All the devices and applications that we use need both security and feature updates now and again to ensure that we always get the best possible performance. Whether these are personal or work devices, without regular improvements, the performances will eventually not be good enough to meet our requirements.
One of the platforms that helps to optimize the user experience is Managed Home Screen. Using this feature can deliver a better experience. Within the Intune environment, all users with enrolled devices as Android Enterprise dedicated devices can benefit.
In this article, we’ll be taking a look at what Managed Home Screen is and how it can improve workflows.
What is Managed Home Screen?
With Managed Home Screen, users get an Android application that is compatible on devices enrolled into Intune as Android Enterprise dedicated devices. The application means to cover corporate-owned devices that are running in multi-app kiosk mode.
On these devices, Managed Home Screen acts as the launcher for other approved apps to run on top of it. The benefit to IT admins is greater control over the customization of devices, as well as being able to restrict the capabilities that the end user can access. The availability of these features means that your business can:
- Easily maintain control over how these devices work. The customization and control you have over the Android devices allows you to determine specifically what users can access.
- Enhance the user experience by establishing a consistent and simplified experience across device types and OEMs that makes it significantly easier to perform all tasks to a high standard.
- Gain access to all the relevant troubleshooting workflows that one would need to fix issues on-device. Or provide Microsoft support with the necessary tools to troubleshoot issues on-device.
- Utilize an improved sign-in and sign-out experience with a device configured with Shared device mode.
Customization benefits
Additionally, the availability of customization will allow you to completely modify the overall appearance and feel of your home screen.
You can do things such as:
- Set a custom wallpaper that can truly bring your branding to the fore. Or, you could use the custom wallpaper as a visual indicator to distinguish various devices.
- You can relocate applications to the home screen so you have your important and most frequently used apps in a place that facilitates easy access. Not only that, but this can help you design a setup that is consistent across devices for your users.
- Those who may have plenty of apps on the home screen can easily simplify things by categorizing apps into specific folders.
- Because devices can have varying screen sizes, you’ll also get the option to modify the size of apps and folders appearing on the home screen.
- To get even quicker access to vital app data, you can add custom widgets to the home screen.
- When a device is inactive, you can set a screen saver to hide the home screen.
Dedicated devices
We just mentioned that Managed Home Screen is usable on devices enrolled into Intune as Android Enterprise dedicated devices. But, what exactly are ‘dedicated devices’? This term simply refers to corporate-owned devices not associated with a particular user. Additionally, these devices will normally be in use for performing specific tasks.
So, if you want to enroll Android devices with no user-affinity then this option will suit you. However, it’s also important to note that Intune’s Android Enterprise dedicated device solution will require that the devices run Android OS 8+ and be able to connect to Google Mobile Services (GMS).
Setting up Managed Home Screen
Setting up your device with Managed Home Screen is a process that will take several steps. But, once you have a device that meets the requirements, you can begin.
Setting up an Intune enrollment profile and device group
Start by creating an enrollment profile to generate an enrollment token first, and attach it to a device group. In the Endpoint Manager admin center, navigate over to Devices > Android > Android enrollment > Corporate-owned dedicated devices. You’ll need to fill in the Name but filling in the Description is optional. After this, select Type. Be sure to select Corporate owned dedicated device with Azure AD shared mode if you expect that your devices may require users to access M365 applications, other App Protection Policies, or Conditional Access policies. When everything’s done, click Create.
CREATING A DEVICE GROUP
Head over to Groups > All groups > New group. You’ll need to fill in the Group Name but filling in the Group Description is optional. Make sure that the Group type is set to “security”. Then, proceed to change Membership type to Dynamic device, after which you need to Add a dynamic query. By using dynamic queries, you can have your device automatically added to a group based on the property of your choice.
Approve and assign Managed Home Screen and MORE Managed Google Play apps
This next step will ensure that the Managed Home Screen successful downloads and installs on your enrolled devices. It should also automatically launch. You’ll find Managed Home Screen already synced in the console when you venture over to navigate Apps > All apps as soon as you have linked your Intune and Managed Google Play accounts. After that, you can:
- Click Managed Home Screen.
- Select Properties > Assignments (edit).
- Add your device group from Step 2 officially to the Required assignments.
- Save.
If you want to add public, private, or web applications, go ahead and stay in Apps > All apps and choose “add.” Navigate to Select app type and choose Managed Google Play app.
Manage Android Enterprise system apps
One thing that you will notice is that system applications will often disable by default upon enrollment. To enable these applications and show the icon on the device, you start by heading back to Apps > All apps in Intune and selecting Add in the top left corner. After choosing Select, proceed to fill out the App information, and assign it as “Required” or “Uninstall” to the group that you created in Step 2. At this point, you can select “Required” if you want the application to be available on the device or “Uninstall” if you prefer that it remain hidden on the device.
