IT Pro Talk: Mobile device management and Windows Phone 8

Last month I introduced you to the business hub for Windows Phone 8, a site where IT professionals can find white papers and info for deploying Windows Phones in the workplace.

In this post, I’ll drill in a little and detail some of the mobile device management (MDM) capabilities of Windows Phone 8, highlighting related IT pro content and service offerings.

Businesses use mobile device management software to provide mobile access to email and deploy policies to help protect corporate data. Typical policies include turning on device encryption and mandating the use of a PIN or password to unlock the phone.

Windows Phone 8 offers several choices for mobile device management including Exchange ActiveSync support, Windows Intune, and Microsoft System Center Configuration Manager Service Pack 1 along with Windows Intune.

Exchange ActiveSync protocol (EAS) support allows Windows Phone 8 to synchronize email, calendar, task, and contact information with Exchange Server (Exchange Server 2003 SP2 and later) or Microsoft Office 365.

Similar to Group Policy settings for PC operating systems, EAS provides the ability to manage Windows Phones using security-related policies configured by an organization’s IT department. EAS security-related policy settings that can be managed using Exchange Server are:

Policy setting Description

AllowSimpleDevicePassword

Specifies whether a simple device password is allowed.

AlphanumericDevicePasswordRequired

Specifies whether the password must be alphanumeric.

DevicePasswordEnabled

Specifies whether a password is required.

DevicePasswordExpiration

Specifies the length of time that a password can be used.

DevicePasswordHistory

Specifies the number of previously used passwords to store. The user is not allowed to reuse these stored passwords when creating a new password.

IrmEnabled

Specifies whether IRM is enabled for the mailbox policy.

MaxDevicePasswordFailedAttempts

Specifies the number of attempts a user can make to enter the correct password for the mobile phone before a device reset to factory settings is initiated.

MaxInactivityTimeDeviceLock

Specifies the length of time that the phone can be inactive before the password is required to reactivate it.

MinDevicePasswordComplexCharacters

Specifies the number of character groups that are required to be present in the password. (Character groups include lower case alphabetical characters, upper case alphabetical characters, numbers, and non-alphanumeric characters.)

MinDevicePasswordLength

Specifies the minimum number of characters in the device password.

RequireDeviceEncryption

Specifies whether encryption is required on the device. (Once set, BitLocker conversion automatically starts encrypting the internal storage of the phone.)

RemoteWipe

Deletes data on the user data partition and resets the phone to factory settings.

AllowNonProvisionableDevices

A server enforced setting that specifies whether all mobile phones can synchronize with the server running Exchange. When set to $true, this setting enables all mobile phones to synchronize with the Exchange server, regardless of whether the phone can enforce all the specific settings established in the EAS policy. This also includes mobile phones managed by a separate device management system. When set to $false, this setting blocks mobile phones that aren’t provisioned from synchronizing with the Exchange server.

AllowStorageCard

Specifies whether the mobile phone can access information stored on a storage card.

In addition to device management capabilities offered with EAS, Windows Intune offers device enrollment, configuration and reporting. With Windows Intune, businesses can manage their Windows Phone 8 devices (as well as existing iOS and Android devices) either directly or through Exchange ActiveSync from their admin console at https://admin.manage.microsoft.com/.

image

If Microsoft System Center 2013 Configuration Manager Service Pack 1 is deployed in your server environment, you can use the Windows Intune service to manage mobile devices while performing all management tasks from the System Center Configuration Manager Console rather than the Windows Intune admin console. More information about Windows Intune and Microsoft System Center 2013 Configuration Manager Service Pack 1 can be found at http://www.microsoft.com/en-us/windows/windowsintune/ and http://www.microsoft.com/en-us/server-cloud/system-center/configuration-manager-2012.aspx.

In addition to the Microsoft offerings mentioned here, Windows Phone 8 also supports popular third party Mobile Device Management offerings such as AirWatch, MobileIron, and others.

For more info on Windows Phone 8′s mobile device management capabilities, check out these technical resources.

And if you’re an IT pro with comments about specific business-related topics you’d like to see me cover here, or you want to provide feedback on our white papers, please leave a comment or email me at WPITPro@microsoft.com.