With the Windows Phone 8.1 Update announced early Wednesday morning, is Windows Phone ready for the enterprise?
Let’s take a look at what’s new for enterprise in Windows Phone 8.1:
Enterprise Mobile Device Management
Windows Phone 8.1, has built-in mobile device management client that lets you manage the handsets with the Mobile Device Management system of your choice.
Windows Phone 8 introduced the MDM protocol based on SyncML 1.2 (OMA standard for MDM). With the Windows Phone 8.1 we continue to build on that protocol, with a built in MDM client that MDM vendors can use to manage the device.
We are making it easier for end-users to enroll a device in the enterprise and are enabling MDM vendors to make use of the standard web authenticator broker technology to customize that enrollment experience.
Enrollment in an MDM system now allows the IT administrator to deploy a large set of configuration policies, email and Office 365 accounts, certificates for user authentication, VPN and Wi-Fi profiles, and applications to the device. A Robust Push infrastructure allows the IT administrator to reach out to the device and make any changes to the enrolled devices.
MDM systems have the ability to complete remove all the elements distributed or configured on the phone as well as the associated content. This allows you to remove the organizations data from the device when an employee decides to leave the organization or un-enroll the phone from the organization.
Windows App Platform convergence
With Windows phone 8.1, 100% of the API’s that you care about have been converged between Windows 8.1 Update and Windows Phone 8.1. This means that you can now develop apps for Windows devices and no longer need to manage separate development projects for Windows and Windows Phone, greatly limiting the investment to develop apps. Your existing Windows Phone 8.0 app will continue to run too.
Security
Windows phone has been known to be one of the most secured smartphones on the market. With Windows Phone 8.1 we continue to evolve the security architecture, so you do not have to be fearful of malware. Windows Phone has no known malware, no jailbreaks ability, implements secure and trusted boot and sandboxes applications so malware and rootkits do not have a chance. With IRM and the addition of S/MIME for secure email data leak prevention is a reality on Windows Phone. You can also prevent users from saving or sharing information and documents via Cloud storage facilities such as OneDrive. Windows and Windows Phone 8.1
Enterprise Wipe
As BYOD is growing you want to have control over your data and applications. Windows Phone 8.1 allows you to securely manage your enterprise collection, such as email and documents, certificates, network profiles, business apps and associated data and enterprise security and configuration policy. Now that you can with Windows Phone 8.1, we allow you to securely remove the same collection of apps and information from a device that is being managed by your MDM system. For CL handsets you can get full control, block the Microsoft Account from being configured, disallow the user from configuring consumer services and block the user from removing the device from the MDM controlled walled garden.
S/MIME
Windows Phone 8.1, brings an industry standard implementation of S/MIME. Under control of your MDM system and Exchange Server, employees can sign and encrypt email directly from their outlook client on the phone, in a flexible way so it fits their needs. You can force S/MIME policies to comply with your company’s policy, all without installing additional software to enable it. Thanks to the extended MDM capabilities in Windows Phone 8.1, you can now get the needed information from your Windows Phone 8.1 fleet, so you can create better services for your users and lower cost. Remotely assist them when they have questions or problems with the right asset information inform or by locking, ringing or wiping a lost or accidently misplaced phone. You can also help them when they forgot their device unlock code after a vacation, by securely resetting the code.
Enterprise Wi-Fi
Windows phone 8.1 provides enhanced Enterprise Wi-Fi authentication support, now including:
- PEAP-MSCHAPv2
- EAP-TLS
- EAP-TTLS
Windows Phone 8.1 also supports optional server certificate validation which can be provisioned via MDM or manually. MDM servers can provision the certificates as well as Wi-Fi configurations (including SSID, Hidden SSID and PSK). Configuration support includes:
- Block Phone from being used as a Wi-Fi hotspot
- Disable using Wi-Fi to offload data traffic
- Preventing the user from manually adding Wi-Fi profiles (and connect to unknown hotspots)
- Reporting what hotspots a user is connecting to
Virtual Private Networks
“Virtual Private Network overview” by Ludovic.ferre (talk · contribs) – Own work. Licensed under CC BY-SA 3.0 via Wikimedia Commons.
Windows Phone 8.1 supports seamless, secure access to protected business resources with an in-box VPN client. Configuration of the VPN client is supported through MDM or manually, including the ability to control how VPN’s are used over Wi-Fi and cellular networks to save cost.
The VPN client supports per app auto VPN, launching the specified VPN profile when an app is launched. It also allows different VPN profiles for different apps. When switching between apps with different VPN profiles the correct tunnel will be established dynamically when the user switches apps. Only one tunnel is allowed at a time.
The VPN client supports tunneling flexibility with IPsec (IKEv2) gateway support (out-of-box) and SSL VPNs supported through a downloadable plug-in from the VPN Vendor which allows them to update as they add more features. The client also supports a split tunnel or forced tunneling.
