What’s New in Windows Phone 7 for IT Professionals
Windows Phone 7 delivers tools and capabilities for the IT professional to help deploy, manage and secure these devices. And more new features are forthcoming in the Windows Phone 7 update, codenamed “Mango.”
Joshua Hoffman
In the past year, we’ve seen a few very significant trends – both of which have been developing for quite some time – finally hit their mainstream stride. The first is the consumerization of IT; the idea that the lines between the technology we use at work and the technology we use at home are blurring, and our consumer side is winning. As a result, we see more unified software and devices that let us work hard and play hard at the same time.
We are also seeing the mobility trend hit a fevered pitch. As mobile data networks get exponentially faster, and mobile devices become infinitely more useful (thanks to the previously mentioned consumerization trend), the population of smartphones, tablets, and always-connected netbooks and laptops is exploding. Smartphone sales were up more than 72 percent in the past year according to Gartner, and Nielsen predicts that they will make up the majority of mobile phones by the end of this year. Additionally, the Coda Research Consultancy predicts global smartphone sales of 2.5 billion between 2010 and 2015. They also suggest that mobile Internet use via smartphones will increase 50-fold by the end of that same period.
In looking at the intersection of these two trends, it’s not at all surprising that the Windows Phone 7 platform is seeing tremendous growth, particularly among business users. Windows Phone 7 brings together the powerful features and integrated productivity that users have come to expect from Windows devices, in a device that’s both easy and fun to use.
With the growing proliferation of Windows Phone 7 devices, IT professionals need to be aware of the tools and features available to them to help deploy, manage and secure these devices. In this article, we’ll talk about the latest that Windows Phone 7 delivers for the IT pro, including new features included in the forthcoming Windows Phone 7 update, codenamed “Mango.”
Protecting Your Data
Windows Phone 7 offers IT professionals a number of ways to help protect mobile user data. To begin with, IT pros need to be concerned with protecting data “at rest” – that is, the data stored locally on the device itself. One of the ways that Windows Phone 7 helps protect data at rest is through its approach to data encryption. Windows Phone 7 storage uses a single partition model, which joins internal memory together with any removable storage so that they are addressable as one volume.
The removable storage – in the form of an SD card – is then “locked” to the phone; encrypted with a 128-bit key pair so that it can only be used and read by its parent device. The result is that if the card is removed from the phone, the SD controller will prevent access to the card unless the correct 128-bit password is supplied. SD cards that are paired with a specific Windows Phone can no longer be used in other phones or a PC.
Windows Phone 7 also allows access to the device to be restricted with the use of a PIN-lock. Users can establish a personal password that must be entered in order to gain access to the device. Users can also specify the number of times a wrong PIN can be used before the phone wipes all personal data and resets to factory settings. (Administrators can also control the DeviceWipeThreshold via Exchange ActiveSync policies.) Finally, if the phone is lost or stolen, users or administrators can initiate a remote wipe of the device via Outlook Web App.
It’s also important to protect data in transit -- sensitive data as it’s being transmitted over cellular or Wi-Fi channels. Windows Phone 7 encrypts all data using Secure Socket Layer (SSL). Depending on the server connection, the cipher used is 128-bit or 256-bit. Access to Wi-Fi networks can be encrypted with WEP, WPA (Personal or Enterprise) or WPA2 (Personal or Enterprise). Authentication is supported via a variety of protocols, including certificate authentication for access to Exchange, NTLM for SharePoint and Internet Explorer, PEAP-MSCHAPv2 for enterprise-level authentication to Wi-Fi networks, and support for Forefront Unified Access Gateway for authentication to internal SharePoint sites via SharePoint Mobile.
