I often hear from U.S. Government agencies that they’re interested in the promise of a mobile and productive workforce but are concerned about the possibility of associated risks. We take these concerns seriously at Microsoft. So the Windows team worked with Microsoft field personnel and customers in many verticals, and created a strong list of requirements that formed the core set of new enterprise capabilities for Windows Phone 8.1. The result is a security-enhanced OS and an architecture designed to help prevent malware attacks—and even prevent rooting and jail breaking.
This is great news for government agencies worldwide. You now have access to enterprise-ready features in Windows Phone 8.1 that are designed to deliver safe, reliable mobility for your employees. Here are five examples of how Windows Phone 8.1 brings enterprise-grade security to public-sector workers:
- S/MIME for Encrypted and Secure enhanced Email—Windows Phone 8.1 brings an industry-standard implementation of S/MIME to enable secure email capabilities including the ability to encrypt and sign secure email, providing robust email capabilities without compromising security. Managed through a Mobile Device Management (MDM) solution or Exchange Server, employees can sign in and encrypt email messages directly from the Mail client on their phone.
- Enterprise VPN—This is one of my favorite new capabilities. Native VPN empowers users to easily access private, intranet-based corporate resources behind the firewall. Connections can be provisioned by an MDM and provide Single-Sign-On (SSO) security-hardened access through certificate authentication, and also reconnect automatically, providing a flexible and reliable connection. Microsoft is working with all the leading VPN solution providers to deliver SSL-based plug-ins that integrate with native VPN clients, making it easier for customers to connect Windows Phone 8.1 devices to internal networks, utilizing their preferred VPN infrastructure.
- Mobile Device Management—Windows Phone 8.1 has a built-in MDM client that allows IT organizations to manage devices with their management system of choice. Device enrollment has been dramatically simplified, lowering support costs and helping ease enrollment in both a Bring Your Own Device and a Corporate Liable scenario.
- PKI and Certificate Management—Now full certificate lifecycle management and support for Public Key Infrastructure (PKI) is possible, enabling many new certificate authentication scenarios. Certificates can be used for device authentication onto a network based on MDM enrollment. They can also be used for authentication to help secure Wi-Fi and VPN connections. One of the biggest breakthroughs is support for two-factor authentication. Windows Phone 8.1 devices all include an onboard Trusted Platform Module (TPM). That encrypted hardware container can be used to store and help protect certificates, including PIN-protected certificates stored within a Virtual Smartcard container.
- Rich MDM Control Policies—Agencies that need to carefully protect their networks and sensitive information can rely on deep MDM policies with Windows Phone 8.1. These policies provide full control of onboard hardware capabilities such as camera, Bluetooth, GPS, and NFC. They can also lock down applications with a sophisticated whitelisting and blacklisting capability to carefully control the applications users are allowed. For specialized environments, we even provide an Assigned Access capability, which employs a kiosk mode that can provide a tightly controlled, curated experience where only the applications and settings an organization wants exposed are shown to the user.
All Windows Phone 8 devices support the Windows Phone 8.1 update. Availability varies by carrier.
Working with Microsoft field personnel and customers in many verticals, the Windows team created a strong list of requirements that formed the core set of new enterprise capabilities for Windows Phone 8.1 plus a unique set of features that have been designed specifically for the government workplace. It brings an array of enterprise features to the public sector, allowing government agencies to have the same, security-hardened smartphone solution that businesses are now using. To evaluate Windows Phone 8.1 for your organization, contact your Microsoft account manager or partner to schedule a Mobile Strategy briefing or a Proof of Concept Workshop.
Have a comment or opinion on this post? Let me know @Microsoft_Gov. Or e-mail us at firstname.lastname@example.org.
Rick Engle, Principal Windows Technology Specialist at Microsoft, Corp. | 20 August 2014