097: Userless Enrollment

Overview

Benefits

Simplified Management: Userless enrollment allows IT administrators to manage devices without associating them with specific users. This is ideal for shared devices used in environments like kiosks or frontline work

Consistency: Devices can be configured with a standard set of apps and policies, ensuring a consistent experience across all devices

Security: Devices are enrolled with security policies that protect corporate data, even when multiple users access the same device

Efficiency: Streamlines the deployment process, as devices can be quickly set up and deployed without needing individual user accounts

Drawbacks

Limited Personalization: Since devices are not tied to individual users, personalization options are limited. This can impact user experience for tasks requiring personal settings

App Compatibility: Some apps that require user-specific data, like email clients, may not function optimally on userless devices

Complex Setup: Initial setup and configuration can be complex, requiring careful planning and execution

Impact on End Users

Shared Use: Devices are typically shared among multiple users, which can be beneficial in environments like retail or healthcare where devices are used for specific tasks

Access Control: Users might need to sign in and out of apps frequently, which can be less convenient compared to having a dedicated device

Training: Users may require training to understand how to use shared devices effectively and securely

Relation to Zero Trust

Device Compliance: Userless enrollment supports the Zero Trust principle by ensuring that every device accessing corporate resources is compliant with security policies

Least Privilege: Devices are configured to provide only the necessary access and functionality, aligning with the Zero Trust principle of least privilege

Continuous Monitoring: Intune continuously monitors enrolled devices for compliance, ensuring they remain secure and meet organizational policies

Reference

End-to-end guide for configuring Android enterprise devices in Microsoft Intune https://learn.microsoft.com/en-us/troubleshoot/mem/intune/device-enrollment/configure-android-enterprise-devices-intune
Set up Intune enrollment for Android (AOSP) corporate-owned userless devices https://learn.microsoft.com/en-us/mem/intune/enrollment/android-aosp-corporate-owned-userless-enroll

Overview​

Benefits​

Drawbacks​

Impact on End Users​

Relation to Zero Trust​

Reference​