Windows Phone 8.1 Security and MDM Part 7
Anyone who knows me can tell you how much I all things mobile and how to secure and mange those deices. That is why I am excited to write that Microsoft has released information regarding Windows Phone 8.1 Security and Mobile Device Management. Here is some additional informational excerpts from the white papers on Remote Inventory and Assistance and Device Retirement.
Windows Phone 8.1 Security Overview
Windows Phone 8.1 MDM Overview
Remote Inventory and Assistance
Mobile devices rarely remain stationary, and they may rarely connect to your organization’s intranet. This means you need to manage and provide support for devices remotely. Windows Phone includes the Remote Inventory and Remote Assistance features to help keep on-the-go users productive in their job roles.
Remote Inventory helps you better manage devices by providing in-depth information about each device.
Windows Phone 8 and Windows Phone 8.1
Installed enterprise apps
OS platform type
Device local time
Device processor architecture
New information in Windows Phone 8.1 only
IMEI & IMSI
Wi-Fi IP address
Wi-Fi DNS suffix and subnet mask
Your MDM system collects the inventory information remotely from the device, then you can use the reporting capabilities of your MDM system to analyze device resources and information. Using this information, you can determine the current hardware and software resources of the device, which helps you keep track of which devices are current with updates.
Device retirement (un-enrollment) is the last phase of the device life cycle. Typically, mobile device retirement is a complex and difficult process for organizations. When the device is no longer needed, any corporate data must be removed (wiped) from the phone. BYOD scenarios make retirement even more complex, because the user might have personal data on the device that they want to keep. So, organizations must remove their data without affecting the user’s data.
If the device is lost or stolen, the organization must remove any corporate data from the device, as well. For these scenarios, device retirement must be done remotely, because authorized users won’t have physical access to the device.
You can remotely remove all corporate data from a Windows Phone device without affecting the existing user data. IT pros or the device’s user can initiate device retirement. When the retirement is completed, the device is returned to a consumer state. The following list offers some of the corporate data removed from a device when it is retired:
Any data associated with the enterprise-deployed apps
Enterprise-issued device policies
Note All of these features are in addition to the software and hardware factory reset features of the device, which people can use to restore the device to the factory configuration.
The policies that are available for managing device retirement include:
Disable user manual MDM un-enrollment
Disable user manual MDM software and hardware factory reset
Your MDM system can set these policies on devices as required (see the “Configuration policies management” section earlier in this guide). For BYOD device, user may want to retire the device as well. When the user retire a device, you MDM system receives a report from the device that user is retiring the device. Use this information to perform additional analysis, if necessary.
For more information about the policies used to manage device retirement (un-enrollment) in Windows Phone, see http://go.microsoft.com/fwlink/?LinkId=394996.