Forum Discussion
Does anyone allow multiple users on their Androids?
We have some customers (mainly healthcare) which ask for shared device usage. But in most cases, we advice against is. Logging in to apps is a challenge, making sure user (and patient) data is removed or kept safe from other use is also a big challenge. And MFA is another one.
Shared entra mode build multiple profiles on a device, resulting in a slower user experience and more storage is needed. I'm not a fan of Microsoft interpretation of shared device use.
When a customer is using Samsung hardware, a good solution for shared device uses is Knox Authentication manager. This works as an overlay app which is able to login on other supported apps. And logs out at the end of a shift, making sure your account cannot be used by others. And data is deleted from those apps.
But i really believe we are slowly moving towards a future where we no longer use shared devices and more personal devices. Only kiosk solution without the need for multi user login will survive.
Shared entra mode build multiple profiles on a device
Hmmm I didn't think this was true. From my testing, it seems that it doesn't create multiple user profiles, instead it just uses one user profile and signs in/signs out the Microsoft account.
Also I agree with Moombas shared use devices aren't going anywhere. I come from education which is interesting because in a K12 setting single user devices are the standard. Students, faculty and staff are all issued a device that only they use. But in higher education, it's a completely different story. Very few colleges or universities have the money to issue a device to each student and sometimes we can't even give a device to each faculty member. So, shared use devices become the norm.
Thanks for the link to Knox Authentication Manager. We use Samsung devices but don't pay for any Knox services and it looks like this requires a license.
Shared devices might be migrating more to individual /named devices in the healthcare setting where a relatively more affordable device like a Zebra HC20 can be issued and also where the data on the devices is arguably a lot more sensitive. Other usecases like education, logistics, retail etc still very much rely on shared devices. Multi-shift 24 operations in warehouses for example very much expect to have the same devices used across multiple users and multiple shifts.
Bluefletch handles the shared device use case on Android fairly well. They have a custom launcher that the end user logs into and then can support various forms of SSO into the individual apps from there. They have permissions that can control what apps an end user has access to depending on their user profile and have scripting to clear out existing sessions across multiple apps in order to provide seamless handoff to the next end user.SOTI has something similar with their integration of Microsoft Shared Device mode but I believe it is limited to Entra ID accounts still.
Interesting. It's good to know that other EMMs are doing a better job than Microsoft. Like so many other institutions, my org uses Intune because it comes for free with our M365 licenses and we already use it to manage Windows devices. There's a lot of things I don't like about it and I think the Managed Home Screen is one of them. I would love to know their reasoning why they didn't implement secondary users with Entra shared mode but I probably won't ever get that answer.
