23 Jan 2011

Windows Phone 7 on Your Network

As more of your employees get smartphones and mobile devices, the more you should consider officially supporting them on your corporate network. They can help employees stay organized and increase productivity, especially when integrated with their Exchange and SharePoint accounts. They could access their work email, calendar, documents and more, right from their phone.

Microsoft's new Windows Phone 7 is one mobile phone platform you might consider supporting, which is much different than the previous Windows Mobile platform. Although there is controversy over its features and readiness for the enterprise environment, you still may have employees with the platform.

Security Features

Since mobile phones can contain sensitive data and documents, and can be so easily lost or stolen, you should take their security very seriously. Two of the most basic security features that should be enabled on Windows Phone 7 are a SIM PIN and lock screen password. These would be the first line of defense if the phone gets into someone else's hands.

Users can easily set a SIM PIN: On Start, tap Phone > More > Call settings, and then Turn on SIM security. Once set, users are prompted to enter it each time they start the phone. It prevents unauthorized phone calls by disabling the SIM card to talk with mobile service providers until the correct PIN is entered. If the wrong PIN is entered too many times, the mobile service provider will block the SIM card. Keep in mind, users can still place emergency calls and access other phone features with a locked SIM card.

Users can set or change a lock screen password: On Start, flick left to the App list, and then tap Settings, and then tap Lock & wallpaper. They would have to enter it to access most of the features after some time of inactivity or when manually locked. However while locked, users can still check the time and date, take calls, make emergency calls, change ringer volume, take pictures, and access music. The only way to get full access to the phone without the lock screen password is by resetting it to factory settings and erasing all data. This is done automatically after the password is entered incorrectly 5 times in a row, with a warning shown before the 4th attempt.

Data communication such as, with Exchange and SharePoint, on the Windows Phone 7 is encrypted using 128-bit or 256-bit SSL encryption. For increased data security, the phone's file system can't be accessed via a PC. Only media files (such as music, photos, and videos) can be synchronized on a PC with Microsoft's Zune software via USB or Wi-Fi. There are also easy registry hacks that let users mount their phone in Windows, like other removable storage devices, to drag and drop media and other files.

For further data security, Windows Phone 7 doesn't provide removable storage support. This helps prevent situations where you might store sensitive data on a SD card that someone can just take and access. Though some phones have an SD slot, they can only be used to increase storage. Since they are encrypted, locked, and integrated to that device only, they can't be used to transfer data like with other phones or devices. 

The Windows Phone 7 also implements security features within the OS architecture. Application-level security gives applications only indirect access to the file and system resources via APIs. Isolated storage gives each application its own separate storage area.

File System Encryption

Unlike some mobile phone OSs (like Apple's iOS and BlackBerry), Windows Phone 7 currently doesn't have an encrypted file system. Essentially this means a determined hacker could recover the data and files without a PIN or password.

Users should not store sensitive documents on the phone. If needed, they could however store and access them from a secure storage service, such as your SharePoint server or their online SkyDrive account. Users can securely store notes, credit card details, passwords, and other bits of information on their phone using third-party encryption apps, downloadable via Zune.

Connecting to Wi-Fi Networks

Users can easily connect to wireless networks. WPA and WPA2 encryption are supported with both modes: Personal (PSK) or Enterprise with 802.1X. Keep in mind, Windows Phone 7 doesn't support "hidden" wireless networks, those that don't broadcast their SSID. Remember, this technique doesn't increase wireless security since the network name can still be easily detected by freely available tools.

Exchange ActiveSync (EAS) Support

Exchange ActiveSync (EAS) access is well integrated in Windows Phone 7. Exchange Server 2003 and later, Small Business Server 2008, and Exchange Online are all compatible, as are any other messaging servers that support EAS. User can be setup with multiple accounts to access their email, calendar, and contact information from their phone.

Users can setup an account by flicking left to the App list on Start, tapping Settings > Email & Accounts, and then tapping Add an Account > Outlook.

Keep in mind, Windows Phone 7 also supports regular POP3 and IMAP email accounts.

Some EAS policies are supported, letting you better control the password requirements. They also let you set the idle time before the phone locks and number of wrong PIN entries before automatically wiping and restoring to factory defaults. This is just a subset of the EAS policies, which is even less than support in the previous Windows Mobile platform. Click here for a comparison of supported policies and features.

SharePoint Support

Windows Phone 7 also supports access to SharePoint 2010 servers via an internal Wi-Fi network or outside Wi-Fi or cellular connection with the Forefront Unified Access Gateway (UAG) server. Users can login to open, edit, and save Word, Excel, OneNote, and PowerPoint documents via the Mobile versions of the software that come with Windows Phone 7. If the user has an Exchange account setup, it will even automatically try using those login credentials before prompting them.

Users can access SharePoint Workspace Mobile in the Office hub of their Windows Phone, or via the Apps list in the Office category. Remember, users must be connected to the Wi-Fi network where the SharePoint server resides or a UAG server must be setup and configured in the phone for access outside the network.

For smaller businesses or those without a SharePoint server can use Microsoft's online storage service, Windows SkyDrive, which is integrated into the Windows Phone 7 too.

Accessing VPNs

Windows Phone 7 doesn't have any built-in IPSec or SSL VPN client, or support for DirectAccess. It only has SSL VPN support via UAG (Unified Access Gateway) for the SharePoint client. Users can securely access documents with SharePoint, online storage providers via the browser, or web-based VPN services.

After reviewing the security and enterprise features of Windows Phone 7, you might be surprised by the lack of VPN connectivity and file encryption. Especially compared to what all was supported in the previous Windows Mobile platform. Keep in mind; this is a totally new OS. Microsoft will hopefully add more features with future updates.

No comments:

Post a Comment