15 years ago, when I was working for the NZ Lotteries Commission, we deployed BlackBerry devices with a forms application on them to gather real-time data from the retail network. The project was a huge success, and it was my first insight into how mobile devices at the frontline can significantly improve efficiency and instrument change. For me, it was the project that pivoted my career and got me hooked on mobile but for the next 10 years. Companies deployed email rather than line of business apps, which was, quite frankly, rather boring! Don’t get me wrong – access to email at any time, from any place, is hugely beneficial to employees and business but what I really love to see is businesses embracing mobility beyond email. That’s where real transformation starts to happen. 

I can happily say that over the past three years I have seen a change.  Many companies are now looking at more tactical uses for mobile devices to streamline their processes, improve the supply chain experience, improve customer experience and generally work smarter. This year is without a doubt, the busiest year we’ve had deploying kiosk builds for our customers. 


What is a Kiosk Build?  

A kiosk build is a configuration pushed to a device using Mobile Device Management (MDM) that locks down the user experience and user interface so that device can only be used for a limited purpose – such as deploying an app. In Intune, for iOS devices this is referred to as Single App Mode, with Android Enterprise it’s called Managed Home Screen but more commonly we call it a locked down or kiosk build. 

Use Cases for Kiosk Builds in Tablets and Smartphones 

For the most part, these devices are not allocated to a specific user. They are devices that might exist in a factory, warehouse, clinic, or vehicle that are used shift-by-shift or by activity. Employees use the device and then put it back into the pool at the end of their use.  

These devices do not have access to email or other user specific apps. They are usually used for a single purpose – normally with a specific app always active. 

Here’s some examples of kiosk deployments we have worked on with our customers this year: 

  • Deployment of a web application called Factory Track for two different manufacturing customers, both using CipherLab devices – one with Microsoft Intune and the other with VMware Workspace ONE UEM.  

  • Deployment of an application called Itopia for two health care customers, both using Zebra Devices with Microsoft Intune.  

  • Deployment of an application called eDockets to two Forestry customers, one using Samsung tablets with VMware Workspace ONE UEM and one using iPad minis with Microsoft Intune.  

  • Deployment of an SAP application called Neptune to Chainway devices with VMware Workspace ONE UEM for staff timekeeping. Chainway devices are especially interesting for NZ customers as they offer a lower cost ruggedised device which makes tactical deployment more affordable.  

  • Deployment of another SAP application to Zebra devices with VMware Workspace ONE UEM for a large retail customer who are using apps to streamline their customer order process which has been especially useful with ‘click & collect’ during COVID. 

  • Deployment of a web application for two bus companies on Samsung tablets, one using VMware Workspace ONE UEM with Tunnel and one using Ivanti (MobileIron) with Tunnel. Tunnel is required when the app needs to connect to a data source that is not accessible from the internet. 


Lessons Learned from Kiosk Mode Devices 

With each deployment we continually grow our knowledge around how to best deploy kiosk device builds. Some of our learnings are shared below: 

Zebra devices need Service Contracts 

For Zebra devices to be managed using Microsoft Intune they must be running an up-to-date operating system version.  

To update Zebra devices and keep them up to date, a Zebra Service Contract is required for each device that is enrolled. Mobile Mentor has recently signed up as a Zebra partner to help service and support our customers Zebra devices. 

Microsoft Intune enrolled devices need device-based licenses 

With Microsoft Intune, when a user logs into a device with their Azure Active Directory Identity this is referred to as ‘user affinity’. When a kiosk device is used, it is not associated to a user and therefore has no ‘user affinity’. Devices in Intune without user affinity must have an Intune device license rather than a user license. Mobile Mentor typically procures these licenses as part of the project and ensures there are enough licenses allocated to devices. 

Testing is important 

We had one customer whose employees decided that it would be a great challenge to try and get the devices out of kiosk mode. Testing of the kiosk build is very important, not just to ensure that the device is secure and remains locked down but also to ensure the intended workflow is functional.  

  • If devices need to connect to a public Wi-Fi network, you may need a browser page to be allowed. 

  • If the devices are assigned to drivers, it may also be useful to provision a mapping/routing/direction app, but you will need one that doesn’t require a user account.  

  • You may need to download your app from somewhere other than the public apps store and thus need to facilitate secure access to cloud based storage.  

Use a VPN designed for Mobile Devices 

VMware, Microsoft, and other MDM vendors have all built mobile-specific VPN Tunnel servers. While there are a lot of other VPN products available on the market, we recommend that only these solutions are used. They are custom built to for devices that are on the move. They each have specific VPN requirements that stationary desktop devices do not have, including the ability to buffer traffic and deal with latency issues.  

Ready to invest? 

Deciding to deploy mobile devices for tactical use is a big investment. It will take time to execute and you will need the involvement of the right stakeholders. Additionally, you’ll need the right technology partners, involved from the very start, for it to be a success. 

  • You will likely be building or purchasing an app, as well as needing to procure new devices specifically chosen for the purpose.  

  • You will need to consider the lifecycle management of both the devices and the app and think about ongoing support and maintenance.  

  • You will need to train your staff and ensure they are onboard with the project. Their feedback throughout the whole process will be important for adoption. 

While it’s not a small undertaking I do believe that it’s a decision and an investment our customers are pleased they have made.  

If you would like to learn more about Kiosk Build deployments and how businesses have been transformed using mobile technology, I am happy to put you in touch with our existing clients to discover more about their journey. 


Contact us to learn more!