Windows Mobile® 6.1New Security Features

Enterprise-class Device Management ClientPowerful and convenient management for Windows Mobile® 6.1 devices in an enterprise environment.These features include:

Centralized, over-the-air device managementAdvanced policy enforcement, inventory and reportingRobust inventory and reporting tools

Advantage: Convenient and powerful access to WM 6.1 devices from a centralized platform.Requires: System Center Mobile Device Manager

Mobile VPN

Mobile VPN helps increase worker productivity by providing:

Single point of access to the corporate networkAlways-on, security-enhanced wireless communicationBehind-the-firewall access to business applications

Advantage: Secure access to corporate data and LOB applications on connected Windows Mobile devices, enabling rich new scenarios beyond messaging.Requires: System Center Mobile Device Manager

Full OTA Provisioning

IT Pros can quickly and conveniently provision new devices by enabling users with a self-service enrollment model.To enroll their devices, users simply need

to:Access the company’s portal for self-service enrollmentEnter their e-mail addressEnter a one-time PIN code for enrollment

IT Pros can view the list of pending enrollments from a centralized place.

Advantages: Savings in time and resources, and reduction in helpdesk costs.Requires: System Center Mobile Device Manager

Active Directory® and Group Policy expanded supportUtilize an enterprise’s current Active Directory® structure to deploy and manage Windows Mobile 6.1 devices with:

Over 130 policy settings, including specific security policies for device management, encryption, and remote device wipeCustom policies that can be created using Active Directory Management Templates

Advantages: Take advantage of the current investment in Active Directory, with the ability to join and manage Windows Mobile 6.1 devices from a centralized interface.Requires: System Center Mobile Device Manager

Hardware driver lock-down capabilityAdministrators can remotely access Windows Mobile devices using Mobile Device Manager to:

Disable specific hardware functionality, such as the camera or Bluetooth connectivityRemotely wipe security-compromised devices

Advantages: Prevent unauthorized access to sensitive company information, and protect user and company data from being illegally accessed.Requires: System Center Mobile Device Manager

Rich inventory and reporting

Manage and view all Windows Mobile 6.1 devices via a single, convenient interface. With this, IT Pros can now:

View a broad range of device characteristics like device settings, certificates installed, software installed etc.Reduce the learning curve since it is based on the familiar Microsoft Management Console (MMC)

Advantages: Easier inventory with the ability to view device characteristics and status from a single console.Requires: System Center Mobile Device Manager

Software distribution capabilities

Enable safe and convenient over-the-air distribution of mobile software by allowing administrators to:

Target users in specific Active Directory groupsConfigure mobile applications such that users cannot uninstall themEliminate the need to distribute CAB files via Flash drivesAccess powerful reporting systems for reviewing software distribution across a mobile device workforce

Advantage: Safe and convenient wireless distribution of software to specific users.Requires: System Center Mobile Device Manager

File encryption

Encrypt not just the storage card, but the entire Windows Mobile 6.1 device.This enables encryption of the:

CalendarContactsE-mailsMy Documents folder

Advantage: Enhanced security for user data and personal information on the Windows Mobile 6.1 device.Requires: System Center Mobile Device Manager

Improved Certificate Support

New capability for Windows Mobile 6.1 devices with better certificate support. This includes:

Better tools for enrolling certificatesBetter certificate services like AES for SSLSupport for wild card certificates

Advantages: Easier enrollment of certificates with support for new, more robust certificate standards.Requires: This feature is native to Windows Mobile 6.1

Encryption Support in Microsoft® Exchange 2007 SP1Windows Mobile 6.1 devices offer S/MIME encryption when deployed with Exchange 2007.This enables the device to:

Require signed S/MIME messages Require encrypted S/MIME messages Require signed S/MIME algorithm Require encryption S/MIME algorithm Allow S/MIME encryption algorithmnegotiation Allow S/MIME soft certificates

Advantage: More robust messaging security.Requires: Exchange 2007 SP1 Standard or Enterprise CAL

Windows Mobile 6.1 devices offer device encryption when deployed with Exchange 2007.This includes:

Storage card encryptionRequire device encryption

Advantage: Protection against data theft from the device or the storage card.Requires: This requires either of the following:

Exchange 2007 SP1 Standard or Enterprise CALSystem Center Mobile Device Manager

Device encryption in Exchange 2007 SP1

Control device applications usingExchange 2007 SP1Enable or disable applications and features of Windows Mobile 6.1 devices. This includes:

Allow storage card Allow camera Allow unsigned applications Allow unsigned installation packages Allow Wi-Fi

Allow text messaging Allow POP/IMAP e-mail Allow Bluetooth Allow IrDA Allow Desktop Sync Allow browser Allow consumer e-mail

Advantage: Fine control over the Windows Mobile 6.1 devices deployed in the field.Requires: This requires either of the following:

Exchange 2007 SP1 Standard or Enterprise CALSystem Center Mobile Device Manager

© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it

should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.