Session Code

Windows Phone in the Enterprise

Larry LiebermanProduct Manager, Windows Phone Developer ExperienceMicrosoft Corporation

Balance

Delightful and responsive UX

Never regret installing an app

Integrated experiences

Battery friendly

Network conscience

Hardened services

Health

UX

Addressing business organization needsCaptivating

and Productive Experiences

Works with Existing

Infrastructure

Powerful Platform for

Solutions

Productive Experiences

Agenda OverviewRisk Management (security model, application security, security management)Deployment & Device Management of Windows Phone 7 with Exchange Server

SharePoint and Windows Phone 7, UAG

LOB Application Options (distribution, data encryption, and authentication)

Private Distribution

IRM

Lync Mobile

Risk management in Windows Phone

Protecting data at rest

Preventing access to

confidential information

by a 3rd party

This is normally

achieved by device lock, remote wipe

and encryption of the data

Lack of manageability

and key exposure

GOAL CONTROLS WEAKNESSES

Data at rest: data protection

Device LockUsing simple PIN or alphanumeric passwordManageable with Exchange ActiveSync

Remote WipeMechanisms to help protect data

SD card is secured via the standard SD lock mechanismFiles system spans the device flash and the SD cardNo phone file system access from a PC or a 3rd party app running on the phoneZune software does not sync of documents or e-mail

Data leak prevention with IRM e-mail and RMS

Data at rest: Windows Phone storage

Single partition HD model files system SD cards are locked via a standard SD card lock mechanism

Unique 128-bit key pairs the SD card to the phone Removing the card will reset the phone and wipe all data

Access to the SD card is prevented from any another device

SD controller on the card will prevent access to the card unless the correct 128-bit password is supplied

Protecting against malware

Preventing malware tools

to highjack the system or access data

This is normally

achieved by certification

and anti-malware service

Jailbreak, verifiability,

and time sensitive

GOAL CONTROLS WEAKNESSES

Protection from malwareApplication model

Managed code only with API control Application sandboxing and least privileged modelLocation policy controlNo side loading and no jailbreakControlled background processing of applications

MarketplaceDeveloper verification and application certification

Internet Explorer Mobile Lock DownWindows Phone update

Application lifecycle

Windows Phone

Marketplace

.xap

.dll

Phone only installs .xap packages signed by marketplacePhone handles all aspects of .xap installation based on the manifest

Users control install, update, and uninstall, while the marketplace controls revocation

Individual apps cannot make arbitrary changes to the phone during installationIndividual apps do not control their own lifecycle on the phone

App isolation and execution

Application install folders

Running application

s

.xap

.dll

.xap

.dll

Applications and

licenses

Phone only runs apps that have a valid marketplace licenseApps are sandboxed into separate security accounts while installed and at runtimeResource allocation policy keeps the foreground app responsive and ensures the user can always use Start to run a new app

Secure access

Preventing access to

confidential information by

a 3rd party snooping on

the wire

This is normally achieved

with VPN, and other

authentication mechanisms

Complexity to users and

manageability

GOAL CONTROLS WEAKNESSES

Access

HTTP and HTTPS – 128-bit or 256-bit SSLWi-Fi – Open, WEP, WPA (PSK, ENT) and WPA2 (PSK, ENT), HiddenBluetooth 2.1 (Microsoft driver only)WinSockets (UDP, TCP)Authentication

Certificate authentication with Proxy (Exchange)NTLM for Outlook, SharePoint, and Internet ExplorerPEAP-MSCHAPv2 for enterprise authentication UAG support for SharePoint MobileApp Fabric ACS and the Windows Azure Toolkit for Windows Phone

Application modelApplicationUniquely identifiable, licensable, and serviceable software product packaged as a XAPApplication deploymentSteps include Ingestion, Certification, and Signing

Application licenseCrypto-verifiable object issued to grant rights to an application

Windows Phone

Marketplace

Windows Phone

Marketplace

app iconstart tokenmetadata

.xap

.dll

App hosting & runtime

KernelSecurityNetworkingStorage

Hardware Foundation

App Model

App managementLicensingChamber isolationSoftware updates

UI ModelShell frame Session managerDirect3DCompositor

Cloud IntegrationXbox LIVEBingLocationPush notificationsWindows Live ID

Hardware BSP

A-GPS AccelerometerCompass LightProximity

Media Wi-FiRadio

Graphics

Each app executes inside an isolated, least-privileged host processAll app code is transparent and CLS-verifiable, mitigating impact of common attacksFrameworks enable app code to interact with app model, UI model, phone functionality

Sandbox enforced for host process based on declared capabilities

System provides host process for app code

App DomainXNA Game

Object

CLRSilverlight XNA HTML/

JavaScript

Silverlight Application

ObjectFrameworks

App Model Host

Push notificationsWindows Live ID

A-GPS Compass

Windows Phone security model

Security ModelLeast Privilege Chamber (LPC)

Trusted Computing Base (TCB)

Elevated Rights

Standard Rights

DynamicPermissions

(LPC)

FixedPermissions

ChamberTypes

Policy System makes security decisions

Central repository of rules3-tuple {Principal, Right, Resource}

Chamber ModelChamber boundary is security boundaryChambers defined using policy rules4 chamber types, 3 fixed size, one can be expanded with capabilities (LPC)

CapabilitiesExpressed in application manifestDisclosed on MarketplaceDefines app’s security boundary/sandbox on phone

