Post on 24-Aug-2020
Bernard Fung
Senior Product Consultant
Windows Phone 8:
Bridging the gap between
personal and business
Agenda
Microsoft confidential3
Microsoft confidential4
Platform + Google
Services
Open source enabling
anything
Varies by
device
Integrated
experiences
Structured to optimize
experience
Consistent with
extensibility
Integrated software
and hardware
Apple controlled
vertical
Apple
defined
Strategy
Ecosystem
Experience
Connect
Productive
Personal
Safe
Apps
A device experience that is great for work and personal use.
Microsoft confidential5
Productivity
Security
Communication
Management
Business apps
A smartphone solution that optimizes for mobile worker success, while balancing their IT needs.
Microsoft confidential6
Brings enterprise-class computing to mobile devices
8
10
11
12 Microsoft confidential
13 Microsoft confidential
14 Microsoft confidential
15 Microsoft confidential
16 Microsoft confidential
17 Microsoft confidential
Outlook capabilities
128-bit SSL
Remote wipe (admin)
GAL lookup
Sync folders
Task sync
Contacts sync
Calendar sync
Email sync
Direct push
Exchange Server 2003 Exchange Server 2010Exchange Server 2007
IRM email
256-bit SSL
Quarantine list
Nickname cache
Reply state
+Server search
Set Out-of-Office
Bandwidth reductions
Autodiscover
View meeting attendees
Follow-up flags
HTML email
Remote wipe (user)
+
19 Microsoft confidential
21 Microsoft confidential
Always in sync and ready
* Only EEFIGSs
OneNote
PowerPoint
Get ready for the
presentationView your slides and speaker notes in one view
for a good presenter experience
Navigate a PowerPoint presentation quickly
using slide sorter view
View slides in portrait or landscape mode
All the familiar Office apps right there
No need to purchase or install,
Office Mobile is built-inEdit and comment in Word, Excel, and
PowerPoint
No formatting or data gets lost
Templates to help users create new documents
Excel data stats and formula assist
IRM support for documents
26
28 Microsoft confidential
Secure boot process
Firmware
boot
loaders
OEM UEFI
applications
Windows
Phone boot
manager
Power On
Windows
Phone 8 OS
boot
Windows
Phone 8
update OS
bootBoot to
flashing
modeSoC Vendor
OEM
MSFThttp://www.uefi.org/specs/
30 Microsoft confidential
31 Microsoft confidential
Device Encryption
WP8 uses Windows disk encryption technology
for device encryptionSecure boot is required
Encryption is available on all phones and tuned on by IT Pro
No pre-OS user experience for PIN entry
No key escrow
All internal storage is encrypted
SD card not encrypted!
33 Microsoft confidential
34 Microsoft confidential
36 Microsoft confidential
37 Microsoft confidential
38 Microsoft confidential
Microsoft Unified Device Management
Simple password
Alphanumeric password
Minimum password length
Minimum password complex characters
Password expiration
Password historyDevice wipe threshold
Inactivity timeout
IRM enabled
Remote device wipe
Device encryption (new)
Disable removable storage card (new) Remote update of business apps (new)
Remote or local un-enroll (new)
(NA)
EASServer configured policy values
Query installed enterprise app
Device name
Device ID
OS platform type
Firmware version
OS version
Device local time
Processor type
Device model
Device manufacturer
Device processor architecture
Device language
Enterprise policies and reporting
Windows Intune policy and reporting
42
Enterprise App Ecosystem Overview
2. Signing Tools
3. App Catalog
1. Registration
1. Develop App
2. Package and sign
1. Device Enrollment
2. Get apps
4. Create Token
3. Cert and
Enterprise ID
IT registration1. Enterprise registers with App
Hub
2. Enterprise downloads app tools
3. Microsoft notifies CA of
pending enterprise registration
4. Vets enterprise
5. CA checks that vetting is
complete, and generates a
certificate for enterprise
IT organizationApp Hub Windows Phone
Enterprise app ingestion
Enterprise apps are not submitted to Marketplace for ingestion
App ingestion in enterprise catalog is owned and managed exclusively by IT
IT is responsible for the quality of enterprise apps
IT is responsible for any impact on the overall experience on the phone
May use the Windows Phone Marketplace Test Kit to evaluate apps
Enterprise app capabilities are the same as a public apps Capabilities are enforced on the phone at app install time
If app uses the location capability, prompt for user approval and give the user an option to disable
Enrollment & Management Architecture
Discovery
CA
Enrollment
Server
Management
Server
App Catalog
Email and pwdSuccess
cert requestGet cert
Get app token
Get Policy
Get Custom Hub
Install Apps
46 Microsoft confidential
47 Microsoft confidential
48 Microsoft confidential
49
Incremental software cost for 1,000 smartphones
Microsoft confidentialSource: Costs based on pricing as of Nov. 1, 2012 from Research in Motion,
Android Play marketplace, and Apple App store
Microsoft confidential51
Configure
before hand…
SETTINGS -> find my phone
Microsoft confidential52
and find it
when lost!
