Post on 26-Dec-2015
Session Code
Windows Phone in the Enterprise
Larry LiebermanProduct Manager, Windows Phone Developer ExperienceMicrosoft Corporation
Balance
Delightful and responsive UX
Never regret installing an app
Integrated experiences
Battery friendly
Network conscience
Hardened services
Health
UX
Addressing business organization needs
Captivating and Productive
Experiences
Works with Existing
Infrastructure
Powerful Platform for
Solutions
Productive Experiences
Agenda
Overview
Risk Management (security model, application security, security management)Deployment & Device Management of Windows Phone 7 with Exchange Server
SharePoint and Windows Phone 7, UAG
LOB Application Options (distribution, data encryption, and authentication)
Private Distribution
IRM
Lync Mobile
Risk management in Windows Phone
Protecting data at rest
Preventing access to
confidential information
by a 3rd party
This is normally
achieved by device lock, remote wipe
and encryption of the data
Lack of manageability
and key exposure
GOAL CONTROLS WEAKNESSES
Data at rest: data protection
Device LockUsing simple PIN or alphanumeric passwordManageable with Exchange ActiveSync
Remote Wipe
Mechanisms to help protect dataSD card is secured via the standard SD lock mechanismFiles system spans the device flash and the SD cardNo phone file system access from a PC or a 3rd party app running on the phoneZune software does not sync of documents or e-mail
Data leak prevention with IRM e-mail and RMS
Data at rest: Windows Phone storage
Single partition HD model files system
SD cards are locked via a standard SD card lock mechanism
Unique 128-bit key pairs the SD card to the phone Removing the card will reset the phone and wipe all data
Access to the SD card is prevented from any another device
SD controller on the card will prevent access to the card unless the correct 128-bit password is supplied
Protecting against malware
Preventing malware tools
to highjack the system or access data
This is normally
achieved by certification
and anti-malware service
Jailbreak, verifiability,
and time sensitive
GOAL CONTROLS WEAKNESSES
Protection from malware
Application modelManaged code only with API control Application sandboxing and least privileged modelLocation policy controlNo side loading and no jailbreakControlled background processing of applications
MarketplaceDeveloper verification and application certification
Internet Explorer Mobile Lock Down
Windows Phone update
Application lifecycle
Windows Phone
Marketplace
.xap
.dll
Phone only installs .xap packages signed by marketplace
Phone handles all aspects of .xap installation based on the manifest
Users control install, update, and uninstall, while the marketplace controls revocation
Individual apps cannot make arbitrary changes to the phone during installation
Individual apps do not control their own lifecycle on the phone
App isolation and execution
Application install folders
Running application
s
.xap
.dll
.xap
.dll
Applications and
licenses
Phone only runs apps that have a valid marketplace licenseApps are sandboxed into separate security accounts while installed and at runtimeResource allocation policy keeps the foreground app responsive and ensures the user can always use Start to run a new app
Secure access
Preventing access to
confidential information by
a 3rd party snooping on
the wire
This is normally achieved
with VPN, and other
authentication mechanisms
Complexity to users and
manageability
GOAL CONTROLS WEAKNESSES
Access
HTTP and HTTPS – 128-bit or 256-bit SSLWi-Fi – Open, WEP, WPA (PSK, ENT) and WPA2 (PSK, ENT), HiddenBluetooth 2.1 (Microsoft driver only)
WinSockets (UDP, TCP)
Authentication Certificate authentication with Proxy (Exchange)NTLM for Outlook, SharePoint, and Internet ExplorerPEAP-MSCHAPv2 for enterprise authentication UAG support for SharePoint MobileApp Fabric ACS and the Windows Azure Toolkit for Windows Phone
Application model
ApplicationUniquely identifiable, licensable, and serviceable software product packaged as a XAPApplication deploymentSteps include Ingestion, Certification, and Signing
Application licenseCrypto-verifiable object issued to grant rights to an application
Windows Phone
Marketplace
Windows Phone
Marketplace
app iconstart tokenmetadata
.xap
.dll
App hosting & runtime
Kernel
Security
Networking
Storage
Hardware Foundation
App Model
App management
Licensing
Chamber isolation
Software updates
UI Model
Shell frame
Session manager
Direct3D
Compositor
Cloud IntegrationXbox LIVE
Bing
Location
Push notifications
Windows Live ID
Hardware BSP
A-GPS AccelerometerCompass LightProximity
Media Wi-FiRadio
Graphics
Each app executes inside an isolated, least-privileged host processAll app code is transparent and CLS-verifiable, mitigating impact of common attacksFrameworks enable app code to interact with app model, UI model, phone functionality
Sandbox enforced for host process based on declared capabilities
System provides host process for app code
App Domain
XNA Game Object
CLR
Silverlight XNA HTML/JavaScript
Silverlight Application
Object
Frameworks
App Model Host
Push notificationsWindows Live ID
A-GPS Compass
Windows Phone security model
Security Model
Least Privilege Chamber (LPC)
Trusted Computing Base (TCB)
Elevated Rights
Standard Rights
DynamicPermissions
(LPC)
FixedPermissions
ChamberTypes
Policy System makes security decisions
Central repository of rules3-tuple {Principal, Right, Resource}
Chamber ModelChamber boundary is security boundaryChambers defined using policy rules4 chamber types, 3 fixed size, one can be expanded with capabilities (LPC)
CapabilitiesExpressed in application manifestDisclosed on MarketplaceDefines app’s security boundary/sandbox on phone
