Applies to: Windows 8.1
We built Windows 8 to bring a modern computing experience to businesses and to help professionals stay connected to their colleagues and clients from anywhere, anytime. Windows 8.1 advances this vision and introduces new manageability, mobility, security, user experience, and networking capabilities–with the goal of offering customers the best business tablets and versatile modern business PCs driven by the most powerful operating system designed for today’s modern businesses.
Below is a list of some of the new and updated features in Windows 8.1 with regard to Bring Your Own Device (BYOD) scenarios, mobility, security, and the modern user interface. Looking for information about the new features and functionality in Windows 8.1 Update? See What's new in Windows 8.1 Update.
A Windows 8 PC was either domain joined or not. If it was a member of the domain, the user could access corporate resources (if permissioned) and IT could control the PC through group policy and other mechanisms. This feature allows a middle ground between all or nothing access, allowing a user to work on the device of their choice and still have access to corporate resources. With Workplace Join, IT administrators now have the ability to offer finer-grained control to corporate resources. If a user registers their device, IT can grant some access while still enforcing some governance parameters on the device.
Work Folders allows a user to sync data to their device from their user folder located in the corporation’s data center. Files created locally sync back to the file server in the corporate environment. This syncing is natively integrated into the file system. Note, this all happens outside the firewall client sync support. Previously, Windows 8 devices needed to be domain joined (or required domain credentials) for access to file shares. Syncing could be done with third-party folder replication apps. With Work Folders, Users can keep local copies of their work files on their devices, with automatic synchronization to your data center, and for access from other devices. IT can enforce Dynamic Access Control policies on the Work Folder Sync Share (including automated Rights Management) and require Workplace Join to be in place.
While many organizations have investments with System Center and will continue to leverage these investments we also know that many organizations want to manage certain classes of devices, like tablets and BYOD devices, as mobile devices. With Windows 8.1, you can use an OMA-DM API agent to allow management of Windows 8.1 devices with mobile device management products, like Mobile Iron or Air Watch.
When a user enrolls their device, they are joining the device to the Windows Intune management service. They get access to the Company Portal which provides a consistent experience for access to their applications, data and to manage their own devices. This allows a deeper management experience with existing tools like Windows Intune. IT administrators now have deeper policy management for Windows RT devices, and can manage Windows 8.1 PCs as mobile devices without having deploy a full management client.
The Web Application Proxy is a new role service in the Windows Server Remote Access role. It provides the ability to publish access to corporate resources, and enforce multi-factor authentication as well as apply conditional access policies to verify both the user’s identity and the device they are using resources, and enforce multi-factor authentication as well as verify the device being used before access is granted.
Enhanced Virtual Desktop Infrastructure (VDI) in Windows Server 2012 R2 with improvements in management, value, and user experience. Session Shadowing allows administrators to view and remotely control active user sessions in an RDSH server. Disk deduplication and storage tiering allow for lower cost storage options. User experience for RemoteApps, network connectivity and multiple displays has been improved. Administrators can now easily support users with session desktops to provide helpdesk style support. Administrators now have even more flexible storage options to support a VDI environment without expensive SAN investments. End users find RemoteApp behavior is more like local apps, and the experience in low-bandwidth is better, with faster reconnects and improved compression, and support for multiple monitors.
Tap your Windows 8.1 device against an enterprise NFC-enabled printer and you’re all set to print. No more hunting on your network for the correct printer and no need to buy a special printer to take advantage of this functionality. Simply attach an NFC tag to your existing printers to enable this functionality.
Connect to Wi-Fi Direct printers without adding additional drivers or software on your Windows 8.1 device, forming a peer-to-peer network between your device and the printer.
Present your work wirelessly with no connection cords needed; just pair with a Miracast-enabled display and Miracast will use Wi-Fi to let you project wire-free.
We have added support for a wider range of VPN clients in both Windows and Windows RT devices. We have also added the ability to have an app automatically trigger VPN connections.
When you select an app or resource that needs access through the inbox VPN – like a company’s intranet site – Windows 8.1 automatically prompts you to sign in with one click. This feature is available with Microsoft and third-party inbox VPN clients.
At Windows 8 launch, the devices had embedded radios that were separate components within the devices. Windows 8.1 supports embedded wireless radio, which gives you increased power savings and longer battery life, and also enables thinner form factors and lower cost devices.
With Windows To Go in Windows 8.1, the Windows Store is now enabled by default. Windows To Go users may roam to any number of computers and access the Windows Store and use Windows Store apps.
Turn your Windows 8.1 mobile broadband-enabled PC or tablet into a personal Wi-Fi hotspot, allowing other devices to connect and access the Internet.
Corporations now have more control over corporate content which can be marked as corporate, encrypted, and then be wiped when the relationship between the corporation and user has ended. Corporate data can now be identified as corporate vs. user, encrypted, and wiped on command using EAS or EAS + OMA-DM protocol. This capability is requires implementation in the client application and in the server application (Mail + Exchange Server). The client application determines if the wipe simply makes the data inaccessible or actually deletes it.
All versions of Windows 8.1 include end-to-end biometric capabilities that enable authenticating with your biometric identity anywhere in Windows (Windows sign-in, remote access, User Account Control, and so on). Windows 8.1 is optimized for fingerprint-based biometrics and includes a common fingerprint enrollment experience that works with a variety of readers (touch, swipe). Modern readers are touch-based rather than swipe-based and include liveliness detection that prevents spoofing (for example, silicon emulated fingerprints). Access to Windows Store apps, functions within them, and certificate release can be controlled based on verification of a user’s biometric identity.
Device encryption previously found on Windows RT and Windows Phone 8 is now available in all editions of Windows. It is enabled out of the box and can be configured with additional BitLocker protection and management capability on Windows 8.1 Pro and Windows 8.1 Enterprise. Consumer devices are automatically encrypted and protected when using a Microsoft account. Data on any Windows connected standby device is automatically protected (encrypted) with device encryption. Organizations that need to manage encryption can easily add additional BitLocker protection options and manageability to these devices.
Internet Explorer 11 improvements include faster page load times, side-by-side browsing of your sites, enhanced pinned site notifications, and app settings like favorites, tabs and settings sync across all your Windows 8.1 PCs. Internet Explorer 11 now includes capability that enables an antimalware solution to scan the input for a binary extension before it’s passed onto the extension for execution.
Windows Defender, Microsoft’s free antivirus solution in Windows 8, now includes network behavior monitoring to help detect and stop the execution of known and unknown malware. Internet Explorer scans binary extensions (for example, ActiveX) using the antimalware solution before potentially harmful code is executed.
With Assigned Access, a new feature offered in Windows 8.1 RT, Windows 8.1 Pro, and Windows 8.1 Enterprise, you can enable a single Windows Store application experience on the device. This can be things like a learning application for kids in an educational setting or a customer service application at a boutique. Assigned Access can ensure the device is delivering the intended experience. In the Windows Embedded 8.1 industry product, we deliver additional lockdown capabilities to meet the needs of industry devices like point of sale systems, ATMs, and digital signs.
You have more ways to see multiple apps on the screen at once. When displaying multiple apps at once, you can easily resize the width of the app window to suit your needs. Depending on screen size and resolution, you can even share the screen with three or four apps on each monitor.
You can now configure Windows 8.1 to boot directly to the desktop after logon.
Improvements have been made to better support users who prefer a mouse and keyboard experience to access applications.
These are just some of the key features available in Windows 8.1 We encourage you to test out and try these features when you evaluate Windows 8.1 for use both in your work environment as well as at home in your personal life. Please note that Windows Server 2012 R2 may be required in order for some of these features to be available.