Overview of shared device solutions for iOS/iPadOS
Shared devices are organization-owned multi-user devices. These devices can be special-purpose or multi-purpose as needed in each environment. Shared devices enable front-line workers in healthcare, hospitality, retail, manufacturing, and other industries to access critical applications and tools essential to their role in the organization. In education, shared devices are used as learning aids or test-taking devices in classrooms.
Microsoft Intune supports two types of shared device solutions for iOS and iPadOS:
Compare solutions
The following table captures the key differences between the two available shared devices solutions on iOS/iPadOS. Review this to select the most appropriate iOS/iPadOS shared device strategy for your organization.
Consideration | Shared iPad | Shared Device Mode |
---|---|---|
Supported device types | iPad | iPhone, iPod touch, iPad |
Minimum device requirements | iPadOS 13.4 or later with at least 32 GB of storage. | iOS 13 or later, iPadOS 13 or later |
Microsoft Entra federation with Apple Business or School Manager | Required. This enables users to sign in using their Microsoft Entra username and password. | Not required |
Managed Apple ID | Microsoft Entra federation automatically creates Managed Apple ID when user signs in on Shared iPad for the first time. If Microsoft Entra federation isn't set up, Managed Apple IDs can be created manually in Apple Business or School Manager and shared with users for signing in. |
Not required |
Device provisioning | Shared iPad can be enabled on iPads enrolled using Automated Device Enrollment without user affinity. | Shared Device Mode can be configured on devices enrolling using Automated Device Enrollment without user affinity. For more information, see Microsoft Entra shared device mode for iOS devices. |
Temporary session without signing in | Temporary sessions that don't require a Managed Apple ID or password are allowed by default. Temporary sessions can be allowed or blocked by Intune policy. For more information, see Shared iPad. | Not applicable |
Supported app types | Device-licensed purchased or custom apps (VPP), line-of-business apps, web apps. | Apps modified to support Shared Device Mode including MSAL integration. For more information, see Modify your iOS application to support shared device mode. |
Policy and app assignment | Device-assigned required apps and policies are supported. The same apps and policies apply to any user signing in on a Shared iPad. Some device configuration policies can be user-assigned. For more information, see Configure settings for Shared iPads. |
Device-assigned required apps and policies are supported. App Protection Policies. |
Unsupported scenarios | Conditional Access.* App Protection Policies. Intune Company Portal app. Available apps. |
Intune Company Portal app. Available apps. Apps that don’t support Shared Device Mode. User-assigned policies and apps. |
* The following Conditional Access configurations are not supported with Shared iPad:
- Granting Conditional Access conditions for a device that require an approved client app, require an app protection policy, require per-device terms of use, or require the device to be marked as compliant.
- Conditional Access conditions that use filters for devices.
Recommended iOS/iPadOS shared device strategy
Shared iPad is the recommended shared device solution for Microsoft 365 on iPadOS. If you're planning your organization’s shared device strategy, we recommended that you choose iPadOS devices that meet the minimum requirements for Shared iPad (see section above). If your organization’s shared device strategy requires cellphone capabilities or includes iOS devices, Shared Device Mode is the recommended shared device solution on iOS. Review the differences between Shared iPad and Shared Device Mode to ensure that the recommendations above will fit your organization’s needs.