Security-Related Features in MDM Client

2/9/2009

Windows Mobile devices that are running Windows Mobile 6.1 contain the System Center Mobile Device Manager client application that lets you manage the device through MDM. This application is not included in earlier versions of Windows Mobile. Windows Mobile 6.1 supports the necessary standards to enable the client to establish an authenticated and encrypted communications channel to MDM Gateway Server.

The Windows Mobile 6.1 client contains the following security-related features specific to MDM:

• Enrollment Client, which is responsible for enrolling the device into the managed MDM environment. During the enrollment process, the device is bootstrapped with the necessary VPN connectivity settings, and the certificates and certificate chain are installed. The device will then use these certificates to authenticate on the company network.
• Mobile VPN client, which is based on IPsec and has the logic, rules, policies, and settings for the VPN tunnel. After the enrollment process configures the Mobile VPN client, there is a sustained, always-on connection to MDM Gateway Server.

For more information about MDM client architecture, see Mobile Device Manager Client Architecture in the MDM Architecture Guide.

To configure devices, IT administrators use Group Policy to deliver and apply policy settings to targeted users and computers in an Active Directory environment. For information about security policies that you can apply to a device, see Security Policies in MDM.

For information about applying Group Policy, see the following topics in MDM Operations at this Microsoft Web site: https://go.microsoft.com/fwlink/?LinkId=112415:

• Enabling Client-Side Targeting Through Group Policy
• Assigning a Device to One or More Groups
• Configuring Managed Devices with Group Policy

See Also

Concepts

MDM and Microsoft Certification Authorities