Creating a device configuration profile
Having this profile is crucial because it enables you to not only configure device-level behavior but to configure kiosk mode as well. To begin the process, navigate to Devices > Configuration profiles > Create profile. Next, go to Platform, and select “Android Enterprise.” With that done, head to Profile and select “Device restrictions” beneath “Fully Managed, Dedicated, and Corporate-Owned Work Profile.”
After this, select Create, and then you need to fill in the Name of your profile but filling in the Description is optional. Once everything is ready you can select Next.
Creating an app configuration profile
Be mindful that this step is completely optional. Once you have completed the steps already given above, you will be ready to enroll your devices. So, this step is ideal for those who want to learn how to utilize all the available Managed Home Screen features. Additionally, this step will help you to configure the complete list of features that Managed Home Screen has to offer.
In the Endpoint Management admin center, head over to Apps > App configuration policies > Add > Managed devices. Then, you need to fill in the Name and as with other sections, the Description is optional. Select Android Enterprise for platform, Fully Managed, Dedicated, and Corporate-Owned Work Profile Only for profile type, and Managed Home Screen for targeted app. As soon as you are ready to continue, select Next.
A. Using configuration designer to setup Managed Home Screen features
Choose Use configuration designer from the Configuration settings format drop-down menu. Select Add to open a panel with all the available Managed Home Screen configuration keys. Choose the configuration keys that you want to edit and then click OK. All the configuration keys have default values and if you want to modify a configuration value, hover over and then interact with each row under the “Configuration value” column. Click Next as soon as all the necessary changes have been made.
Navigate to the Assignments page under Included groups, choose Select groups to include, next and pick the device group you created in the second step. You can review by clicking Next, and once set, click Create.
B. Using JSON data to setup Managed Home Screen features
You can complete the configuration of the home screen by using JSON to create your folders, add widgets, and order items. If you need to edit your existing app configuration profile, you can do so by clicking on the policy you just created in Apps > App configuration policies. After that, select Properties > Settings (Edit). Choose Enter JSON data from the Configuration settings format drop-down menu. You should be able to see all your existing configurations in JSON format.
B.1. Add a managed folder to your home screen
You can organize your home screen better by creating a folder that you get to manage. This is something that you can only do using JSON data format in an app configuration policy. You’ll need to add the JSON snippet below in where feature configurations go:
- Replace “PLACEHOLDER_FOLDER-NAME” with a name of your choice.
- Replace “PLACEHOLDER_APP-PACKAGE-NAME” with the package name of the app that you want to put inside your folder. You have the option to add as many apps as you want.
- B.2. Configure custom ordering of items on the home screen
A few things will happen if you want to create a custom ordering of items on the home screen. These include:
- Apps, widgets, and folders should already be added to your home screen allow-list.
- The home screen should be locked because this ensures that a user cannot make changes by moving things around themselves.
- A grid size for all your home screen pages should be set.
- App ordering mode should be enabled.
At this point, you can set the position of an item to an assigned grid position. Note that the positions will read from smallest to largest from left to right and then top-to-bottom.
DEVICE ENROLLMENT
As already alluded to earlier, devices should be running Android OS 8+ and run with Google Mobile Services (GMS). As soon as a device is ready, you can enroll from a factory-reset state using:
- Near Field Communication
- Token entry
- QR code scanning
- Google’s Zero Touch Enrollment
- Samsung’s Knox Mobile Enrollment
User credentials are not necessary during enrollment or provisioning because these dedicated devices are not user-associated. Select the type of enrollment that you want and follow the instructions given in this section.
COMPLETION OF SETUP
After the setup process finalizes, you’ll find yourself on the device’s home screen. Then, the device will proceed to sync policies with Intune after which apps will begin to download and install on the device. And after Managed Home Screen has been installed, it will auto-launch and show you all your configurations.
Improvements to Managed Home Screen
Pursuant to the feedback that Microsoft received from its clients, some eye-catching new design changes have been made to the app to optimize usability. However, these new features are only available on the updated experience.
Although, you can look forward to an improved user experience, Microsoft has not made any intentional changes to feature support and you can expect only minor changes in current functionality such as:
- You’ll no longer see the company logo on the Session PIN screen, but you will still have it on the home screen.
- Swiping down will no longer give you access to the Managed Home Screen settings.
Addition of the top bar
A top bar is now available to the Managed Home Screen page with the intention of simplifying access as well as to enable quick access to device-identifying information. This top bar can configure as necessary and thus allows for the display of two descriptive elements.