www.windowsphone.com
Find My Phone
• Ring it if nearby
• Lock it to add/change a
password
• Erase it if stolen
videoHyatt case study
PC Magazine 2012 Reader’s Choice Award
End-users love Windows PhoneAmazon.com | Three of the top Five Highest Rated Cell phones with
Service Plans = October 2012
83% of CIOs and IT decision makers who attended the Microsoft CIO Summit recommend Windows Phone for their business.❞
❝
Source: Microsoft CIO Summit, October 2012
The information herein is for informational purposes
only an represents the current view of Microsoft
Corporation as of the date of this presentation. Because
Microsoft must respond to changing market conditions,
it should not be interpreted to be a commitment on the
part of Microsoft, and Microsoft cannot guarantee the
accuracy of any information provided after the date of
this presentation.
© 2012 Microsoft Corporation.
All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.
Appendix
Windows Phone 8 comparison
Windows Phone 8 iOS6 Android Blackberry OS 7
1 1 1
2 3
4 4 4
5 5 6
7
8 9 9
10
11
12
13 14 15
16
Bu
sin
ess
use
r
Feature available Feature not available Partial
Updated
11/29/12
IT
Windows Phone 7 security model
DynamicPermissions
(LPC)
FixedPermissions
ChamberTypes
Central repository of rules3-tuple {Principal, Right, Resource}
Chamber boundary is security boundaryChambers defined using policy rules4 chamber types, 3 fixed size, one can be expanded with capabilities (LPC)
Expressed in application manifestDisclosed on MarketplaceDefines app’s security boundary on phone
Policy system
Chamber Model
Capabilities
Windows Phone 8 security model
DynamicPermissions
(LPC)
Similar to WP7
WP8 chambers are built on the Windows security infrastructureServices and Application all in chambers
WP8 has a richer capabilities list
Simplifying Management Across Platforms
Devices & Platforms
Windows Intune
Single admin
console
Unmanaged Phones - Enterprise App Enrollment
Enterprise generates app enrollment token
App enrollment steps
1. Enterprise emails a link to the app enrollment token
2.User authenticates with domain credentials
3.User downloads and installs app enrollment token
-or-
1. Enterprise emails app enrollment token using IRM
2.User authenticates with IRM and installs app enrollment token
Unmanaged Phones enterprise app deployment
1. Enterprise IT signs the XAP
2.XAP is posted to the private Enterprise App Store
3.User navigates to the Enterprise App Store (via web
browser or client app) and selects the app to install
4.App is downloaded and installed on the phone
Enterprise managed app installation works only for enrolled
phones
Managed Phones Enterprise App Enrollment
Managed by MDM
1. The phone initiates enrollment with MDM
2.MDM provisions certificates to the phone and sends the
app enrollment token to the phone
3.Optionally, the user can install an app discovery app that
provides access to apps in the enterprise store
Phones enrolled with the enterprise
Managed Phones enterprise app deployment
1. Enterprise IT signs the XAP
2.XAP is posted in the App Catalog
3.User opens the app discovery app that displays all
available apps and selects the app to install
Or
3. User browses the app catalog using the browser
4.App is downloaded and installed on the phone