Microsoft Intune empowers frontline workers in retail and beyond

With increasingly capable devices and faster bandwidth reaching a broader range of industries, there are more examples of computers, phones, tablets, and other handheld devices making their way out of the office and into the world. As the National Retail Federation holds its annual conference (January 12-14, 2025), it's a good time to look at how Microsoft Intune enables different device uses on the retail sales floors, up the supply chain, and beyond.

Defining the frontline

We started to define frontline work and workers in this blog in 2023. And while much of that definition still applies, frontline work doesn't always involve a human—as with kiosk-style devices—and doesn't always involve the public as with workers behind the scenes. Think of the frontline use case as a more active style of using devices, and as this style has evolved, we've created options for how to enable and enhance security and productivity with Microsoft solutions. Below are some scenarios you might recognize in your own organization.

A view from the frontline

Devices alone on the frontline

You may have ordered food from a restaurant kiosk, interacted with a museum touchscreen, or seen a digital billboard. These devices are perhaps the most frontline of all. With Intune, these devices (often called "user-less" or "kiosk" devices) can be set up remotely. There's no need for a user to sign in to an account because Intune manages the security policies and configurations that keep the device up to date, run a single application, multiple applications, or even a browser in full screen. This can make deployment and monitoring of multiple kiosks a simpler process for IT professionals.

Devices dedicated to a task

Think about completing a purchase in a store where the cash register is often a point-of-sale device that can be used by any associate to complete a transaction. Or imagine an inventory scanner that is used when unloading a shipment coming into a warehouse. These task-specific devices are limited to a single or narrow set of applications. They are shared for use by internal users, don't need user-specific customization, and don't require user sign in.

Devices dedicated to shift work

When a telecom worker came to install my fiber-optic modem, they had a ruggedized tablet with my order information, mapping software to help them find my address, and a time-tracking app preloaded. This is a perfect example of a shift-work device that is meant to be dedicated for a fixed period but shared among users.

When configured in Microsoft shared device mode, a user signs in and gets access to company applications plus their personal task list, email inbox, and Microsoft Teams communications. When a user signs out, their settings are removed and won't be accessible to the next user. To focus the user experience, Intune offers IT professionals the option to configure Managed Home Screen, a launcher that can limit access to only a defined set of applications and settings while also streamlining sign in and sign out.

Devices dedicated to a user on the job

There are use cases for which a device is assigned to a specific user and is not shared at all. An IT team tasked with setting up a fleet of such devices can now be more efficient with device staging in Microsoft Intune. Staging allows for device software updates, security patches, applications, and settings to be configured and preloaded before being distributed to an end user. This helps optimize the experience for workers such as paramedics, who have minimal time in the office. With device staging they are productive more quickly upon sign in.

Enhancing the frontline flow

Update management is critical to maintaining device health, security, and productivity. On Windows and iOS devices, Intune can manage operating system update settings to define which updates are applied and when. Android device updates are generally managed by manufacturers, and those devices can be required to meet minimum or maximum software versions before accessing company resources. Intune offers some update capabilities with Zebra and Samsung devices, but with Conditional Access policies, device administrators can still enforce update rules.

When users on the frontline experience issues, productivity and profitability are at risk. Microsoft Intune Remote Help, available as a standalone add-on or as part of the Microsoft Intune Suite, can streamline user support on Windows, Android, and macOS devices. The detailed session data gives companies insights into device performance, and identity information is shown to both the helper (the user who provides remote help) and the sharer (the user who shares their session with the helpers to receive assistance), which gives users confidence that they are part of a secure process.

Beyond management

The frontline device story expands well beyond management. Microsoft Teams and the other Microsoft 365 productivity apps have a host of features designed for frontline work, including the ability to mute device notifications outside of working time. This is critical for complying with laws and regulations in certain areas. Windows 365 Cloud PCs and the new Windows 365 Link device create new ways to provide access to powerful computing resources on-demand for flexible productivity. Existing Windows hardware can even be converted to cloud-optimized settings, removing all but essential applications and setting security baselines recommended by Microsoft. Explore the licenses, settings, and capabilities at our frontline hub.

Intune for your frontline

We want to hear from you, especially since we're going to be talking a lot more about Intune for frontline workers. How do you define your frontline? What capabilities do you want to see in the future?

Microsoft will be at the National Retail Federation's 2025 Expo in New York City. Look for us at the Javits Center at booth 4503 in the expo hall, and stop by to ask about how to empower your frontline workers.

Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.