Embed Size (px)
Citation preview
Enterprise OpportunityUnderstanding Windows Phone Built-in Security, Management and Deployment CapabilitiesNick Randolph: Built To RoamDave Glover: Microsoft
WPH224
Windows Phone Australian Developer CommunityRegister via• Mobile: http://
aka.ms/gswwn1 or• Desktop: http://aka.ms/Iwivij
For the• Latest Windows Phone News,• Training Events,• Competitions,• Developer Directory,• 1 yr. Windows Phone Store
Subscription,• And Device Loans
Common core and security architecture
Great, consistent experience across devices
Productive and connected
Robust platform for mobile apps
Unified app and device management
Windows Phone is Built for Business
Shared Windows CoreA shared core brings enterprise class computing to mobile devices • NT Kernel runs on 1.3 billion
computing devices (Windows 8, Windows RT, Windows Phone 8, Windows 8 Embedded, Windows Server 2012 and XBOX)
• Greater Consumer Choice• Developers can rapidly target
multiple platforms at lower cost, greater reuse
• Hardware innovation and differentiation
Hardware Innovations
WVGA800 x 48015:9
720p1280 x 72016:9
WXGA1280 x 76815:9
Dual-CoreToday
NFC
Photos ▪ Music Videos
Quad-CoreComing soon
1080p + Phablets Coming soon
Killer HardwareNokia Lumia
1020Nokia Lumia 925
Nokia Lumia 520 Nokia Lumia 620
Nokia Lumia 720
Diving in-Security-Device Management-Development
Security
Secured Boot and Code SigningAssures platform integrity and helps protect against malware
System-on-a-Chip (SoC) with Unified Extensible Firmware Interface (UEFI) secure boot• Validates OS images • Ensures that malware cannot insert itself
into the boot process (no rooting or jail-breaking)
• All operating system, OEM drivers, and app software components must be digitally signed by Microsoft to run (whitelisting)
Device SecurityFull internal storage encryption to protect information
• Built on Windows BitLocker architecture• Encryption key protected by TPM 2.0
• Encryption is available for all phones• Turned on with policy
• Removable SD cards not encrypted • Can be disabled by policy
• Microsoft Security Response Center can deliver security updates globally if high-impact vulnerability discovered – independent of MO
• Successfully completed Phase 1 of FIPS certification
Application Platform SecurityApplication platform helps to protect corporate data• Chamber security model reduces attack surface • Principle of least privilege, enforced• security boundaries, isolation, • disclosed capabilities to the user
• No shared file system • Prevents viewing or tampering with individual
app data• Apps in Windows Phone Store are certified,
scanned for malware, and digitally signed by Microsoft
Enterprise App ContainerizationSecure your apps, data, and access to back end systems• Apps on non-Domain joined devices can prompt
users for credentials, implement geo-fencing, and limit exposure to session attacks
• Apps can protect local data-at-rest with double-envelope encryption plus TLS for data-in-transit
• Apps can present user credentials to web services and web sites via Basic, OAuth and NTLM in order to sync data
• Enterprise Feature Pack brings certificate management to enroll, update, and revoke certificates for user authentication
Corporate ConnectivityInternet• Unified Access Gateway (UAG) • Securely publish web sites, web services and Exchange
ActiveSync across the corporate firewall via SSL• Apps and web browsers can authenticate against Active
Directory• Enterprise Feature Pack brings VPN connections
automatically triggered by the apps that need them.
Intranet• Extended “Guest” Wi-Fi network sends non-Domain joined
devices to the Internet with no access to the internal corporate network
• Enterprise Feature Pack brings enterprise Wi-Fi support for EAP-TLS that uses a client-side certificate
Data Leak Prevention (DLP)Rights Management Helps prevent intellectual property from being leakedProtects emails and documents on the phone from unauthorized distributionActive Directory Rights Management supports all your Mobile Information Management (MIM) needs
Device Management
Exchange ActiveSyncYour baseline level of BYOD device management included in Exchange Server and Office365World’s most widely used mobile policy enforcement technology
Password required Password expirationPassword history Allow simple passwordPassword length Device wipe thresholdComplex password Password complexityIdle timeout value Device encryption (new)IRM enabled Remote wipe (user/admin)
Windows IntuneEnterprise mobile app distribution and device management from the cloud• Enterprise enrollment and management
client built-in to phone• One-step user experience to enroll (or un-
enroll), apply policies , and discover enterprise apps
• Connects to System Center Configuration Manager for unified management of all your computing assets from a single console
Windows Intune Policy and Reporting
Simple passwordAlphanumeric passwordMinimum password lengthMinimum password complex charactersPassword expirationPassword historyDevice wipe thresholdInactivity timeoutIRM enabledRemote device wipeDevice encryption (new)Disable removable storage card (new) Remote update of business apps (new)Remote or local un-enroll (new)
(NA)
EAS
Server configured policy valuesQuery installed enterprise app Device name Device IDOS platform typeFirmware versionOS versionDevice local timeProcessor typeDevice modelDevice manufacturerDevice processor architectureDevice language
MDM Enterprise policies + Reporting
MDM PartnersSometimes your customer already has a mobile device management package in place• SilverbackMDM• Citrix XenMobile• Symantec• AirWatch• MobileIron• SAP Afaria• Fiberlink MaaS360• Sophos
Demo: Mobile Device ManagementSilverbackMDM – http://silverbackmdm.com/
A device management & security software vendor that provides policy based visibility, access and control while maintaining the native OS experience end users demand.