As I mentioned previously, a number of security settings can be controlled by administrators through Exchange ActiveSync policies, which are similar to Group Policy settings for operating systems and applications. EAS security–related configuration policies that can be managed by the IT department include the following:
- [PasswordRequired] requires the user to set a device locking personal identification number (PIN) before the phone starts synchronizing email, calendar and contact information with a Microsoft Exchange Server
- [PasswordExpiration] sets the validity period of a PIN, after which the PIN has to be renewed
- DirectAccess server: A computer running Windows Server 2008 R2 hosts DirectAccess connections
- [PasswordHistory] prevents the user from re-using the same PIN repeatedly
- [AllowSimplePassword] can be used to prevent the user from using a simple PIN, such as 1111
- [MinPasswordLength] sets the minimal number of numeric characters in the PIN
- [IdleTimeoutFrequencyType] defines the time before a phone locks when not in use
- [DeviceWipeThreshold] defines the number of times a wrong PIN can be used before the phone wipes and resets to factory settings
The forthcoming Windows Phone 7 update, codenamed “Mango,” includes a number of enhancements to data security. “Mango” introduces a new EAS policy that allows administrators to require the use of alphanumeric passwords. Administrators can also specify whether passwords must be complex (including the use of numbers and/or symbols).
“Mango” also introduces Information Rights Management (IRM) functionality, allowing Windows Phone 7 users to access protected or restricted e-mails or documents on their mobile device (see Figure 1). It should be noted that the use of IRM on Windows Phone 7 requires that your organization’s Exchange Client Access servers are running Exchange Server 2010 SP1. Also, that you have Active Directory Rights Manangement Services (AD RMS) deployed, and that IRM is enabled for internal messages in your Exchange configuration and via your Exchange ActiveSync mailbox policy.
Figure 1 An IRM-protected message in Windows Phone 7 “Mango”
“Mango” also adds the ability for Windows Phone 7 users to connect to hidden wireless networks. This has been a commonly requested feature since the initial release of Windows Phone 7 by users who prefer to add an additional layer of security by not broadcasting their wireless network’s SSID.
Improving User Productivity
The forthcoming release of “Mango” brings with it a number of enhancements to user productivity on the Windows Phone 7 platform. Some of these enhancements are visible in an improved user interface. For example, users can now group a particular set of contacts into personalized Live Tiles to see the latest status updates and quickly send a text, email or IM to the whole group, right from the Start screen. Individual Outlook folders will also be pinnable to the Start screen for quick access. So if you have a folder for a specific project that stores all email related to that project, you can easily access it directly from the Start screen. If new email arrives, the Start screen tile will let you know at a glance.
Messaging is also enhanced with a linked inbox, which can show multiple e-mail accounts in one unified view, as well as a Conversation view, which provides a threaded view of messages based on real conversation ID (as opposed to just subject line), so that Outlook-defined conversation rules will apply. Built-in speech-to-text and text-to-speech support enables hands-free texting or chatting, and server-side search will also be available so users will be able to search the server for email messages that are no longer stored on their phones.
“Mango” will include deep integration with Office 365 (see Figure 2). Office 365, currently available in beta form, provides a suite of cloud-based solutions to compliment and enhance the Office desktop client experience, including hosted versions of Exchange, SharePoint and Lync. Windows Phone 7 integration means that mobiles users will be able to quickly and easily access their cloud-based documents and collaboration spaces, while also ensuring that everything remains in-sync. With the release of “Mango” will also come a Windows Phone 7 client for Lync, allowing your users to connect to your corporate Lync Server infrastructure for instant messaging and presence information.
Figure 2 Integration with Office 365
Enhanced Application Platform
A number of enhancements have been made to the application platform as well. “Mango” introduces application multitasking, which allows applications to stay in memory even when they aren’t in use. This functionality is combined with new Live Agents, which are able to execute code as a background process on the application’s behalf. “Mango” also introduces the Background Transfer Service, which allows applications to queue data transfers for background processing.
Another major enhancement to the application platform is database support. Windows Phone 7 “Mango” adds support for structured data sets with the inclusion of SQL Server Compact Edition (CE) 4.0. SQL Server CE is a fully functional database server that leverages LINQ-to-SQL to provide application developers with an object-oriented approach to working with data on the phone. More information on using the database functionality in Windows Phone 7 can be found on Alex Golesh’s development blog.
As you can see, the forthcoming “Mango” update to Windows Phone 7 brings a great deal of new functionality to enhance security, usability and productivity for both users and IT professionals. For more information on the release, be sure to follow the Windows Phone team blog, as well as the Windows Phone for IT Pros blog.
Joshua Hoffmanis the former editor in chief of TechNet Magazine*. He’s now an independent author and consultant, advising clients on technology and audience-oriented marketing. Hoffman also serves as editor in chief of ResearchAccess.com, a site devoted to growing and enriching the market research community. He lives in New York City.*