Blue gradient Windows Server background image Blue gradient Windows Server background image
3 min read

Bring Your Own Device (BYOD) – New Windows Server 2012 R2 Device Access and Information Protection

As you will have seen at Microsoft TechEd North America and Europe, we have just delivered the Preview Release of Windows Server 2012 R2 with a stunning amount of new capability that is Cloud First.

My name is Adam Hall and I look after one of the solution areas within People-centric IT that we call “Access & Information Protection”. In this post I will provide more information about what this actually is and the focus areas we have around Bring Your Own Device (BYOD) and the Consumerization of IT.

People-centric IT is about helping organizations empower their users to work on the devices they choose without compromising their information integrity or compliance. The challenge this presents to customers is that as soon as their user works on a device that they do not manage or even have any knowledge of, it becomes very difficult to retain control of sensitive corporate information, and to be able to respond to situations such as the device being sold, lost or stolen.

With our Access & Information Protection solutions, we deliver capabilities that help our customers solve this very challenging problem in the following ways:

Simple registration and enrollment for users adopting Bring Your Own Device programs (BYOD).

Users can register their device using Workplace Join which creates a new device object in Active Directory and installs a certificate on the device, allowing IT to take into account the users device authentication as part of conditional access policies. Users can also opt-in to the Windows Intune management service for consistent access to applications (including internal LOB apps and links to public app stores), management of their own devices and to gain access to their data.

Users can work from the device of their choice to access corporate resources regardless of location.

New in Windows Server 2012 R2 are the Web Application Proxy and Work Folders. The Web Application Proxy provides the ability to publish access to internal resources and perform Multi-Factor Authentication at the edge. Work Folders is a new file sync solution that allows users to sync their files from a corporate file server to all their devices both internally and externally.


IT can better protect corporate information and mitigate risk by being able to manage a single identity for each user across both on-premises and cloud-based applications.

As users blend their work and personal lives, and organizations adopt a mixture of traditional on-premises and cloud based solutions, IT needs a way to consistently manage the user’s identity and provide users with a single sign-on to all their resources.  Microsoft helps our customers by providing users with a common identity across on-premises or cloud-based services leveraging existing Windows Server Active Directory investments and then connecting to Windows Azure Active Directory.  In Windows Server 2012 R2, we have significantly enhanced Active Directory Federation Services (ADFS) to be easier to deploy and configure, tightly integrated with the Web Application Proxy for simple publishing and federating between Active Directory and Azure AD.


IT can access managed mobile devices to remove corporate data and applications in the event that the device is lost, stolen, or retired from use.

Whether a device is lost, stolen or simply being repurposed, there will be times when IT needs to ensure that the corporate information stored on the device is no longer accessible. With Windows Server 2012 R2, System Center configuration Manager 2012 R2 and Windows Intune, companies have the ability to selectively wipe corporate information while leaving personal data intact.

IT can set policy-based access control for compliance and data protection.

With users working on their own devices, the accessing of corporate resources and storage of information on these devices presents some challenges for ensuring compliance needs are met and information remaining secure.  Windows Server 2012 R2, through the Web Application Proxy, ADFS and Work Folders provides compelling and powerful solutions to make it easy for our customers to make resources available but also remain in control of information.  As we showed in the TechEd Europe keynote in Madrid this week, Work Folders is integrated with Dynamic Access Control, providing the ability to automatically classify information based on content, and perform tasks such as protecting with Rights Management Services, even for data that is created and stored on clients!

To see People-centric IT, including System Center 2012 R2 Configuration Manager, Windows Intune, and Windows Server 2012 R2 in action, you can watch a complete presentation and end-to-end demonstration from the TechEd North America Foundational Session. You can also learn more about People-centric IT by downloading the People-centric IT Preview Guide.

Be sure to download System Center 2012 R2 Preview Configuration Manager and Windows Server 2012 R2 Preview today!