Windows Phone 8 brings new MDM (mobile device management) features to the table! - Jack Madden - BrianMadden.com
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.
Jack Madden's Blog

Past Articles

Windows Phone 8 brings new MDM (mobile device management) features to the table!

Written on Oct 30 2012 14,033 views, 5 comments


by Jack Madden

The latest version of Windows Phone was released yesterday at an event here in San Francisco. While everybody was admiring the new phones (with their indeterminate release dates), I was talking to the folks at AirWatch, learning how mobile device management (MDM) works for Windows Phone 8.

For those of you familiar with MDM in iOS, you’ll find that MDM in Windows Phone 8 is very similar. There are essentially three forms it can take: the device management features that accompany the Exchange ActiveSync mail protocol; device management applications; and—here’s the big news for today—a set of dedicated MDM APIs that were just released as part of Windows Phone 8.

The old stuff: Exchange ActivSync and agent apps

Older versions of Windows Phone were managed with just Exchange ActiveSync (EAS) or an agent app. EAS device management is pretty light, but it covers the basics. Controls include password policy, encryption, remote-wipe, and the ability to block a device’s camera or built-in browser. There are a lot of other management functions in EAS that used to work with Windows Mobile (the name for earlier versions of Windows Phone), but they were never utilized in any newer devices.

MDM agent apps were another option previously available for managing Windows Phone. Even though they’re not that powerful on their own, they do add more sources of information and actions for MDM solutions.

New MDM features in Windows Phone 8

Now Windows Phone 8 has introduced a dedicated, built-in device management agent, similar in concept to Apple’s iOS MDM configuration profiles. The agent allows MDM servers to interface directly with management APIs in WP 8, without the need for EAS or an app on the phone. Some of the APIs and management features are the same as those used by EAS, while others are new, including the ability to query the device for installed applications or more detailed information about hardware.

Control over third party Windows Phone 8 apps is also pretty similar to iOS and Android. The main methods of recourse for controlling public apps is through suggesting apps to users; blacklisting and whitelisting apps has to be through compliance policies. For example, if you don’t want your employees to have Angry Birds (if it’s even available for WP 8), you can’t outright stop them from downloading it, but you can query the device for a list of all the apps that are installed, discover its presence, and then remediate by threatening to remove network or email access or even wipe the device. On the other side of things, an end user will always be able to remove corporate management controls from a device, though of course the user would likely also lose the right to access corporate resources. Remember, though, we’re used to similar limitations with iOS and Android.

There will be a little more control over in-house corporate apps. Since Windows Phone 8 apps in general will be tightly controlled (again, like iOS apps), in-house apps will have to be signed with a corporate developer certificate issued by Microsoft. In addition, individual devices will require a company-issued token to run corporate apps; taking away that token would act as a kill-pill for those apps.

Since the Windows Phone 8 SDK was just released today, and we don’t know yet if Microsoft will release a management utility (something like the iPhone Configuration Utility would be great), it’s hard to say anything else more specific about what other management APIs exist, or which ones will or will not be exposed to third-party apps or MDM products.

AirWatch

All of the new device APIs should be controllable through Windows Intune and SCCM, but of course they’re open to third-party MDM providers like AirWatch, who announced support yesterday. All of the general information in this article came from my briefing with them—AirWatch is always among the first to support MDM for any version of any platform. The list on their website is impressive: it includes all the big platforms, all the old ones, plus every custom version of Android that I know of. Their Windows Phone 8 offering works with both EAS and the new APIs; they have an optional agent app that allows users to access corporate apps and do some of their own device management; and a Windows Phone 8 version of their Content Locker feature is on its way.

Symantec also announced support for Windows Phone 8 MDM yesterday, and I’m sure there were other vendors that I missed or that will be coming soon.

The future

What does this mean for Windows Phone 8? For now I’ll say great, they have put up table stakes, and now we can move on to debating how to manage BYOD, MDM versus MAM, app wrapping versus SDK, HTML5 versus native Windows Phone 8 apps... yikes! Seriously, though, Windows Phone 8 brings mobility management vendors all the same opportunities as iOS and Android, except with a smaller market share.

 
 




Our Books


Comments

Walter Paley wrote re: Windows Phone 8 brings new MDM (mobile device management) features to the table!
on Tue, Oct 30 2012 1:54 PM Link To This Comment

MDM vendors supporting built-in MDM features?  Boring.

Microsoft expanding the MDM features delivered OEM?  Now I'm listening!

This is another indication that MDM is finally being recognized as the collection of broad stroke controls that are the foundation of security.  For sophisticated data security, you need to be looking at the full spectrum of Enterprise Mobility Management, which encompasses the alphabet soup of MDM, MAM and MIM (device, application and information management, respectively.)

Brian Madden wrote re: Windows Phone 8 brings new MDM (mobile device management) features to the table!
on Tue, Oct 30 2012 5:05 PM Link To This Comment

@Jack, do you know if Microsoft will add similar MDM built in features to WIndows RT since it can't be joined to domains?

Jack Madden wrote re: Windows Phone 8 brings new MDM (mobile device management) features to the table!
on Tue, Oct 30 2012 5:45 PM Link To This Comment

I actually just got off the phone with somebody about that—the answer is yes, managing RT will be similar to WP 8, though not interchangeable.

MalG wrote re: Windows Phone 8 brings new MDM (mobile device management) features to the table!
on Thu, Nov 1 2012 8:19 PM Link To This Comment

I could be wrong but the link to the Symantec related article is not going to the right place... "Symantec also announced support for Windows Phone 8 MDM"

Jack Madden wrote re: Windows Phone 8 brings new MDM (mobile device management) features to the table!
on Mon, Nov 5 2012 5:18 PM Link To This Comment

Thanks. The link is fixed now.

(Note: You must be logged in to post a comment.)

If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.