App install flow
InstallPackage signature checkLicense retrievalCreate license stateSetup secure sandbox Task provisioningCreate app foldersProvision isolated storage
Package manager aggregates lifecycle
notifications to the WM7 platform
Shell App DBSec. DB
New XAP package
App Folders
Windows Phone
Marketplace
Marketplace
Client
Package Manager
.xap
.dll
Application Update Flow
UpdatePackage signature checkLicense retrievalUpdate license stateReuse old secure sandboxTask provisioningBackup dataWipe install folderProvision isolated storage
Shell App DBSec. DB
Update XAP package
App Folders
Windows Phone
Marketplace
Marketplace
Client
Package Manager
.xap
.dll
Application Uninstall and Revoke Flow
UninstallWipe app sandboxWipe app folder hierarchyDelete license
RevocationDelete licenseUpdate license state in App DB
Shell App DBSec. DB
Delete License
App Folders
Windows Phone
Marketplace
Marketplace
Client
Package Manager
.xap
.dll
Enterprise Active Sync Integration
* All other EAS policies not explicitly mentioned always return False
Windows Phone Supported EAS Policies* Password RequiredPassword ExpirationPassword HistoryAllow Simple PasswordPassword LengthIdle Timeout Value Device Wipe ThresholdComplex Password RequiredPassword Complexity
Remote Wipe
EAS feature supportEAS Feature Exchange Server
2003Exchange Server
2007Exchange Server
2010Direct Push X X XEmail Sync X X XCalendar Sync X X XContacts Sync X X XRemote Wipe X X XSync Multiple Folders X X X128-bit SSL Encrypted Transmission
X X X
User Initiated Remote Wipe X XHTML E-mail X XGAL Lookup X* X XFollow-up Flags X XMeeting Attendee Information X XAutodiscover X XBandwidth Reductions X XReply State XNickname Cache XBlock/Allow/Quarantine List XAllow Attachment Download X256-bit SSL Encrypted Transmission
X
Server Search XIRM Email X**
WP 7.5: IRM Overview and Requirements
Infrastructure requirements
Exchange requirements
Device requirements
The following requirements apply
Information Rights Management Requirements
The Client Access servers in your organization must be running Exchange 2010 SP1 An AD RMS server must be deployed in your organizationIRM must be enabled for internal messages. This is a prerequisite for all IRM features in Exchange 2010. For details, see Enable or Disable IRM for Internal MessagesIRM must be enabled in the Exchange ActiveSync mailbox policy. You can enable or disable IRM for different sets of users using different Exchange ActiveSync mailbox policies Devices that support Exchange ActiveSync protocol version 14.1, including Windows phones, can support IRM in Exchange ActiveSync. The device's mobile e-mail application must support the RightsManagementInformation tag defined in Exchange ActiveSync version 14.1
Using Certificates with Exchange
Installing certificates via Windows Internet Explorer®
Any device accessible URLUser can inspect and optionally choose to install the certificate
Installing certificates via e-mail Certificate installer supports using .cer, .p7b and .pfx files
Root CertificatesSelf-signed certs are possible but recommend chaining off an existing root certificate
For further details on certificates configuration and other IT Pro info
SharePoint Workspace Mobile Features
Enable users to access SharePoint 2010 files so they can collaborate with their team while away from the office or on the go Browse sites, view SharePoint lists and libraries Sync documents offline Enable secure transmissions with SSL connectivity Utilizes the built-in SSL VPN support for Microsoft Forefront® Unified Access Gateway
View availability and chat with work colleagues
Chat with multiple colleagues at the same time
Search for corporate contacts
Update status to show your availability to colleagues
Requires free Lync Mobile app download from Windows Phone Marketplace
Lync Server Integration
Beta Distribution ServiceDistribute pre-certified apps to an access-controlled set of beta usersCapabilities:
Developer selects list of testers (up to 100) based on Windows Live IDDeveloper sends an email to testers with a private deep-link to the application Only testers selected in App Hub can test the application and provide feedback for 90 daysDeveloper can end beta period before 90 daysBeta cannot be updated
Benefits:No need to unlock phones to test appsEnables developers to build higher quality appsApp does not need to be certified first
Targeted Distribution ServiceDistribute certified apps privately to a targeted set of usersSelect ‘hidden’ in the Test step of app submission to enable Targeted distributionCapabilities:
Developer needs to get the app certified before distributingDeveloper sends an email with a deep-link to the users (App is not discoverable via Search)Developer can update the app, which is pushed to the usersNo limits on the number of users or duration (no time-bombing)No access enforcement,Apps can be ‘free’ or ‘paid’Apps can be published publicly at any time
Benefits:Enables broad distribution of apps in a targeted way Enables broad public previews and community distribution
Distribution Options
*Users who obtain deeplink can access
38
Beta Targeted Public
Number of users 100 Unlimited Unlimited
App Price Must be “free” Can be “paid” Can be “paid”
Time Limited Yes, expires after 90 days No No
Updateable No Yes Yes
Certification Required No Yes Yes
Publicly Discoverable No No* Yes
Access Control Yes - limited to test users No No
Target Users Beta Users Targeted Users Public Users
Summary
Risk managementDeployment and device management via Exchange ServerInformation rights managementLync mobileLine of business applications & optionsPrivate distributionLOB apps
Feedback
Your feedback is very important! Please complete an evaluation form!
Thank you!