Skip to the main content.

1 min read

Success Story: Lock down Zebra devices using Microsoft Endpoint Manager (Intune)

Success Story: Lock down Zebra devices using Microsoft Endpoint Manager (Intune)

A company that sells and services communication devices had an upcoming Microsoft Dynamics Enterprise Resource Planning (ERP) deployment planned for the following week, but they overlooked one important detail. They needed to lockdown the new Zebra Technologies devices that they would be using to scan inventory barcodes into their ERP system. These devices would be used in their warehouse for inventory tracking, but they didn’t want employees using them to download games/apps or browsed the web. The customer was referred to us by one of our partners and needed assistance quickly. They had registered the devices in Microsoft Endpoint Manager (Intune), but they were having trouble applying the appropriate policies to lock them down to be a purpose-driven device.

 

We were able to get one of our Principle Consultants engaged quickly to evaluate the customer’s current Intune environment and recommended using Android Enterprise dedicated devices. Device enrollment needed to be quick and easy, so we leveraged the QR code for swift setup and Azure AD Dynamic Device groups to apply all the policies that were created. The customer needed a locked down menu, so we utilized a multi-app kiosk configuration profile and the Managed Home Screen settings of Microsoft Intune to achieve this. The final request was to lock down Google Chrome for Android, so we used Intune App Configuration policies to limit browsing to only corporate ERP system sites.

 

There were a couple of gotchas that we had to overcome:

  1. All apps for devices in Enterprise-Dedicated Mode must be deployed as Required, as well as be from the Managed Google Play Store. Web links must also be from the Managed Google Play Store, and can only be edited in that way. Editing managed links in Intune will not alter the URL, icon, etc.
  2. The barcode scanner application was part of the factory OS image, so an Android Enterprise system app had to be created.

 

Kudos to the team for helping this customer on very short notice! We enabled them to meet their Go-Live date for their ERP deployment. It’s always great when we can enable one of our customers to meet their business goals, even if it is short notice!

 

In a future blog we will provide some additional guidance on how we registered the devices and set some of these policies. Or if you need help, contact us!

FIDO2 Security Key for Windows 10 (Part 1)

FIDO2 Security Key for Windows 10 (Part 1)

FIDO2 Security Key for Windows 10 (Part 1) As companies like Yubico announce the next generation of YubiKeys with biometrics, let’s take a look at...

Read More
How Microsoft 365 Identified Suspicious Behavior Other Security Programs Missed

How Microsoft 365 Identified Suspicious Behavior Other Security Programs Missed

Recently, CloudServus received a high-severity alert from the Microsoft 365 Security & Compliance Center of one of our clients: a user account had...

Read More
Validate Azure AD Device Dynamic Membership Rules in Preview

Validate Azure AD Device Dynamic Membership Rules in Preview

Validate Azure AD Device Dynamic Membership Rules in Preview Previously when creating queries for dynamic membership rules in Azure AD, you would...

Read More