App install flow

InstallPackage signature checkLicense retrievalCreate license stateSetup secure sandbox Task provisioningCreate app foldersProvision isolated storage

Package manager aggregates lifecycle

notifications to the WM7 platform

Shell App DBSec. DB

New XAP package

App Folders

Windows Phone

Marketplace

Marketplace

Client

Package Manager

.xap

.dll

Application Update FlowUpdate

Package signature checkLicense retrievalUpdate license stateReuse old secure sandboxTask provisioningBackup dataWipe install folderProvision isolated storage

Shell App DBSec. DB

Update XAP package

App Folders

Windows Phone

Marketplace

Marketplace

Client

Package Manager

.xap

.dll

Application Uninstall and Revoke FlowUninstall

Wipe app sandboxWipe app folder hierarchyDelete license

RevocationDelete licenseUpdate license state in App DB

Shell App DBSec. DB

Delete License

App Folders

Windows Phone

Marketplace

Marketplace

Client

Package Manager

.xap

.dll

Enterprise Active Sync Integration

* All other EAS policies not explicitly mentioned always return False

Windows Phone Supported EAS Policies* Password RequiredPassword ExpirationPassword HistoryAllow Simple PasswordPassword LengthIdle Timeout Value Device Wipe ThresholdComplex Password RequiredPassword Complexity

Remote Wipe

EAS feature supportEAS Feature Exchange Server

2003Exchange Server

2007Exchange Server

2010Direct Push X X XEmail Sync X X XCalendar Sync X X XContacts Sync X X XRemote Wipe X X XSync Multiple Folders X X X128-bit SSL Encrypted Transmission

X X X

User Initiated Remote Wipe   X XHTML E-mail   X XGAL Lookup X* X XFollow-up Flags   X XMeeting Attendee Information   X XAutodiscover   X XBandwidth Reductions   X XReply State     XNickname Cache     XBlock/Allow/Quarantine List     XAllow Attachment Download     X256-bit SSL Encrypted Transmission

    X

Server Search XIRM Email X**

WP 7.5: IRM Overview and Requirements

Infrastructure requirementsExchange requirementsDevice requirements

The following requirements apply

Information Rights Management Requirements

The Client Access servers in your organization must be running Exchange 2010 SP1 An AD RMS server must be deployed in your organizationIRM must be enabled for internal messages. This is a prerequisite for all IRM features in Exchange 2010. For details, see Enable or Disable IRM for Internal MessagesIRM must be enabled in the Exchange ActiveSync mailbox policy. You can enable or disable IRM for different sets of users using different Exchange ActiveSync mailbox policies Devices that support Exchange ActiveSync protocol version 14.1, including Windows phones, can support IRM in Exchange ActiveSync. The device's mobile e-mail application must support the RightsManagementInformation tag defined in Exchange ActiveSync version 14.1

Using Certificates with ExchangeInstalling certificates via Windows Internet Explorer®

Any device accessible URLUser can inspect and optionally choose to install the certificate

Installing certificates via e-mail Certificate installer supports using .cer, .p7b and .pfx files

Root CertificatesSelf-signed certs are possible but recommend chaining off an existing root certificate

For further details on certificates configuration and other IT Pro info

SharePoint Workspace Mobile FeaturesEnable users to access SharePoint 2010 files so they can collaborate with their team while away from the office or on the go Browse sites, view SharePoint lists and libraries Sync documents offline Enable secure transmissions with SSL connectivity Utilizes the built-in SSL VPN support for Microsoft Forefront® Unified Access Gateway

View availability and chat with work colleaguesChat with multiple colleagues at the same timeSearch for corporate contactsUpdate status to show your availability to colleaguesRequires free Lync Mobile app download from Windows Phone Marketplace

Lync Server Integration

Beta Distribution ServiceDistribute pre-certified apps to an access-controlled set of beta usersCapabilities:

Developer selects list of testers (up to 100) based on Windows Live IDDeveloper sends an email to testers with a private deep-link to the application Only testers selected in App Hub can test the application and provide feedback for 90 daysDeveloper can end beta period before 90 daysBeta cannot be updated

Benefits:No need to unlock phones to test appsEnables developers to build higher quality appsApp does not need to be certified first

Targeted Distribution ServiceDistribute certified apps privately to a targeted set of usersSelect ‘hidden’ in the Test step of app submission to enable Targeted distributionCapabilities:

Developer needs to get the app certified before distributingDeveloper sends an email with a deep-link to the users (App is not discoverable via Search)Developer can update the app, which is pushed to the usersNo limits on the number of users or duration (no time-bombing)No access enforcement,Apps can be ‘free’ or ‘paid’Apps can be published publicly at any time

Benefits:Enables broad distribution of apps in a targeted way Enables broad public previews and community distribution

Distribution Options

*Users who obtain deeplink can access

38

Beta Targeted Public

Number of users 100 Unlimited Unlimited

App Price Must be “free” Can be “paid” Can be “paid”

Time Limited Yes, expires after 90 days No No

Updateable No Yes Yes

Certification Required No Yes Yes

Publicly Discoverable No No* Yes

Access Control Yes - limited to test users No No

Target Users Beta Users Targeted Users Public Users

Summary Risk managementDeployment and device management via Exchange ServerInformation rights managementLync mobileLine of business applications & optionsPrivate distributionLOB apps

Feedback Your feedback is very important! Please complete an evaluation form!

Thank you!