Skip to main content

What are shared devices?

Shared devices are organization-owned endpoints such as smartphones, tablets, kiosks, and ruggedized handhelds used by multiple employees in rotating shifts or task-based workflows. Unlike personally assigned devices, shared devices are not tied to a single user identity. Instead, they are checked out, handed off, or assigned by role or location, with each user session governed by policy rather than permanent enrollment.

In-depth explanation

In a shared device model, the organization retains full ownership and control of the hardware while user access is governed dynamically. When a worker picks up a shared device, their identity, apps, and data context load for that session; when they hand it off, their session ends and the device returns to a clean, ready state for the next user.

This creates a distinct management challenge: IT must secure the shared device at the hardware and OS level while orchestrating per-user or per-role app delivery, identity enforcement, and data isolation without relying on a persistent individual enrollment.

Key components of a shared device model:

  • Shared device enrollment: Devices are enrolled once by IT into a managed state (e.g., Android Dedicated Device, iOS/iPadOS Shared iPad, or supervised Windows kiosk mode) and remain under corporate control regardless of which user is signed in.
  • Session-based identity: Employees authenticate at the start of each shift or task using SSO, smart card, badge, or biometric credentials. Apps and data scoped to their role are delivered automatically; nothing personal persists after sign-out.
  • Kiosk and single-app modes: Shared devices can be locked to one application or a defined set of apps, preventing unauthorized use, reducing support burden, and optimizing for task-specific workflows.
  • Automated provisioning and staging: Zero-touch enrollment ensures shared devices ship or deploy preconfigured, without IT needing to handle each unit individually.
  • Remote management and monitoring: IT can push policies, apps, and OS updates, trigger remote wipe or lock, and monitor device health and utilization across an entire shared device fleet from a single console.
  • Data sanitization between sessions: Sensitive data from one user's session is cleared before the shared device is reissued, protecting employee privacy and preventing data leakage.

Shared devices vs. other device ownership models

Understanding how shared devices compare to other ownership models helps organizations choose the right approach for each workforce segment.

 Shared devicesCorporate-owned (assigned)BYOD
Device ownerOrganizationOrganizationEmployee
Assigned toMultiple users/role poolsSingle-named employeeSingle-named employee
IT management scopeFull deviceFull deviceWork data and apps only
User identity modelSession-based, per shiftPersistent per employeePersistent per employee
Data between sessionsCleared on sign-outPersists per user profileScoped to managed apps
Best forFrontline, deskless, shift workersKnowledge workers, regulated rolesFlexible/hybrid workforce

Real-world applications across industries

Shared devices are central to operational workflows wherever workers don't sit at assigned desks and need purpose-built, durable access to information.

  • Retail: Store associates share handheld scanners and tablets for inventory management, point-of-sale lookups, and customer service; each worker clocking in gets their role-appropriate apps instantly.
  • Healthcare: Nurses and clinical staff check out shared tablets at the start of each shift to access patient records, medication administration tools, and care documentation with strict session isolation to protect patient data.
  • Frontline workers: Warehouse associates, logistics crews, and field technicians use ruggedized shared handhelds for task execution, scanning, and real-time communications across multiple shift changes.
  • Manufacturing: Shared kiosk terminals on the factory floor give line workers access to work instructions, quality checklists, and incident reporting without requiring personal device assignment.
  • Education: Shared iPad or Chromebook carts give students access to learning tools in the classroom, with each student's session scoped and cleaned between users.
  • Federal government: Agency-shared endpoints support role-based access to classified or sensitive workloads, with strict control over which user can reach which data at any given time.

Why shared devices matter

Shared devices matter because they are central to deskless and frontline work, industries that represent the majority of the global workforce. Without a purpose-built management approach, shared devices become security liabilities: stale sessions, orphaned credentials, unpatched OS versions, and uncontrolled app usage create meaningful risk at scale.

With unified endpoint management, organizations can govern shared devices with the same rigor applied to assigned endpoints while dramatically reducing per-device IT overhead.

Key business benefits include:

  • Lower total cost of ownership by maximizing shared device utilization across shifts and roles rather than issuing one device per employee.
  • Faster shift transitions through automation that gets workers productive within seconds.
  • Stronger data protection through per-session isolation, ensuring no worker's credentials, data, or app state persist for the next user.
  • Simplified fleet management with centralized provisioning, policy enforcement, and remote diagnostics, no hands-on IT required per shared device.
  • Operational continuity through automated OS and app updates deployed outside of active shift windows, minimizing downtime.
  • Compliance and auditability with session logging and device health reporting that support regulatory requirements in healthcare, retail, and government.
  • Reduced support costs through kiosk lockdown modes that prevent unauthorized configurations and limit the surface area for misuse.

Related terms and resources

  • Unified endpoint management (UEM): The platform that manages and secures shared devices alongside all other endpoint types from a single console.
  • Mobile device management (MDM): The foundational device-layer controls, such as enrollment, policy, and remote wipe, that underpin shared device management.
  • Corporate-owned devices: A related ownership model in which the organization owns and assigns devices to individual employees rather than shared pools.
  • BYOD: The contrasting model where employees use personally owned devices, requiring different enrollment modes and privacy controls.
  • Conditional access: Uses identity, device posture, and risk signals to govern what each user can reach during a shared device session.
  • Mobile threat defense (MTD): Detects and blocks mobile phishing, malware, and network threats on shared devices exposed to varied users and environments.

Frequently asked questions (FAQs)

A shared device in unified endpoint management is an organization-owned endpoint managed centrally by IT and used by multiple employees in rotating shifts or role-based workflows. Each user authenticates into a session-scoped environment; when they sign out, the device is cleared and returned to a ready state for the next user.

A shared device is used by multiple employees and is not tied to a single user identity. A personally assigned corporate-owned device is enrolled to one named individual with a persistent profile. Shared devices require session-based authentication and per-user data isolation; assigned devices carry a user's full profile and settings persistently.

Unified endpoint management enforces session-based identity so each user's apps and data are scoped to their authenticated session. When the user signs out, the session is cleared and the device returns to a baseline state. Sensitive data is not retained between sessions.

Yes. Kiosk and single-app modes are common configurations for shared devices in purpose-built workflows such as retail point-of-sale, warehouse scanning, or patient check-in. IT configures these modes through unified endpoint management policy and the device enforces them automatically.

In a BYOD model, employees use personally owned devices and the organization applies management controls limited to work data and apps, typically through a managed work profile. In a shared device model, the organization owns the hardware and maintains full device-level control, with user identity and data scoped per session rather than per enrollment.

Back to glossary

You are now being redirected to an external domain. This is a temporary redirect while we build our new infrastructure and rebrand our legacy content.

This message will disappear in 10 seconds

CONTINUE