with the right set of apps needed for daily tasks and job functions.

You can limit access to Teams for managers during off-shift hours using working time settings. Some organizations may need to be strict, encouraging or even outright blocking access to Teams for legal reasons (Fig. 3).

Fig 3. – Picture on the left shows Teams being blocked outside of hours while the picture on the right shows a warning.

If you’re concerned with maintaining Zero Trust security strategy, you can further separate the work and personal side of a user’s corporate owned device by:

• Preventing Copy and Paste and data sharing between work and personal profiles to ensure company data is safe.


• You could also choose to prevent the user from searching work contacts in the personal profile or even choose to prevent contact sharing via Bluetooth.

This is just one of many examples where Intune can empower you to manage your frontline worker devices. Other scenarios include customer product fulfillment or a store supply chain employee ensuring proper inventory levels to support sales.

Please refer to the documentation here for more guidance:

• For information on how to set up Android corporate owned with work profile devices refer to: Android Enterprise Corporate-owned with work profile.


• If you’d like to learn more about incorporating Device staging to reduce end user steps during enrollment see: Device staging overview.


• To speed up app and policy provisioning during enrollment check out: Set up enrollment time grouping.


• You can learn more about adding and assigning Android apps to devices here: Add and assign Managed Google Play apps to Android Enterprise devices.


• If you want to limit access to Microsoft Teams when frontline workers are off shift refer to: Limit access to Microsoft Teams when frontline workers are off shift.


• To ensure your organization can navigate modern security challenges following Microsoft’s Zero Trust approach see: Zero Trust security strategy.


• For more information on Android Device Restrictions specific to Corporate-owned work profile devices see: Corporate-owned Android Enterprise device restriction settings in Microsoft Intune.
  
  

This blog is part of the From the Frontline series so keep your eyes peeled—there’s more to come! Check out: From the frontlines: Frontline worker management with Microsoft Intune to explore the rest of our FLW blogs!

If you have any questions for the team, leave a comment below or reach out to us on X @IntuneSuppTeam or @MSIntune. You can also connect with us on LinkedIn: aka.ms/IntuneLinked.