The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form, by any means (electronic, mechanical, photocopying, recording or otherwise), or for any purpose, without the express written permission of Microsoft. Microsoft may have patents, patent applications, trademarks, copyrights or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights or other intellectual property. Data plan and/or Wi-Fi access required for some Windows Phone 8 features. Carrier fees may apply. Availability of some features and services may vary by app, area, language, phone, carrier, and/or service plan. © 2013 Microsoft Corp. All rights reserved.

With BYOD (Bring Your Own Device) becoming the industry norm, it is important for IT departments to

choose a smartphone platform that appeals to consumers and will delight their end users. Windows

Phone is rapidly winning the hearts of consumers and gathering industry accolades.

PC Magazine 2013 Reader’s Choice Award

Consumers love Windows Phone

Both Windows Phone 8 and Windows Phone 8 devices are receiving high praise from consumers.

Windows Phone 8 was rated the #1 OS by all readers of PC magazine and the Nokia Lumia 920 was

rated the #1 phone by AT&T readers of PC Magazine.

Windows Phone Accolades and Awards

• 4 of the top 9 smartphones across all carriers on Amazon.com are Windows Phone 8 devices

• The Nokia Lumia 920 won the 2012 Engadget Readers Choice Award

• The Windows Phone 8X by HTC won the Red Dot Design Award for 2013

Your favorite apps, and over 130,000 more

Windows Phone has the apps and games you

want from brands you love. The Windows

Phone store has 130,000+ apps and 48 of the

top 50 apps on competing platforms. Get apps

for personal use such as Flixster, Cut the

Rope®, and Pandora. Or get apps for work

such as, Evernote, Box, and LinkedIn. Only

Windows Phone has Live Apps that bring you

the info you want, right on your start screen.

With Windows Phone 8 we made certain that IT professionals could have peace of mind and

effortlessly integrate with their Exchange, SharePoint, Lync and Office 365 infrastructure to lower their

TCO. We ensured end users had the best possible Office, Outlook and Lync experience on their

Windows Phone 8 devices. And we ensured that developers could use the Visual Studio and .NET tools

they are already familiar with to develop code that would run on PCs, tablets and smartphones.

Windows Phone Gaining Momentum Among CIOs

• In a recent poll by Aberdeen Group, CIOs revealed that they plan to deploy mobile apps for

Windows Phone and Windows tablets more than any other platform over the next 12 months.

• Windows Phone has also seen significant growth over the past year, at the expense of BlackBerry.

• A report by Strategy Analytics indicates that Windows Phone surpassed BlackBerry in Q4 2012 to

become the #3 smartphone platform in the US.

13

43

21

9 10

12 11

87

6

5

The 13 Layers of Security on Windows Phone 8

Below is an explanation of the security provided by the 13 numbered boxes in the security architecture

diagram above:

1. All Windows Phone 8 devices have to meet specific hardware requirements. This not only

guarantees a base-level user experience, it limits the hardware-related security attack vectors.

2. Windows Phone 8 is the only smartphone platform that has a Trusted Platform Module (TPM) 2.0

chip embedded on every device. The TPM chip is a huge boost to security – it protects encryption

keys, contains a crypto processing engine, and is a foundational element of a secure boot chain.

3. Windows Phone 8 uses the Unified Extensible Firmware Interface (UEFI) Secure Boot industry

standard. UEFI is the new BIOS. In a UEFI Secure Boot process the firmware, the bootloader, the

kernel and kernel extensions, are all cryptographically signed. This makes it easy to detect when any

of these layers has been tampered with. If any layer in this boot process has been maliciously

altered, the device won’t boot.

4. The crypto signing goes beyond the kernel – the entire OS and every single app on the system is

code-signed to guarantee a chain of trust from the hardware all the way up. This is not necessarily

the case for competing platforms. There is no real concept of a trusted boot chain on Android. And

it is well known that the trusted boot chain on iPhone is not entirely trustworthy because every

single version of iOS has been jailbroken within days of release.

