This year’s Microsoft Build conference kicked off with the release of Windows Phone 8.1, the OS update which introduces more advanced management features in Microsoft’s Enterprise Feature Pack. AirWatch has also announced same-day support for the update, so enterprises managing Windows Phone devices with AirWatch can now leverage the significant advancements in MDM capabilities that Windows Phone 8.1 brings.
The AirWatch MDM Agent, AirWatch Secure Content Locker and AirWatch Browser are currently available for Windows Phone 8.1 devices, with more apps coming soon.
Microsoft and AirWatch have worked together to maximize AirWatch functionality for Windows Phone 8.1 devices and offer same-day support for the following management capabilities.
Simplified MDM Enrollment
Enhanced Passcode Security
Administrators can now require a minimum passcode length and complex characters, as well as a grace period before the device locks. Administrators can also set a maximum passcode age, as well as a minimum requirement for changed characters, so users can’t simply add or subtract a character from their existing passcode.
Complex passcodes are hard to remember, but Windows Phone 8.1 has solved that problem as well. Administrators can now remotely reset passcodes, a feature that large enterprises with remote workers will find especially useful. Administrators can now also remotely lock devices.
MDM-enabled Feature Restrictions
New MDM APIs in Windows Phone 8.1 enable administrators to implement additional restrictions on functionality to help prevent data loss. With Windows Phone 8.1 and AirWatch MDM, administrators can:
- Enforce local storage encryption
- Set roaming rules
- Disable Wi-Fi
- Disable the SD card
- Disable the Windows store and Internet Explorer
- Disable location data
- Restrict Bluetooth
- Disable camera and screen capture
Advanced email security
For Exchange server 2003 SP2 and higher, administrators can now configure advanced S/MIME support to sign and encrypt email with separate certificates and enable support for Outlook Mobile, the Windows Phone 8.1 native client.
Windows Phone 8.1 introduces out-of-the-box app triggered VPN with support for app tunneling, including IPSec (IKEv2) and SSL-VPN gateway support. This feature enables single sign on for intranet and auto-reconnect. New MDM APIs enable administrators using AirWatch to configure VPN policies and disable VPN over cellular connections or when roaming.
Enterprise Wi-Fi support
Administrators can configure enterprise Wi-Fi access for devices running Windows Phone 8.1 manually or through MDM. Administrators can configure authentication support for the following protocols: PEAP-MSCHAPv2, EAP-TLS and EAP-TTLS. Windows Phone 8.1 also makes it possible to enable optional server certificate validation and configure policies such as disabling internet sharing over Wi-Fi, disabling hotspot reporting and disabling manual configuration of Wi-Fi profiles.
Advanced Application Management
With the 8.1 update, administrators can now create and manage a corporate app store and catalog for Windows devices. Advanced management features include the ability to install, update and remove internal apps silently; create whitelists and blacklists for both private and public apps; disable the Microsoft store and IE; disable app sideloading and install apps on the SD card.
Administrators can now configure certificate-based authentication for Wi-Fi, VPN, browser and line of business apps, as well as manage certificates using SCEP and configure the following advanced options:
- API for apps with custom cryptography
- S/MIME encryption certificates
- TPM-protected client authentication certificates for S/MIME and IE
Additional New Features
On the consumer side, Windows Phone 8.1 brings a central notification center called the Action Center, and Cortana, a personal digital assistant named after the Halo video game series.
For more information about AirWatch’s Windows 8.1 solution, sign up for the webinar.