Devices and applications for frontline workers

Frontline workers play a key role both in serving customers and representing the company. However, communication with them—and between them—remains unresolved in many organizations, meaning that new opportunities to streamline information flow and improve productivity are not fully utilized.

Frontline workers operate, for example, in customer service, manufacturing environments, and various maintenance roles. Finding the right tools can be challenging due to factors such as security, user experience, licensing, and even device costs. This article explores different options for improving frontline productivity from the perspectives of device models, operating systems, and manageability.

This article was originally published in 2021 and has been updated in 2026 to reflect the current situation.

With Microsoft Intune, organizations can easily and securely manage not only Windows devices but also devices running macOS, iOS/iPadOS, Android, and, to a limited extent, Linux.

A frontline worker’s job role plays a crucial part when selecting suitable IT devices to improve productivity. To find the right device and management model, an organization should consider:

• Does the frontline worker have an organizational Microsoft 365 license?

• Does the license cover mobile devices and/or workstations?

• Is the employee performing mobile work across multiple locations?

• Is the employee provided with an organization-owned device?

• Can the employee use a personal mobile device?

• Are shared devices used during work shifts?

• Does the organization have its own line-of-business applications used by frontline workers?

The basic configurations offered by Intune cover lighter management models that focus solely on securing an organization’s cloud applications using various security requirements. For example, when using Microsoft Teams, the app can be required to have its own passcode and local data copying can be blocked.

An organization can also require employees to register their device in cloud management via the Company Portal app in order to gain access to cloud resources.

Devices can be brought under management either as personally owned or organization-owned devices. In both cases, they are assigned to an end user for individual use, but from a management perspective, stricter rules can be applied to organization-owned devices. For example, manual factory resets can be blocked or the use of certain applications can be restricted.

Frontline workers can use various shared-device solutions depending on the operating system and device, provided the job role does not require a personal device and/or the device does not need to move between locations across shifts.

For shared devices, organizations have numerous options. The most important considerations are license sufficiency and requirements, the suitability of management models, and the line-of-business applications in use along with their requirements.

Windows devices

Windows workstations can be configured as shared devices in the traditional way by enabling shared mode. Employees can sign in with their organizational credentials, and upon sign-out, the device is “cleaned” and prepared for the next user.

If frontline workers do not have personal accounts or licenses, workstations can be configured as kiosk devices using the Microsoft Kiosk Browser. In this case, the device runs either a single locked-down line-of-business application (single-app) or multiple applications (multi-app). With Autopilot Self-Deploying mode, devices can be automatically installed and enrolled into cloud management together with an Intune device license.

Apple devices (iOS)

Apple offers a tablet-focused solution called Shared iPad for Business, which allows users to sign in to organization-owned iPads with their own Entra ID. When a worker finishes their shift, they sign out and their data is removed or hidden from other users. This model is implemented using Apple Business Manager and federated authentication configured within it. Endpoint Manager is a compatible management tool for Business Manager. Business Manager also enables the creation of automated kiosk models (single-app) for iOS devices.

Android devices

Android devices can be configured as shared devices either for a single application or for multiple applications using the Managed Home Screen app. Devices can operate as kiosks without user association, or Microsoft Entra Shared Device mode can be used to enable user sign-in, provided that the applications used on the device support MSAL authentication.

Intune’s application library is a centralized publishing platform for all operating systems. In practice, the organization approves selected applications from each platform’s app store, which can then be distributed on a user- or device-specific basis. Application installation and updates can be automated across endpoints, reducing effort and improving efficiency for both IT and end users.

The application library can also include an organization’s own application packages, as long as they meet certain standards depending on the operating system’s requirements. Application developers must therefore ensure that private applications comply with both Microsoft’s and the device platform’s requirements.

Intune also offers the ability to customize applications using App Configuration Policy features. Depending on the application, operating system, and management model, visual changes can be applied to apps and devices—for example, enlarging application icons and arranging their order in a kiosk view. In some applications, organization-specific license keys can also be embedded.