Bernard Fung

Senior Product Consultant

Windows Phone 8:

Bridging the gap between

personal and business

Agenda

Microsoft confidential3

Microsoft confidential4

Platform + Google

Services

Open source enabling

anything

Varies by

device

Integrated

experiences

Structured to optimize

experience

Consistent with

extensibility

Integrated software

and hardware

Apple controlled

vertical

Apple

defined

Strategy

Ecosystem

Experience

Connect

Productive

Personal

Safe

Apps

A device experience that is great for work and personal use.

Microsoft confidential5

Productivity

Security

Communication

Management

Business apps

A smartphone solution that optimizes for mobile worker success, while balancing their IT needs.

Microsoft confidential6

Brings enterprise-class computing to mobile devices

8

10

11

12 Microsoft confidential

13 Microsoft confidential

14 Microsoft confidential

15 Microsoft confidential

16 Microsoft confidential

17 Microsoft confidential

Outlook capabilities

128-bit SSL

Remote wipe (admin)

GAL lookup

Sync folders

Task sync

Contacts sync

Calendar sync

Email sync

Direct push

Exchange Server 2003 Exchange Server 2010Exchange Server 2007

IRM email

256-bit SSL

Quarantine list

Nickname cache

Reply state

+Server search

Set Out-of-Office

Bandwidth reductions

Autodiscover

View meeting attendees

Follow-up flags

HTML email

Remote wipe (user)

+

19 Microsoft confidential

21 Microsoft confidential

Always in sync and ready

* Only EEFIGSs

OneNote

PowerPoint

Get ready for the

presentationView your slides and speaker notes in one view

for a good presenter experience

Navigate a PowerPoint presentation quickly

using slide sorter view

View slides in portrait or landscape mode

All the familiar Office apps right there

No need to purchase or install,

Office Mobile is built-inEdit and comment in Word, Excel, and

PowerPoint

No formatting or data gets lost

Templates to help users create new documents

Excel data stats and formula assist

IRM support for documents

26

28 Microsoft confidential

Secure boot process

Firmware

boot

loaders

OEM UEFI

applications

Windows

Phone boot

manager

Power On

Windows

Phone 8 OS

boot

Windows

Phone 8

update OS

bootBoot to

flashing

modeSoC Vendor

OEM

MSFThttp://www.uefi.org/specs/

30 Microsoft confidential

31 Microsoft confidential

Device Encryption

WP8 uses Windows disk encryption technology

for device encryptionSecure boot is required

Encryption is available on all phones and tuned on by IT Pro

No pre-OS user experience for PIN entry

No key escrow

All internal storage is encrypted

SD card not encrypted!

33 Microsoft confidential

34 Microsoft confidential

36 Microsoft confidential

37 Microsoft confidential

38 Microsoft confidential

Microsoft Unified Device Management

Simple password

Alphanumeric password

Minimum password length

Minimum password complex characters

Password expiration

Password historyDevice wipe threshold

Inactivity timeout

IRM enabled

Remote device wipe

Device encryption (new)

Disable removable storage card (new) Remote update of business apps (new)

Remote or local un-enroll (new)

(NA)

EASServer configured policy values

Query installed enterprise app

Device name

Device ID

OS platform type

Firmware version

OS version

Device local time

Processor type

Device model

Device manufacturer

Device processor architecture

Device language

Enterprise policies and reporting

Windows Intune policy and reporting

42

Enterprise App Ecosystem Overview

2. Signing Tools

3. App Catalog

1. Registration

1. Develop App

2. Package and sign

1. Device Enrollment

2. Get apps

4. Create Token

3. Cert and

Enterprise ID

IT registration1. Enterprise registers with App

Hub

2. Enterprise downloads app tools

3. Microsoft notifies CA of

pending enterprise registration

4. Vets enterprise

5. CA checks that vetting is

complete, and generates a

certificate for enterprise

IT organizationApp Hub Windows Phone

Enterprise app ingestion

Enterprise apps are not submitted to Marketplace for ingestion

App ingestion in enterprise catalog is owned and managed exclusively by IT

IT is responsible for the quality of enterprise apps

IT is responsible for any impact on the overall experience on the phone

May use the Windows Phone Marketplace Test Kit to evaluate apps

Enterprise app capabilities are the same as a public apps Capabilities are enforced on the phone at app install time

