Mobile device management practices and policies need to be fine-tuned to meet the specific needs of all types of devices.
For example, for BYOD devices fewer, less complex, and less restrictive policies need to be put in place. Moreover, it is not necessarily necessary to register these devices in unified management of terminals (EMU) or management of enterprise mobility (EMM); it may be enough to focus on application and data management. Newsstand devices, or dedicated devices, that have a single use case, such as patient registration in a health facility, deserve more specific configurations. And there are many tools to deploy them. Here are some tips to improve the administration of iOS and Android devices in kiosk mode.
Register devices as soon as they are unpacked Devices to be used in kiosk mode must be enrolled in COPE mode for Android or supervised for iOS. There, it is possible to completely lock the terminal with the most restrictive configuration policies. The user or device-related configurations With iOS devices, you can enable supervised mode with Apple Business Manager or Apple Configurator, with or without user affinity. The latter is used to deploy software and policies based on user groups defined in the Microsoft Azure Active Directory (AD) rather than device groups. This way, it is possible to deploy configurations, applications, and updates to kiosks more quickly than deploying them by device group because it takes a while to add devices to groups in Azure AD after their enlistment.
Lock iOS on one or more iOS apps offers several options to lock the device and allow users to start a single app. It is possible to hide some applications with operating system restrictions, which some EMU or EMM tools support, such as Intune. When using a device with this configuration, the user sees only the application allowed on the iOS device. The second option is to use kiosk device restrictions in an EMM or EMU tool to configure the device to run an application only in kiosk mode. This configuration restricts the entire user interface of the device in one predefined application.
Updating Dedicated Terminals Using Maintenance Windows While it may be difficult to update devices in kiosk mode, it is still necessary to update them as often as possible. Ideally, you should automatically deploy at least the operating system updates. With Android Enterprise, it is possible to automatically update devices according to predefined maintenance windows. This configuration ensures that updates do not install in the middle of business hours when users need the devices to be operational to record a sale or meet their business requirements. It is also possible to use maintenance windows to automatically run updates on supervised iOS devices.
Set Android devices in single or multi-application mode To enlist kiosk devices with Android Enterprise following the dedicated devices scenario, you need to create a configuration profile that locks the device in Kiosk mode. With Intune, for example, it is possible to lock a particular device to operate as a kiosk in two ways: in single application mode or in multi-application mode. The first allows restricting the use of the device to a single application selected by administrators. The application must be defined in a static or dynamic Azure AD group containing device objects. In the multiapplication mode, it is possible to select multiple applications.
Other restrictions can be configured, such as the virtual home button, to allow users to exit the dedicated device mode and a custom URL for a background.