Secure Access to Microsoft 365 Apps on Android Shared Devices

Are you an IT admin managing devices for shift workers? If so, you would be aware of the terms Shared Device Mode and Conditional Access. But if these terms are new to you—let’s break them down.

What is Shared Device Mode?

Shared Device Mode is a feature that allows multiple users to use the same device securely with allowed applications. 

Imagine you’re in a logistics firm, a busy office, a school, or even a store, where multiple users need to use the same Android device in different work shifts. Instead of assigning a dedicated device to each employee, one device is shared among many.

But how do you ensure consistent user logins with custom setups while keeping devices secure? That’s where Shared Device Mode comes into play. 

Now that we have covered shared device mode, let us learn about Conditional Access.

What is Conditional Access? 

Conditional Access is a security framework that determines whether to grant or deny user access to applications based on specific conditions.

Think of Conditional Access like a smart security guard for your apps and data. It decides who gets in, when, and how — based on certain conditions.

First, we explored Shared Device Mode, then Conditional Access. What’s next? Something that combines both. 

SureMDM is excited to announce Android Shared Device Mode with Conditional Access for Microsoft 365 Apps.

How Does Android Shared Device Mode with Conditional Access Work with SureMDM?

Shift workers who use Android shared devices can now easily access Microsoft 365 apps with SureMDM, in just a few steps:

1. Admins need to first create tenant credentials in the Microsoft Azure Portal.
2. On the SureMDM Console, navigate to Entra integration and enable Microsoft Entra ID.
3. Navigate to Application Policy Profile, configure Shared Device Mode for the Microsoft Authenticator application, and deploy it onto devices.
4. Navigate to SureLock Settings and configure Share Device Mode settings.
5. Configure the compliance policy Job.
6. Deploy the Job on the selected devices. 

Learn more about how to configure Android Shared Device Mode with SureMDM

Benefits of Android Shared Device Mode with Conditional Access 

1. Enhanced Security — Without Sacrificing Usability

Each user logs into Microsoft 365 apps (like Outlook, Teams, or OneDrive) securely, and Conditional Access ensures that only authorized users can access the apps — based on device compliance status. Once the user signs out, the session is completely wiped, keeping sensitive data safe for the next user.

2. Personalized Access on Android Shared Devices

Even though the device is shared, each user gets a personalized, secure session with access only to their Microsoft 365 account and apps — just as if they were using their own phone or tablet.

3. Seamless Sign-In/Sign-Out Experience

Logging in and out is quick and user-friendly. When a user signs out, the device returns to a neutral state, ready for the next person — no lingering data, no privacy risks.

4. Perfect for Frontline and Shift-Based Work

Whether it's retail staff, healthcare workers, or students, Android shared devices provide secure access to Microsoft 365 apps—no need for a separate device per user.

5. Optimized Device Management with SureMDM                                                        

SureMDM gives IT admins complete control over Android shared devices, from app management to policy enforcement and usage tracking. It also supports Conditional Access in the background for enhanced security.

Final Thoughts

Combining Android Shared Device Mode with Conditional Access to Microsoft 365 Apps is a game-changer for organizations using shared Android devices. With SureMDM, businesses can ensure secure, personalized, and compliant access to Microsoft 365 — all while simplifying IT management. Whether you're managing a retail floor, a healthcare team, or a classroom, this solution offers the perfect balance of flexibility, security, and ease of use.