Managing essential goods delivery during COVID-19 with Hexnode MDM

Noel Rivera

Apr 18, 2020

13 min read

The COVID-19 pandemic has shoved a huge wrench in the operations of organizations across industries. As many as 2 million people are already affected by this global disaster and many countries are in full lockdown mode. Let us take the example of the city of New York, with the five boroughs combined there are roughly 8 million people who are asked to stay home during the city’s lockdown. There are no dine-in restaurants or food outlets because they were ordered shut due to the ongoing lockdown. The only way these 8 million people could avail of any essential goods, safely, is through takeout or delivery.

In the midst of catastrophe, delivery agents have truly become the unsung heroes among the many frontline workers fighting this virus for us. Now let’s go back to New York. Imagine delivering food and other essentials to 8 million people. Okay, that is a bit much. Imagine delivering essentials to only Staten Island, the least populous borough in NYC. That’s still around 460,000 people. That’s a lot of delivery agents and with each of these agents would be a mobile device that they would use to fulfill the delivery of essential goods.

Provisioning delivery agents with business-ready devices, monitoring and securing these many devices at once is no simple task.

From small-time food joints to global fast-food chains, timely and successful deliveries require these field devices and the delivery apps on them to function seamlessly. Provisioning delivery agents with business-ready devices, monitoring and securing these many devices at once is no simple task. A single console to manage these devices is the only way to go. A Mobile Device Management solution like Hexnode can do all of it and then some more.

Delivery agent with essential goods.

Provisioning devices for delivery agents

Are you planning to deploy devices to the delivery agents? If yes, then how many delivery agents are there? The method used for enrolling the devices depends on the above-mentioned criteria.

Volumed device onboarding

Ever since this pandemic hit, we all know there has been a surge in the demand for essential goods delivery. If you are planning to ride the surge wave and have hired a lot of new delivery agents, it is imperative that you provide these agents with work-ready devices out-of-the-box. This can be made possible through bulk enrollment methods present for both Android and iOS devices.

For Android devices, you can use Zero-Touch Enrollment method. Zero-touch enrollment helps your IT department to deploy in bulk company-owned devices without needing to set up each device manually. Delivery agents can just open the box and start using the device with all sets of controls, applications, and configurations. This method is applicable to all Android devices except Samsung devices. Samsung devices can only be enrolled using Knox Mobile Enrollment (KME). Hexnode MDM supports both these types of enrollments so you are good to go.

For Apple devices, Apple Business Manager is a web-based platform that would help your IT administrators to manage and deploy iPhone, iPad and other Apple devices from a single location. Hexnode MDM does use this platform so, you can deploy devices, customize app settings and purchase and distribute content through Hexnode MDM’s console. And Apple Business Manager integrates with Microsoft Azure Active Directory (AD) using federated authentication, so you can easily build employee accounts with Managed Apple IDs.

Singular provisioning.

Now, if you aren’t planning to employ a lot of delivery agents and hence not deploy devices in bulk, there are several other enrollment methods present for both Android and iOS device platforms.

For Android devices, you can send an Email from the Hexnode MDM portal to the device used by the Agents containing the link for enrollment where, through open enrollment, they just need to enter the portal name. Android devices also support QR code enrollment. For this to work out, the agents should download the Hexnode app from the Play Store and just scan a QR code which is made available to the IT admin via the Hexnode MDM portal.

For Apple devices however, self-enrollment can only be done through email and SMS. QR code enrollment is not available for these devices. The IT admin however can use the Apple configurator to manually enroll each device one by one.

As we mentioned earlier, the enrollment method you chose depends upon the number of Delivery Agents at your disposal and their devices.


Check out an MDM solution that would meet your delivery needs


Monitoring and managing field devices

Let us bring up the example of New York city but this time let’s look at the smallest borough, geographically. Manhattan, with a total area of 23 square miles, is the smallest borough in NYC. But what it lacks for in the area, Manhattan makes up in population with over 1.6 million residents. Now imagine you are operating out of the Manhattan area. Your delivery agents, even though they would be working in a comparatively smaller radius, have to deliver essential goods all throughout the borough. It would be close to impossible to keep track of each of these agents on the field.

The only logical way to keep track of them is through remote means.

A mobile device management solution like Hexnode MDM can help you manage and monitor all of your delivery agents on the field with its device management capabilities.

Distributing wayfinding and delivery apps

Apps that are critical to the Delivery Agents like an inventory app to keep track of the essential goods inventory or a GPS app can be pushed to the device with Hexnode MDM.

For Android devices, admin can install a Google Play app or custom in-house enterprise apps to multiple devices remotely. To install it quickly at a later stage, you can either add apps to the console or install apps directly from the Play Store.

For Apple devices, Apple Business Manager can be utilized to push critical apps to iOS devices. Furthermore, to deploy in-house custom enterprise apps, the admin can use Hexnode’s iOS app distribution feature.

Applications can also be silently installed in android devices with no user intervention. This approach can be used as the admin wants to install such applications that are mandatory for the delivery agents and do not need the agent’s permission to install in the device. In an Apple device, silent app installation is only possible on supervised devices. But if you have already enrolled your device with Apple Business Manager then the device would be categorized as supervised only.

Some mandatory apps like, apps that track the attendance of the delivery agents may be silently installed in the device because it does not require consent from the agent. By pushing out mandatory apps that help the Agent to deliver essential goods, simplifies the process for both the agents and the admin.

Device Grouping: Deploying devices across zones within the area served

Let’s say you divide your total number of delivery agents on the basis of areas that they deliver to. You can classify these agents on the basis of the areas they deliver and group them with the device group feature of Hexnode MDM.