Mobile Application Management (MAM)Organizations can take full control over private apps• Enterprise registration with Microsoft• Receive enterprise ID and certificate from
Symantec• Digitally sign both enterprise token and apps
with certificate• Distribute token to phone during enrollment to
run enterprise apps• Private apps can be stored within intranet• Enterprise Feature Pack supports allowing or
blocking the installation of certain apps
Demo: Company Hub
Separating Corporate from PersonalWindows Intune is only interested in the corporate side of your phone• Deployment of enterprise apps only• Auto-update of previously installed
enterprise apps• Only retrieves inventory of enterprise
apps, not personal• Selective wipe removes corporate
policies, apps and associated data while personal apps and data are left untouched
Maximizing Developer InvestmentsVisual Studio 2012• Compatibility + Performance• Phone 7 apps run on Windows
Phone 8 and both are compiled in the cloud
• Apps• XAML UI combined with C#/VB
code• Mobile Web• Multiplatform HTML5
• Hybrid Web Container• IE 10 browser control in a native
app to get HTML5 and JavaScript content in the Store
• Games > Direct3D with C++ code
Mobile DatabasesStore data offline and perform transactions while disconnected• SQLite• Open source libraries work across all Windows
platforms• SQL Server Compact • Accessible via LINQ to SQL
• NoSQL• In-memory object collections can be queried via
LINQ and saved locally via object serialization
Mobile Enterprise App Platform (MEAP)Extend backend systems out to mobile devices• Enterprise application
integration (EAI) with backend systems and data sources
• Scale-out to support tens of thousands of devices
• Securely publish multichannel web services and websites to Internet in a wireless-friendly way
Internet Explorer 10Faster and safer browsing• One of the fastest HTML5 browsers with
hardware accelerated HTML and graphics • Build offline web apps with App cache and
IndexedDB • Sandboxed in isolated chamber, with no
plug-ins• Anti-phishing protection with SmartScreen
Filter with over 1 billion malware download attempts blocked
Near Field Communication (NFC)A new way to send• Tap to send data• Interact with NFC tags• Establish Wi-Fi or Bluetooth
connection• Tap to pay via Secure SIM element• Available to developers via the
Proximity API
Maps and DirectionsWorld-class maps to quickly get to appointments• Built-in maps with core NAVTEQ technology and street data
from Nokia in all phones• View offline maps without coverage or data connection• Here Drive (turn-by-turn directions) with voice• Map control and APIs available for developers
What’s next• Support life cycle for Windows Phone 8
extended from 18 months to 36 months• Windows Enterprise Feature Pack• S/MIME to sign and encrypt email • Access to corporate resources behind the firewall with app
aware, auto-triggered VPN • Enterprise Wi-Fi support with EAP-TLS • Enhanced MDM policies to lock down functionality on the
phone for more enterprise control• Certificate management to enroll, update, and revoke
certificates for user authentication
In Review: Session Objectives And TakeawaysSession Objective(s): You learned about new hardware and software innovationsYou learned how to keep the device, apps, data, and the network secureYou learned about mobile device, application, and information managementYou learned about enterprise development capabilities
You should now be able to conduct business-focused discussions about our secure, encrypted phone that meets the mobile device management and private software distribution needs of the enterprise.
Register at dvlup.com
• Compete in challenges
• Earn points• Redeem points for
swag!• Phones, headphones, and more
Developer Network
Resources for Developers
http://msdn.microsoft.com/en-au/
Learning
Virtual Academy
http://www.microsoftvirtualacademy.com/
TechNet
Resources
Sessions on Demand
http://channel9.msdn.com/Events/TechEd/Australia/2013
Resources for IT Professionals
http://technet.microsoft.com/en-au/
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