If app uses the location capability, prompt for user approval and give the user an option to disable

Enrollment & Management Architecture

Discovery

CA

Enrollment

Server

Management

Server

App Catalog

Email and pwdSuccess

cert requestGet cert

Get app token

Get Policy

Get Custom Hub

Install Apps

46 Microsoft confidential

47 Microsoft confidential

48 Microsoft confidential

49

Incremental software cost for 1,000 smartphones

Microsoft confidentialSource: Costs based on pricing as of Nov. 1, 2012 from Research in Motion,

Android Play marketplace, and Apple App store

Microsoft confidential51

Configure

before hand…

SETTINGS -> find my phone

Microsoft confidential52

and find it

when lost!

www.windowsphone.com

Find My Phone

• Ring it if nearby

• Lock it to add/change a

password

• Erase it if stolen

videoHyatt case study

PC Magazine 2012 Reader’s Choice Award

End-users love Windows PhoneAmazon.com | Three of the top Five Highest Rated Cell phones with

Service Plans = October 2012

83% of CIOs and IT decision makers who attended the Microsoft CIO Summit recommend Windows Phone for their business.❞

❝

Source: Microsoft CIO Summit, October 2012

The information herein is for informational purposes

only an represents the current view of Microsoft

Corporation as of the date of this presentation. Because

Microsoft must respond to changing market conditions,

it should not be interpreted to be a commitment on the

part of Microsoft, and Microsoft cannot guarantee the

accuracy of any information provided after the date of

this presentation.

© 2012 Microsoft Corporation.

All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.

Appendix

Windows Phone 8 comparison

Windows Phone 8 iOS6 Android Blackberry OS 7

1 1 1

2 3

4 4 4

5 5 6

7

8 9 9

10

11

12

13 14 15

16

Bu

sin

ess

use

r

Feature available Feature not available Partial

Updated

11/29/12

IT

Windows Phone 7 security model

DynamicPermissions

(LPC)

FixedPermissions

ChamberTypes

Central repository of rules3-tuple {Principal, Right, Resource}

Chamber boundary is security boundaryChambers defined using policy rules4 chamber types, 3 fixed size, one can be expanded with capabilities (LPC)

Expressed in application manifestDisclosed on MarketplaceDefines app’s security boundary on phone

Policy system

Chamber Model

Capabilities

Windows Phone 8 security model

DynamicPermissions

(LPC)

Similar to WP7

WP8 chambers are built on the Windows security infrastructureServices and Application all in chambers

WP8 has a richer capabilities list

Simplifying Management Across Platforms

Devices & Platforms

Windows Intune

Single admin

console

Unmanaged Phones - Enterprise App Enrollment

Enterprise generates app enrollment token

App enrollment steps

1. Enterprise emails a link to the app enrollment token

2.User authenticates with domain credentials

3.User downloads and installs app enrollment token

-or-

1. Enterprise emails app enrollment token using IRM

2.User authenticates with IRM and installs app enrollment token

Unmanaged Phones enterprise app deployment

1. Enterprise IT signs the XAP

2.XAP is posted to the private Enterprise App Store

3.User navigates to the Enterprise App Store (via web

browser or client app) and selects the app to install

4.App is downloaded and installed on the phone

Enterprise managed app installation works only for enrolled

phones

Managed Phones Enterprise App Enrollment

Managed by MDM

1. The phone initiates enrollment with MDM

2.MDM provisions certificates to the phone and sends the

app enrollment token to the phone

3.Optionally, the user can install an app discovery app that

provides access to apps in the enterprise store

Phones enrolled with the enterprise

Managed Phones enterprise app deployment

1. Enterprise IT signs the XAP

2.XAP is posted in the App Catalog

3.User opens the app discovery app that displays all

available apps and selects the app to install

Or

3. User browses the app catalog using the browser

4.App is downloaded and installed on the phone