5. Windows Phone 8 uses the same NT Kernel as Windows 8 and Windows Server 2012. But it also

shares the same driver model, developer platform, security, and networking stack and graphics and

media platform. All of these have been tried and tested on more than a billion client and server

machines, many running mission-critical workloads.

6. All updates to Windows Phone 8 now come directly from, and only from, Microsoft. This ensures the

integrity of the OS. Also all security fixes follow the same rigorous standards set by the Microsoft

Security Response Center or MSRC for our client and server products.

7. Windows Phone 8 supports alpha-numeric and complex passwords for device-locking.

8. The internal storage on a device can now be fully encrypted using the same BitLocker technology that

ships with Windows. The BitLocker encryption key is protected by the TPM 2.0 chip and will only be

released if i) the device successfully passes the UEFI Secure Boot process to boot up a trusted OS, and

ii) if the encrypted disk is physically located in the original device. This protects data at rest and guards

against offline attacks. So it is not possible to take the encrypted storage out and get access to the

data by booting from another OS, and it is also not possible to place the encrypted storage in another

Windows Phone 8 device to access the data. This protects data at rest and guards against offline

attacks. With both device-lock and BitLocker enabled it is extremely difficult to gain unauthorized

access to data on the internal storage.

9. Every app runs in its own isolated chamber. Even the OS services run in their own isolated chamber.

Each app receives only the capabilities it needs to perform all its use cases. It cannot elevate its

privileges at run time, it cannot communicate with other apps on the phone other than through the

cloud, and it cannot access memory, data or the keyboard cache used by another app.

10. Even the browser runs in its own sandbox. Windows Phone 8 ships with a locked down version of

Internet Explorer 10 that does not support plug-ins, and comes with anti-phishing filters built-in.

11. To further protect the data in each app, Windows Phone 8 provides another layer of encryption via the

Data Protection API. This is smart technology that uses entropy information already available on the

device to automatically generate new encryption keys. This way apps do not have to worry about

generating, storing and managing new keys. Each app also automatically receives its own decryption

key when it first runs.

12. However, no amount of encryption will prevent an authenticated user on a trusted device from sharing

data with unintended parties, willingly or unwillingly. This makes Information Rights Management

(IRM) critical and Windows Phone is the only smartphone platform that has IRM built-in to prevent

data leakage.

13. Finally, data synchronization with most cloud services like Office 365 and on-premise servers like

Exchange and SharePoint is done via the latest SSL 3.0 technology with AES 128 or 256 encryption.

This protects data in transit.

Note on TPM and UEFI Secure Boot standards

Microsoft is a strong believer in open standards for security, like UEFI Secure Boot and TPM. Standards

have numerous advantages over proprietary methods used by other smartphone platforms. Standards go

through a transparent development process, survive rigorous open review from the best security minds

across multiple organizations, and help ensure broad support across companies. The list of 100+

companies that define the TPM specifications can be found here and the firms behind the UEFI

specifications can be found here.

Maximize Value from Existing Microsoft Investments

The built-in IRM client on Windows Phone helps you maximize

value from your existing investments because it uses the Active

Directory Rights Management Service already available with your

Windows Servers. Exchange ActiveSync is also built-in and

supported and this is how Microsoft IT manages more than

70,000 BYOD Windows Phone devices. Additionally, a built-in

management client is available so you can use your existing

Mobile Device Management software such as MobileIron,

AirWatch, Citrix XenMobile, Symantec or Windows InTune and

System Center 2012 SP1. Finally, to further lower your TCO,

Windows Phone 8 comes with full-fidelity mobile versions of

Office so you can make the most of your existing investments in

Exchange, SharePoint, Lync and Office 365.

Windows Phone 8 integrates with your existing Microsoft infrastructure. Right out of the box, Windows

Phone seamlessly works with Microsoft products you know and already own, such as Exchange, Office,

SharePoint, Lync and Office 365 – no need to purchase additional third-party software.

BES server software and admin cost

Third-party software for Office

Third-party software for SharePoint

Typical incremental software & administration cost required to leverage

SharePoint, Office and Exchange functionality on1,000 smartphones

Windows Phone 8 gives you the best Outlook and Exchange experience, the best mobile versions of

Office, and the best communication and collaboration experiences with Lync and SharePoint.