IT administrators can decide between serial number, device name, and tenant name for the top and bottom element in situations where the device is not configured with sign-in. On the other hand, if the device is configured with sign-in, the top element will display the signed in user’s name.
Easily discoverable settings and sign out button
Another benefit of the top bar is that it enables quick navigation to settings as well as the sign-out button. However, for the latter, this is only possible when sign-in is configured. If you go to the upper right-hand corner of the top bar, you’ll now find a settings wheel icon.
When a user taps this icon, they’ll see which settings the IT administrator has selected to reveal to them within MHS settings. One thing to note with the updated experience is that swiping down on the device will no longer give you access to settings.
You can now find the Settings icon located on the top bar by default. IT admins get to decide which settings a user can configure or disable it altogether by enabling or disabling the configuration key “Show managed settings”. There are a couple of situations in which the Settings icon will still display, and these are:
- When a user is signed in, the Settings icon is available to view the user’s profile information.
- When device permissions are required but no user is signed in, the Settings icon will be available for the user to grant permissions. Moreover, you won’t see any additional settings unless configured.
Updated permissions flow
Updating the permissions granting flow has been necessitated by the desire to ensure that device users do not miss essential permissions. Upon launching MHS initially, a dialogue will appear requesting users to grant any required permissions. Users can get to the settings screen where the required settings will be clearly laid out by tapping either the message or the settings wheel.
By tapping on the message, users will be redirected to the correct page in the Android settings page to grant the permission that is needed for the functionality of all configurations that are set by the IT administrator for Managed Home Screen.
In the event a user rejects the permission, a message will then be displayed on the screen and a red dot will appear on the settings app icon. Ultimately, this update to the permissions flow has been designed to prevent permissions from being missed and to optimize the functions of Managed Home Screen.
Enhanced troubleshooting features
Managed Home Screen is helping to simplify the process of troubleshooting device issues. The new features that have been introduced will give users access to a debug menu, which includes the pages for Get Help, Exit Kiosk Mode, and About.
Users can now go to the Get Help page and easily upload logs. In addition, users can also view Management Resources, allowing them to launch adjacent management apps whenever necessary.
And if you want important information on Managed Home Screen, including the privacy statements, accessibility statements, and third-party configurable compliance links, if enabled, you’ll easily find it on the About page.
The updated debug menu can only appear within settings after an IT admin has configured easy access to the debug menu. Without this action, users will need to tap the back button 15 times to unhide the debug menu.
Start using the updated experience
To begin using the updated experience, you need to follow the steps given below:
- Start by verifying that the target devices are running version 2.2.0.91169 or higher of Managed Home Screen.
- Within the Intune admin center, head over to Apps > App configuration policies > Add > Managed devices. (And if you already have an app configuration policy in place for the target devices, you can skip the next step)
- Filling in the Name will be required, but the Description is optional. Select Android Enterprise for platform, Fully Managed, Dedicated, and Corporate-Owned Work Profile Only for profile type, and Managed Home Screen for targeted app. When everything’s done, click Next.
- To configure your settings, you can use either configuration designer or JSON data. Navigate to the Configuration settings format drop-down menu, and select Use configuration designer . Choose Add and this will open the panel with the available Managed Home Screen configuration keys.
- Next, you need to choose the configuration key Enable updated user experience and switch it to True. For those using JSON data, they need to add the key and value below:
“key”: “enable_updated_user_experience”,
“valueBool”: true
- Lastly, head over to the Assignments page and look under Included groups. Then, you need to choose Select groups to include and select the device group that you want to include in the public preview. You can review by clicking Next, and once all is set, click Create.
Another important thing to note is that this updated experience only works on the newest version of the Managed Home Screen application. So, you need to turn on the updated app experience and then verify that your devices are running the latest version of Managed Home Screen. If everything is in order, you should expect to see the updated workflows on the device.
Wrap up
Technology has been improving at a lightning speed and an ever-increasing pace for a long time now. The devices available to us, the operating systems, as well as the countless applications, have all gotten significantly better. So, it’s not surprising that businesses want platforms that can empower their workers to operate more efficiently and thus be more productive.
With Managed Home Screen, Microsoft offers its clients a tool that will do that and more. Businesses can get a tool with a lot of great features that will help users to get more from the available technology while eliminating time-consuming distractions.
And as updates like the ones we discussed today continue to be developed, MHS users can look forward to even more improvements that will optimize workflows and enhance their interaction with Intune.
Pingback: Managed Home Screen: A Configuration Guide - Thomas MarcussenThomas Marcussen