Device Grouping has a plethora of practical applications in the scenario. With the help of Hexnode Messenger, an inbuilt messenger that comes with Hexnode MDM, the admin can broadcast critical information and notification to desired groups. For example, if there is any road blockage or accident in a particular area, the admin can relay this information to the particular group of agents working in that area through a group broadcast. The admin can also distribute critical apps remotely or even distribute documents such toll passes or entry permissions if necessary, to specific groups.

Passing on such critical and relevant information, content and apps to agents can improve their efficiency regarding essential goods delivery.

BYOD –a smart way to meet increased agent turnouts

Adopting a BYOD policy is totally your call. It certainly does have its merits. For one, the agents would be much happier using their own devices for work. And since you don’t have to purchase any new devices it would be lighter on your pocket too. And if you hire more agents than you planned to hire, this is certainly one way to deal with that situation. But on the flip side even though a work profile does give the admin a certain degree of control over the device, it would never match up to the level of control provided by a fully managed device.

Now, coming to managing these devices, for Android Devices, first and foremost it’s mandatory that your organization is enrolled in the Android Enterprise program. The devices that are meant for BYOD management can be enrolled as a profile owner. This creates a separate work profile in the agent’s device. In this profile, all the apps required for work by the delivery agent would be present with a “Work Badge”. Apps that are used both personal and work profiles run as double, unmanaged in the personal profile and managed in the work profile.

android for work

For iOS devices similar to the work profile, there is something called the business container. Business container controls the flow of personal and works data between iOS apps. It is a smart approach to managing corporate apps and data, forming an unobtrusive partition between corporate and personal content on the agent’s device.

It also addresses security concerns and ensures that privacy is protected. Business Container helps IT admin to control the flow of data between managed and unmanaged apps and accounts. It also ensures compliance by setting appropriate restrictions to prevent access to documents from managed sources in unmanaged destinations.

You can create a business container in through Hexnode MDM by creating a relevant policy in the MDM portal and associating it with the target devices.

Delegating Management to Individual franchise units

So, you are functioning out of Manhattan but you have franchise offices in all the other boroughs. What do you do in this situation? Each of these franchises has a set number of delivery agents who deliver essential goods throughout NYC. Managing all these agents from your central location is possible but it’s better not to be such a work hog, that too in these trying times. So, the logical option here is to delegate.

Hexnode MDM provides you with the capability to configure multiple technicians with varying degrees of power. These roles include; Super Admin, the top tier technician with the most access. If you are the user who signed up for the portal, you will be made the super admin. The second is The Admin; they have access to the whole portal and can add technicians too. Next is the Apps and Reports Manager; they have access to only the apps and report tabs of the portal and no other privileges. The last tier is the reports manager, they just access to the reports tab.

Ensuring proper essential goods delivery with tracking.

Imagine a customer rings you up and says the essential goods he ordered hasn’t reached him yet. You look up the order and find the agent it was assigned to. You call him and he doesn’t pick up his phone. At this point, you have no information to give to your customer regarding where his order is. This sheds a bad light on both your organization and the agent himself. With Hexnode MDM’s live location tracking features this situation might never occur.

The location tracking feature in Hexnode enables you to fetch the real-time device location information as well as the complete history of locations traversed by the device previously.

Maintaining the Radius of delivery

Geofencing is quite a useful feature that comes with Hexnode MDM, which might be particularly useful in this scenario. Going back to the NYC example, let’s imagine that a group of agents deliver essential goods to one particular borough only. So, the radius of delivery is within that borough. With Hexnode MDM’s Geofencing feature you can set this as a virtual fence. If an agent crosses this boundary with his enrolled device in hand, the device would go out of compliance. This could trigger an alert at your end and you could rectify the issue then and there.

This ensures that the agents don’t have to go beyond their delivery radius to deliver essential goods. Thereby ensuring efficient delivery within the delivery radius.

Secure on-field devices.

Malicious cyber-attacks are on the rise ever since the COVID-19 pandemic has spread. Since the devices used by delivery agents to deliver essential goods is connected to the internet all the time, these devices are also prone to such attacks. Hexnode MDM’s powerful threat management suite can help curb almost of such attacks with preventive measures.

Initiating Kiosk mode for maximum protection

If you feel like the devices in your organization might get attacked by any malicious cyber entity, then it is better to initiate kiosk mode through Hexnode MDM and lockdown the devices.

Kiosk Mode locks down the device to a state where only mandatory apps will be available to the delivery agents. You can essentially blacklist/ whitelist apps or websites that can be opened in this mode to improve security.

For Android devices, there are two modes of Kiosk lockdown Single App mode and Multiple App mode. In a single app kiosk mode, as the name suggests only a single app would be allowed to function. This would not be viable in this scenario. The Multiple App kiosk modes allow the admin to push multiple apps to the locked device. This the best mode which can be utilized by the delivery agents.

For iOS devices the situation is similar. There is a single app mode, single app autonomous mode and multiple app mode, but here again, the way to go would be multiple app mode.

Enforce strict security protocols.

With Hexnode MDM’s powerful mobile security management suite, you can set and enforce strict protocols to protect the devices carried by agents during the delivery of their essential goods.

Device passwords are the first line of protection against unauthorized access. Easily configure password policies in compliance with organizational requirements. This would ensure that even when the agent isn’t using the device no one else can use it without his consent.

The admin can restrict the contents that can be accessed with Web Content Filtering on browsers. All sorts of explicit content can be blocked on the devices issued to the agents. Visiting website which put out explicit content makes the device vulnerable to cyber-attacks. Keep your device and its data secure from malware, spyware and more by blacklisting restricted URLs.

If your delivery agent accidentally loses the device issued to them, the admin can wipe the device remotely to delete its contents or immediately lock your devices to prevent unauthorized users from accessing your device.

Noel Rivera

Existential and Curious.

Share your thoughts