WP 8 iOS 6Android

4.0BB 10

Setup, Lock screen, andStart screen

Fast Office 365 setup with simple input of ID and password

Resizable live tiles to access more information

Notifications on lock screen

Outlook e-mail,calendar, and contacts

Pin frequently accessed e-mail folders to the Start screen

Same integrated mail and calendar as Outlook on PC

Access and search for e-mails on the Exchange Server

Read protected e-mail (IRM)

Office documents

View, edit, and comment on Word, Excel, and PowerPoint documents

“Places” panel for easy access to docs opened viaemail, or stored on SharePoint, SkyDrive or the phone

Read protected IRM documents

“Thumbnail” view to easily navigate long ppt decks

Lync communication

Make VoIP and HD video Lync calls, and receive Lync calls like standard voice calls

Multitask during Lync call - read email, view/edit/save docs, access SharePoint sites, use other apps etc.

Attend Lync meetings with audio, video, and web conferencing with one click from Outlook

SharePoint sites

Sync documents across devices. Edit on one device and continue working right where you left off

Download documents for offline access and editing; upload changes when you are back online

Search for content on SharePoint team sites, lists or document libraries

Write and edit documents with colleagues at the same time

Pin SharePoint sites to the Start screen for easy access

4

8

5

9

3

6

Feature available Feature not available Feature available with conditions

1

1. Not open to third party developers

2. Requires setup through widgets

3. Requires BlackBerry Enterprise Server (BES)

4. View only

5. Supported only by a few devices

6. Documents To Go included7. No Lync app for BB 108. Access and view only, no editing9. Supported only by a few devices

2 1

7

7

7

Common Development Foundation for Client and Mobile Computing

Historically, apps for client computing devices like PCs, laptops and desktops have been developed

separately from apps for mobile computing devices like smartphones and tablets. But as more client

computing devices get touch screens and mobile broadband radios, and more mobile computing

devices take on client computing workloads, it is going to be critical for you to be able to share code

between the mobile and client computing worlds.

From an app development perspective there is deep commonality between Windows Phone 8,

Windows 8 and Windows RT. In fact, Windows Phone 8, Windows 8 and Windows RT share several

components in a common development foundation that makes it easy to port apps across different

form factors on the Windows platform.

First, Windows Phone 8, Windows 8 and Windows RT share a common development environment and

tools with Visual Studio and .NET. Second, they also share the same driver model, security model, web

browser and managed code Common Language Runtime (CLR). Finally, Windows Phone 8, Windows 8

and Windows RT all support native code and have the exact same API set for Networking, File System,

Input, Sensors, Graphics and Media, Audio, and Commerce.

Flexibility with 3 Development Models

App developers also have flexibility in how they develop apps and can choose from 3 development

models. They can write an app that uses whatever combination they desire between managed code,

native code and HTML/JavaScript code. And they can run a lot of that code across Windows Phone 8,

Windows 8 and Windows RT because of the common foundation. So porting apps and business

functionality across your mobile and client computing worlds becomes a lot faster. This will be a critical

capability needed by businesses as the worlds of mobile and client computing converge.

There are a number of programs available to help you transition your organization to Windows Phone.

Your Microsoft account team can provide more information and help you get started.

Frequently Asked Questions

What support options are available for businesses?

The “Get technical support” section on http://support.microsoft.com/gp/windows-phone-8 lists a

variety of Windows Phone 8 technical support options available to businesses.

Where can I learn more about Microsoft’s Support Lifecycle policy?

The most common questions on this topic have been answered on

http://support.microsoft.com/gp/lifepolicy

Will Windows Phone 8 devices be upgradeable to the next version of the Windows Phone OS?

Yes, Windows Phone 8 devices will be able to upgrade to the next version of Windows Phone OS when

it is launched.

Where can I get an in-depth overview of Windows Phone 8 for businesses?

The Windows Phone 8 Reviewers Guide goes into considerable depth for all the areas covered by this

document.