A company that sells and services communication devices had an upcoming Microsoft Dynamics Enterprise Resource Planning (ERP) deployment planned for the following week, but they overlooked one important detail. They needed to lockdown the new Zebra Technologies devices that they would be using to scan inventory barcodes into their ERP system. These devices would be used in their warehouse for inventory tracking, but they didn’t want employees using them to download games/apps or browsed the web. The customer was referred to us by one of our partners and needed assistance quickly. They had registered the devices in Microsoft Endpoint Manager (Intune), but they were having trouble applying the appropriate policies to lock them down to be a purpose-driven device.
We were able to get one of our Principle Consultants engaged quickly to evaluate the customer’s current Intune environment and recommended using Android Enterprise dedicated devices. Device enrollment needed to be quick and easy, so we leveraged the QR code for swift setup and Azure AD Dynamic Device groups to apply all the policies that were created. The customer needed a locked down menu, so we utilized a multi-app kiosk configuration profile and the Managed Home Screen settings of Microsoft Intune to achieve this. The final request was to lock down Google Chrome for Android, so we used Intune App Configuration policies to limit browsing to only corporate ERP system sites.
There were a couple of gotchas that we had to overcome:
- All apps for devices in Enterprise-Dedicated Mode must be deployed as Required, as well as be from the Managed Google Play Store. Web links must also be from the Managed Google Play Store, and can only be edited in that way. Editing managed links in Intune will not alter the URL, icon, etc.
- The barcode scanner application was part of the factory OS image, so an Android Enterprise system app had to be created.
Kudos to the team for helping this customer on very short notice! We enabled them to meet their Go-Live date for their ERP deployment. It’s always great when we can enable one of our customers to meet their business goals, even if it is short notice!
In a future blog we will provide some additional guidance on how we registered the devices and set some of these policies. Or if you need help, contact us!
