What's new for enterprise in Windows Phone 8.1

June 25, 2014

What’s new in Windows Phone 8.1

Windows Phone 8.1 is an upgrade to the Windows Phone 8 operating system providing IT departments with more control over Windows Phones and give Windows Phone users a fuller productivity experience. Windows Phone 8.1 will be available to all Windows Phone 8 users as an upgrade however the mobile operator and phone manufacturer may control the distribution of updates. Update availability may vary by country, region, and device hardware capabilities.

Enterprise Mobile Device Management

Windows Phone 8.1, has built-in mobile device management client that lets you manage the handsets with the Mobile Device Management system of your choice.

Windows Phone 8 introduced the MDM protocol based on SyncML 1.2 (OMA standard for MDM). With the Windows Phone 8.1 we continue to build on that protocol, with a built in MDM client that MDM vendors can use to manage the device.

We are making it easier for end-users to enroll a device in the enterprise and are enabling MDM vendors to make use of the standard web authenticator broker technology to customize that enrollment experience.

Enrollment in an MDM system now allows the IT administrator to deploy a large set of configuration policies, email and Office 365 accounts, certificates for user authentication, VPN and Wi-Fi profiles, and applications to the device. A Robust Push infrastructure allows the IT administrator to reach out to the device and make any changes to the enrolled devices.

MDM systems have the ability to complete remove all the elements distributed or configured on the phone as well as the associated content. This allows you to remove the organizations data from the device when an employee decides to leave the organization or un-enroll the phone from the organization.

Windows App Platform convergence

With Windows phone 8.1, 100% of the API’s that you care about have been converged between Windows 8.1 Update and Windows Phone 8.1. This means that you can now develop apps for Windows devices and no longer need to manage separate development projects for Windows and Windows Phone, greatly limiting the investment to develop apps. Your existing Windows Phone 8.0 app will continue to run too.

Security

Windows phone has been known to be one of the most secured smartphones on the market. With Windows Phone 8.1 we continue to evolve the security architecture, so you do not have to be fearful of malware. Windows Phone has no known malware, no jailbreaks ability, implements secure and trusted boot and sandboxes applications so malware and rootkits do not have a chance. With IRM and the addition of S/MIME for secure email data leak prevention is a reality on Windows Phone. You can also prevent users from saving or sharing information and documents via Cloud storage facilities such as OneDrive. Windows and Windows Phone 8.1

Enterprise Wipe

As BYOD is growing you want to have control over your data and applications. Windows Phone 8.1 allows you to securely manage your enterprise collection, such as email and documents, certificates, network profiles, business apps and associated data and enterprise security and configuration policy. Now that you can with Windows Phone 8.1, we allow you to securely remove the same collection of apps and information from a device that is being managed by your MDM system. For CL handsets you can get full control, block the Microsoft Account from being configured, disallow the user from configuring consumer services and block the user from removing the device from the MDM controlled walled garden.

Enhanced Asset Management and User Assistance

Thanks to the extended MDM capabilities in Windows Phone 8.1, you can now get the needed information from your Windows Phone 8.1 fleet, so you can create better services for your users and lower cost. Remotely assist them when they have questions or problems with the right asset information inform or by locking, ringing or wiping a lost or accidently misplaced phone. You can also help them when they forgot their device unlock code after a vacation, by securely resetting the code.

S/MIME

Windows Phone 8.1, brings an industry standard implementation of S/MIME. Under control of your MDM system and Exchange Server, employees can sign and encrypt email directly from their outlook client on the phone, in a flexible way so it fits their needs. You can force S/MIME policies to comply with your company’s policy, all without installing additional software to enable it. Thanks to the extended MDM capabilities in Windows Phone 8.1, you can now get the needed information from your Windows Phone 8.1 fleet, so you can create better services for your users and lower cost. Remotely assist them when they have questions or problems with the right asset information inform or by locking, ringing or wiping a lost or accidently misplaced phone. You can also help them when they forgot their device unlock code after a vacation, by securely resetting the code.

Enterprise Wi-Fi

Windows phone 8.1 provides enhanced Enterprise Wi-Fi authentication support, now including:

• PEAP-MSCHAPv2

• EAP-TLS

• EAP-TTLS

Windows Phone 8.1 also supports optional server certificate validation which can be provisioned via MDM or manually. MDM servers can provision the certificates as well as Wi-Fi configurations (including SSID, Hidden SSID and PSK). Configuration support includes:

• Block Phone from being used as a Wi-Fi hotspot

• Disable using Wi-Fi to offload data traffic

• Preventing the user from manually adding Wi-Fi profiles (and connect to unknown hotspots)

• Reporting what hotspots a user is connecting to

Virtual Private Networks

Windows Phone 8.1 supports seamless, secure access to protected business resources with an in-box VPN client. Configuration of the VPN client is supported through MDM or manually, including the ability to control how VPN’s are used over Wi-Fi and cellular networks to save cost.

The VPN client supports per app auto VPN, launching the specified VPN profile when an app is launched. It also allows different VPN profiles for different apps. When switching between apps with different VPN profiles the correct tunnel will be established dynamically when the user switches apps. Only one tunnel is allowed at a time.

The VPN client supports tunneling flexibility with IPsec (IKEv2) gateway support (out-of-box) and SSL VPNs supported through a downloadable plug-in from the VPN Vendor which allows them to update as they add more features. The client also supports a split tunnel or forced tunneling.

Assigned Access

Assigned Access allows you to enable a set of apps and settings to be available to the users and hide all the other functionality or create a single app experience on the device. This can be things like a LOB apps for task workers or a customer service set of application in retail, or a set of Line of Business apps and Build in capabilities for a factory floor solution, including phone, txt, email, calendaring and production system apps. Assigned Access can ensure the device is delivering the intended experience.

External Storage

Windows Phone 8.1 provides support for external storage. Apps can be installed on the external storage and they will automatically be encrypted. Data like Photo’s video and music will be unencrypted on the external storage. With the Storage card policy (MDM and EAS) you’ll be able to continue to deny access to the external storage card if your enterprise wants to. However, this may not be the greatest user experience for people as they may still want to share their own personal content like photos and videos.

Prerequisites

To upgrade to Windows Phone 8.1 from Windows Phone 8.0, the device has to be on one of the following builds: