Hide Notes 

Slide 2: Jason Langridge Enterprise Mobility Solution Specialist Microsoft Email: jasonlan@microsoft.com Blog : http://blogs.msdn.com/jasonlan
Slide 3: 1. How can we setup/configure our Windows Mobile devices? 2. Is there a way to control what the user can/can’t do? 3. We want to be able to secure the data and the devices. 4. How can we keep these devices up to date? 5. We would like to provide secure access to our Intranet and other services.
Slide 4: Lets you deploy and manage Windows Mobile devices like you do PCs/laptops in your IT infrastructure and provides security-enhanced access to corporate data Security Management Active Directory Domain join Policy enforcement using Active Directory/Group Policy targeting (>130 policies) Communications and camera disablement* File encryption Application allow and deny Remote wipe OMA-DM compliant Device Management Single point of management for mobile devices in enterprise Full OTA provisioning and bootstrapping OTA Software distribution based on WSUS 3.0 Inventory SQL Server 2005 based reporting capabilities Role based administration MMC snap-ins and Powershell cmndlets WMU On/Off controlcompliant Mobile Optimized VPN Machine authentication and “double envelope security” Session Persistence Fast Reconnect Internetwork roaming Standards based (IKEv2, MobIKE, IPSEC tunnel mode) Management Workload Deployment: Inside Firewall Network Access Workload Deployment: in DMZ
Slide 5: Leverage existing services Active Directory Group Policy Windows Server Update Services
Slide 6: Extends Active Directory & Group Policy to Windows Mobile 130+ configuration settings now managed through Group Policy including Bluetooth WIFI SMS/MMS IR Camera POP/IMAP Extensible architecture
Slide 7: Enterprise-wide OTA software distribution Wide Selection of Inventory and Reporting options
Slide 8: E-mail and LOB Servers Mobil e VP N SSL Usermutual Auth or Similar SSL Machine Mutual Auth OMA Proxy Console Mobile Server Back-end R/O WSUS Catalog Initial OTA Device Enrollment Front Firewall Internet Mobile GW Back Firewall SSL Auth (PIN+Corp Root) Enrollment Service Self Help Site AD CA Smartcard Corporate Intranet DMZ
Slide 9: Different categories/differing terminology Front door vs Back Door devices Enterprise Managed vs Consumer Corporate vs Employee Liable Initial problem - getting the client on the device Zero touch deployment and setup
Slide 10: • Administrator invokes enrollment request and sends One-Time PIN to the user (email, text message, voicemail, etc.) Or user uses Self-Help Portal to acquire One-Time Pin Here’s your PIN • 1234abcd
Slide 11: • User runs the “Enterprise Activation” wizard on the device 1. Takes SMTP address and looks for host MobileEnroll.domain.com 2. If host is located, connection to Enrollment Server will be initiated 3. If host is not found, user will be prompted for the FQDN of the Enrollment Server 4. Session establish over SSL (TCP 443) 5. User is prompted to enter their One-Time PIN What is your email address?
Slide 12: 1. 2. 3. Web Service validates OTP If valid, it passes session on to Network Service OTP now cannot be re-used Passes Across OTP to WS Session handed Over to Network Service Enrollment Server
Slide 13: 1. 2. Device is then “Domain Joined” SC MDM Client is configured to use Mobile Gateway for all future connectivity Enrollment is complete Device is then setup/configured using Group Policy 3. 4.
Slide 14: Key concerns Preventing unauthorized applications from being run/installed Disabling some of the devices capabilities (eg. Camera/Wifi) Access to consumer services (eg. POP3/IMAP) Mobile Device Manager empowers you through Active Directory Integration Group Policies
Slide 15: Data stored on both the physical device and storage card Windows Mobile 6 provides ability to encrypt storage card System Center Mobile Device Manager provides Enable Device Perimeter PIN password Ability to enforce encryption on storage card Allow/Disallow the use of removable storage Remotely Wipe devices
Slide 16: Important to separate update needs: Device OS Applications, Configuration and Settings System Center Mobile Device Manager allows you to: Distribute software and applications through Windows Server Update Services (WSUS) Setup/configure/manage devices through Active Directory and Group Policy
Slide 17: WIFI WWAN Internet https://EAS http://www.microsoft.com
Slide 18: https://EAS DMZ Corpnet WIFI WWAN Internet NAT FW Mobile Gateway FW Email Or LOB Servers http://www.microsoft.com
Slide 19: • • Addressed 5 key security and management concerns Showed how to improve and simplify mobile device management and security with System Center Mobile Device Manager For more information: www.windowsmobile.com/mobiledevicemanager/
Slide 20: Questions and Answers Submit text questions using the “Ask” button. Don’t forget to fill out the survey. For upcoming and previously live webcasts: www.microsoft.com/webcast Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781
Slide 22: © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.