Shared devices are devices that are configured to be accessible by multiple users, with each user getting their own workspace on the device. Shared devices can be incredibly useful when employees work on a shift basis making it possible to allocate the same devices different users during their shift. These devices can also be used by the frontline workforce, like flight crew, hospital staff, construction workers and even as learning devices in educational institutions. Mobile Device Manager Plus enables the simplified and comprehensive management of shared devices to save time and resources.
iOS and iPadOS devices can be converted into shared devices where users are allowed to access their workspace with their managed Apple ID or Entra ID(formerly Azure AD) credentials. Control can be exercised over a wide range of device configurations, and functionalities like clipboard, camera, microphone for added security can be restricted, while the device's location is kept track of. These devices are best used by remote and frontline workers as well as for education. Find out more about configuring shared Apple devices here.
Mobile Device Manager Plus can be integrated with directory services (like Entra ID(formerly Azure AD), Active Directory on-premises, Zoho Directory), to allow users to gain access to the device with their directory credentials entered into a dedicated authenticator app on the device. In addition to device restrictions, device lockdown and location tracking, configurations like work hours after which device users are automatically logged out, admin mode locked with a password, and guest mode with a specific time limit can also be managed. During logout, admins can configure the local files, SMS, call history, device contacts, and app data to be automatically wiped.
Restrict device login access to a specific set of users within the organization's domain and enable Guest Mode to allow the device to be accessed to users outside of the organization.
To further simplify shared device usage, IT admins can also leverage SAML-based federation to enable single sign-in and sign-out. This capability can allow users to quickly access device apps by just signing in once. Moreover, when a user signs out of their shared device at the end of their session, all of their work data, apps, and logins are wiped from the device, thereby not only securing this data from unauthorized access, but also creating a fresh workspace for the next user.
Since each user sharing the device will have a different set of requirements, IT admins can provision a different set of apps, files, device configurations, and permissions based on the user's needs. Provisioning these resources can be simplified by grouping users with similar sets of requirements, and assigning resources to these user groups. Additionally, IT admins can also modify the layout of apps and pin essential apps in these workspaces to ensure a unified experience across devices.
Shared devices can have security hardening measures like restrictions on the apps allowed to be installed, blocking of third-party downloads, prevention of the access of malicious domains, and more configured on them. Apart from these measures, devices can even be locked to a single app or a specific set of apps with limited access to device functionalities to prevent device misuse. In addition to this, these devices can be patched with software updates on time by notifying the user that is currently logged in to the device when a patch is deployed.