230 likes | 346 Views
WPH205. Windows Phone 8 d evice and app management. Alan Meeus Sr. Technical Product Manager Windows Phone Division Microsoft Corporation. Windows Phone 8 is still pre-release. This qualifies this session as pre-release too. Agenda. Security update.
E N D
WPH205 Windows Phone 8device and app management Alan Meeus Sr. Technical Product Manager Windows Phone Division Microsoft Corporation
Windows Phone 8 is still pre-release This qualifies this session as pre-release too
Agenda Security update Windows Phone management in the enterprise • App deployment on unmanaged phones App management on managed phones Custom Company Hub
Robust security helps to protect information • Secure boot • Complete boot sequence is secured • Assures operating system integrity and know state, helps protect against malware • Code signing • All code is signed • Making sure only known and trusted software components can execute • App sandboxing • Least privilege, secure chambers model is applied to operating system services, inbox apps, and store apps • Marketplace developer validation, app certification, and malware scanning • Assures apps can be trusted and helps protect against malware • Device encryption • Always-on, hardware assisted, and accelerated, full internal storage encryption
Device management choice • Exchange ActiveSync with Exchange Server and Office 365 for email and device management • Widely used for mobile email and access policy management • App and device management with native Mobile Device Management • For app distribution and access policy management
Mobile device management policy Mobile Manager Policies EAS MDM • • • • • • • • • (NA) • • • • • Simple password Alphanumeric password Minimum password length Minimum password complex characters Password expiration Password history Device wipe threshold Inactivity timeout IRM enabled Remote device wipe Device encryption (new) Disable removable storage card (new) Remote update of business apps (new) Remote or local un-enroll (new)
Enterprise reporting Server configured policy values Query installed enterprise app Device name Device ID OS platform type Firmware version OS version Device local time Processor type Device model Device manufacturer Device processor architecture Device language
Phone application platform Familiar and compatible Create applications that integrate with the Windows Phone experience Best-of-breed and familiar Visual Studio tools XAML and C# code platform enables efficient and rapid development and Sharing with Windows 8 C and C++ for easy migration of apps to Windows Phone platform
Enterprise App Ecosystem Overview App Hub IT organization Windows Phone 1. Registration 1. Device Enrollment 2. Signing Tools 2. Get apps 3. Cert and Enterprise ID 1. Develop App • Registration • Enterprise registers with App Hub • Enterprise downloads app tools • Microsoft notifies CA of pending enterprise registration • Vets enterprise • CA checks that vetting is complete, and generates a certificate for enterprise 2. Package and sign 3. App Catalog 4. Create Token
Enterprise app ingestion Enterprise apps are not submitted to Marketplace for ingestion App ingestion in enterprise catalog is owned and managed exclusively by IT IT is responsible for the quality of enterprise apps IT is responsible for any impact on the overall experience on the phone May use the Windows Phone Marketplace Test Kit to evaluate apps Enterprise app capabilities are the same as a public apps Capabilities are enforced on the phone at app install time If app uses the location capability, prompt for user approval and give the user an option to disable
Unmanaged Phones - Enterprise App Enrollment Enterprise generates app enrollment token App enrollment steps Enterprise emails a link to the app enrollment token User authenticates with domain credentials User downloads and installs app enrollment token -or- Enterprise emails app enrollment token using IRM User authenticates with IRM and installs app enrollment token
Unmanaged Phones enterprise app deployment • Enterprise IT signs the XAP • XAP is posted to the private Enterprise App Store • User navigates to the Enterprise App Store (via web browser or client app) and selects the app to install • App is downloaded and installed on the phone Enterprise app installation works only for enrolled phones
Enrollment & Management Architecture Enrollment Server CA Email and pwd Success Discovery Get cert Get app token cert request Management Server Get Policy Install Apps Get Custom Hub App Catalog
Managed Phones Enterprise App Enrollment • Managed by MDM • The phone initiates enrollment with MDM • MDM provisions certificates to the phone and sends the app enrollment token to the phone • Optionally, the user can install an app discovery app that provides access to apps in the enterprise store • Phones enrolled with the enterprise
Managed Phones enterprise app deployment • Enterprise IT signs the XAP • XAP is posted in the App Catalog • User opens the app discovery app that displays all available apps and selects the app to install • Or • User browses the app catalog using the browser • App is downloaded and installed on the phone
The mobile device management advantage • Built-in for management set up & configuration • One-step enrollment and company policy provisioning • LOB application provisioning and auto deployment of first company application • On-going application deployment and auto app updates • Remotely or locally remove policy, apps & app data • Asset and inventory management • Custom company hub management
Windows Phone Sessions • Tuesday • Thursday • Wednesday • Friday
Resources Learning TechNet • Connect. Share. Discuss. • Microsoft Certification & Training Resources http://europe.msteched.com www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet http://microsoft.com/msdn
Evaluations Submit your evals online http://europe.msteched.com/sessions
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.