Get best of the week

Corporate phones for each of 31 thousand employees

Each employee of Leroy Merlin has a corporate phone. There are two SIM slots: one for corporate with a package of 100 minutes and traffic for corporate applications and 3 GB for mobile Internet traffic, in the second you can stick personal. On the phones - instant messengers, social networks, personal calls and corporate EMM with two dozen corporate applications. That is, if you need to say something to an employee in the store, he will receive a message in Vatsap. The child got sick - the wife will also get through during working hours.

And I will talk about how we implemented it. Because there are several unobvious moments, like the place where all this breakthrough of phones suddenly decides to rush for the update at the same time.

My team and I conducted a study on 1000 people about whether it is possible to transfer our basic processes to mobility, then it was still not clear that we needed a terminal or a phone. And if so, what should it be. Will employees use their personal phone or should the device be provided by the company? What personal device does the employee have now? After that, we looked at world practices. As a result, the choice fell in the direction of the phone from the company, so as not to support the zoo of devices. Phone - because everyone should have the device in their hands and be available at any time, which cannot be provided with the terminal.

How to choose a phone


We talked with usablists: they said that for most enterprise applications it is better to use a screen not four inches, but a bigger one. We checked how the main scenarios would be made, and settled on the requirement of five inches diagonal minimum (in fact - 5.2).

We needed 3G and LTE for Russian standards, so that the phones work with basic communication in stores. And fast.

The camera is needed with autofocus and the ability to delve into its filling at a low level: this is necessary for barcode scanning applications. Also a set of requirements.

HR really wanted NFC. Initially, this was not a requirement, but we chose a model where this function was all the same, and now we are discussing the transfer of Sodexo plastic cards to pay for meals in the indoor dining room and in a number of catering networks directly on board the device. Well, Samsung Pay is also very interesting to many employees, as it turned out.

Be sure to have two SIM cards, because one is corporate, the other is personal.

A memory card slot so that an employee, if he does not have enough internal memory, could expand it.

A sufficient amount of RAM.

Not a brick by weight.

In the same price category as the average customer (that is, not higher).

Battery for a day and a half and to live two years. We looked closely at the amplified batteries, but did not begin to follow this path. They took an extended warranty on phones from the manufacturer, now they just completely change them in case of breakdowns.

It is clear that employees drop phones in the warehouse and while working in the store. There was a hypothesis that changing them to new ones is cheaper than giving everyone a vandal-resistant device with a half-brick size. After the break-in in the first three stores, it turned out that this is really so.

We chose this one:



More precisely, now these are two models: 2016 and 2017. On the second, the battery is already non-removable, and if the capacity is lost, the phone under the extended warranty is completely changed.

Test operation


An important requirement from a business is that everything must be bought on lease.

We install software that allows you to download the configuration (the set of necessary applications in the form of APK-files and the already configured MDM agent) from the USB flash drive, then change the setting to the MDM agent. A flash drive circuit is faster and more reliable than downloading software to each device via Wi-Fi, especially if you need to prepare 100+ devices per day.

The pilot started at three stores. About 300 devices per store, in all - a little more than 1,000 units.

MDM bought with a leasing service. It was Knox Premium.

At the start, we were ready for surprises, as we had no such experience. The MDM image was about a gigabyte. The partner delivered the phones to the store, there they stuck SIM cards and turned on the network. We did not calculate the volume and put the network on the outgoing channel.

The store buys SIM cards because the store is a separate division.

And here is the solution we found. We came to the point where the partner takes these phones, receives SIM cards from the store, inserts them into himself, prescribes the bundle - cell phone number, card number and IMEI device for MDM - pours the images into the shoelaces and then takes the phones to the store. There is already starting activation.

Right after the start, we caught a ban from VKontakte - users with phones from the same pool (with i ++ numbers) started logging in at the same time. Support could not help, and then we made our way further. There they rejoiced over the incident for a while, and then they tuned the filter specifically for us.

Created roles by position (now there are 12). They define a set of applications and policies.

We chose a curator in each store, he became the ambassador of the project in the store. He deals with issues of ordering equipment and in every way promotes the platform in the store. Teaches employees and shows them with a personal example how and what works. Usually it was the head of the trading sector.

The first three stores were poured, everything worked. The application for obtaining aggregates of data on goods helped a lot. There you can watch goods, specifications, balances and price, and in real time without delay, unlike an online store. At that time there was an old platform of an online store, and there was still not all the goods there. Plus there were things like the purchase price. Through it, you could write a sales form. This is when you sell measured goods, there is no finished price tag for each meter, the seller cuts off one and a half meters of pipe and writes out a form for these and a half meters. He remains virtually in the system - he and the buyer come up with a four-digit code (usually this is the date of birth), he says it at the checkout, they add the pipe to the check.



The ability to drive in the name of the product and obtain the exact availability in the warehouse, in the hall in the drive and on the display case very pleased almost everyone. And also social networks in the store and Vatsap, which almost everyone began to use. We included it in the base image.
The corporate social network has worked well. And the corporate website, they began to receive inquiries from personnel and much more.

It was necessary to pour on all points.

The phones were immediately prepared by the contractor with a protective glass and a cover - this is a leasing condition. Then we reviewed the model of the cover, and now it is made specifically for us, according to our requirements.

Blocked in MDM autoupdate OSes. A bundle with the phone account was made based on the login on the corporate network.

Combat operation


They began to issue phones and teach them to use in groups of 16 people.
Employee training session - the basics of basic phone setup. Entrance to the corporate social network, Vatsap, Telegram, use of the mobile version of the programs for hypermarket employees.

For implementation, a training plan for employees was drawn up, media support for the project was drawn up and implemented, meetings were organized in stores, web conferences were preliminarily held. The main difficulty was that it was necessary to give out phones while pre-conducting training for all store employees. This activity was called “implementation of the project in the store,” when it is necessary to clearly plan the training, so that it would not be to the detriment of the business, namely, to ensure the presence of employees in the training, so that someone works in the sales area. Now it is already in the process of accepting an employee: when he finishes basic training, he already has a telephone. Sometimes there are delays due to logistics, but in nine out of ten cases a person starts his first working day with a telephone. In extreme cases, the second. At the very extreme - the third.There were features with accounts in Active Directory: when an employee is added to the personnel system, he gets access sometimes the next day.

Prior to this, the office and some people in the stores had telephones, but there was no MDM for the company. The screen was small, even with mail it was not very convenient to work. There was a zoo on devices. Perhaps we will hand over to a partner to get a discount on new ones.

The pace of rollout was frantic. In less than a year, we deployed in 84 stores. And six more undiscovered.

Right in the middle of the project, the partners replaced the MDM system, and this was logical, important, but still came as a surprise. There were eight stores on the old version, and the rest had to be rolled out right away on the new Knox Manage. It was necessary to support configurations in two MDM.

And then the Telegram locks started, and the MDM servers on Amazon came under the distribution. Month sausage. The partner set up the phones via VPN, and our VPN cannot allow to bypass official blocking.

Beeline does not record the number on the SIM-card, it is not visible from MDM. At the same time, you can find out the number on the phone through a USSD request. To solve this problem, we plan to use the data collected by the management agent from the device, this is the SIM ICCID and user account, and the data received from the mobile operator’s API ICCID and phone number.

Since last year, we must transmit to the operator the passport data of those who are behind the corporate SIM card. That is, even legal entities are obliged to provide personal data of an employee for each number from last summer. I don’t know what the oil companies have, there are generally sensors on the pipes - if anyone is in the know, please tell us.

Then went the phone breakdown. Building stores, warehouses - a place of increased danger for phones. From the first days they sat on them, dropped them, drove them onto a loader, shoved them into the microwave.



We separately investigated this incident with a microwave. It turns out that in the standard process of migration from one MDM to another, we who for one month didn’t carry phones in support for more than a month after three reminders, forcibly blocked the phone with the message: “Carry in support”. The user has opened a bitcoin wallet on the device. When he saw the block, he decided that it was hacked, and immediately threw the phone into the microwave.

It was necessary to configure release blocking during processes like inventory, so that a person would not receive a new APK during active work. There we go from the manual process of adding APKs to MDM to the automatic one through Jenkins.

Added push messages from MDM about releases of new applications (which are not installed automatically) and about critical new features.

Employees sometimes change roles. We are in a period when, after evaluation, it began to be done more often (massively). A change of role is manual labor. A person needs to apply to regional support, and she will do it. In the new MDM release, we plan to automate the process in conjunction with the personnel system.

The second feature is dismissal. There is a bypass sheet, among other things - you need to turn in the equipment and a SIM card in support. A case may occur when a person leaves with a telephone. We block and brick the device. Samsung has its own anti-theft functionality - the main thing is that the device goes to the network. Hard reset will not help.

This turned out to be another problem, because now the case is not well thought out, when a person turned off all networks and forgot the screen lock password. Support cannot do anything, a partner cannot do anything, and even Samsung cannot do anything. Decide by replacing the motherboard.

When leaving, the phone is wiped, but before that they talk about how to save data. The user receives instructions for transferring everything to Google Drive. He can turn to support: it took to get cables in stores to give people home for the evening. If you have already come to take it - only online tools: most often at the last moment they forget that you need to keep contacts.

And the devices are clogged with what users put there. Application performance is tested by developers on more or less clean systems. Users put non-standard themes, some wild launchers, stuff graphic effects and spoiling logs there. Often the phone turns into a not-so-usable thing. It comes to this:



While we are reactive, support is mending. There are instructions on how to clean. Unfortunately, here it is like with Windows: seven troubles, one reset. Wipe is a popular solution to the problem. Reboots really help. L3 support, too, I asked to solve many incidents with MDM by wipe, but here we did not take these decisions, we understood everything.

So it happened. The goal of the platform at the first step was to provide each employee with a mobile device for communication and operational solution of work tasks - telephony, social networks, internal communications, checking the availability of goods from anywhere in the supermarket, placing orders for volumetric goods, etc. And then it gave great opportunities by growth in our own development. There are devices, they can be irreparable and cause good. A tool has appeared that can do something useful. We have a whole team doing this, where we recruit people from time to time .

More articles:


All Articles