Mobile enabling Mobile enabling existing applicationsexisting applications

BMISTBMIST

DD 1380

Readiness SF 600

So Why Not?So Why Not?

Platform choicePlatform choice

Connectivity optionsConnectivity options

ManagementManagement

SecuritySecurity

Mobile Device PlatformsMobile Device Platforms

Increased Functionality

NotebookNotebook

PCPC

Windows MobileWindows Mobile Windows XPWindows XP

TabletTablet

PCPC

Smart Smart Personal Personal ObjectsObjects

.Net.Net

TechnologyTechnology

Media CentricMedia Centric

Data CentricData Centric

Voice CentricVoice Centric

Product UpdateProduct Update

i-mate SP3i-mate SP3

i-mate PDA 2ki-mate PDA 2k

O2 XDA IIsO2 XDA IIs

Motorola MPx220 Motorola MPx220 (Mar)(Mar)

i-mate JAMi-mate JAM

O2 XDA O2 XDA minimini

Motorola MPx (Mar)Motorola MPx (Mar)

i-mate SP3ii-mate SP3i

O2 XPhone2O2 XPhone2

HP iPAQHP iPAQ

63656365

Connectivity OptionsConnectivity Options

1xEV-DO

Bluetooth

GPRS1xRTT 3G/4G

WiMAX

EDGE

Fit for PurposeFit for Purpose

Current using WiFi/GPRS/1xEV-DO Current using WiFi/GPRS/1xEV-DO solutions are ‘good enough’ for most solutions are ‘good enough’ for most PIM and LOB solutionsPIM and LOB solutions

Look for network independence and Look for network independence and future supportfuture support

Intelligent multi-network operation will Intelligent multi-network operation will become importantbecome important

Device ManagementDevice Management

Mobility Management IssuesMobility Management Issues

Devices infrequently connected to an Devices infrequently connected to an organisation’s networkorganisation’s networkLow bandwidth, higher cost Low bandwidth, higher cost connectionsconnectionsUnreliable connectionsUnreliable connectionsPersonal devices, yet managed by their Personal devices, yet managed by their employeremployerDevice loss that leads to work Device loss that leads to work stoppagestoppageMixture of business and personal Mixture of business and personal applicationsapplications

Device Management ApproachDevice Management Approach

Enterprise SupportEnterprise SupportIntegrate into existing or planned PC Systems Management Integrate into existing or planned PC Systems Management solutionssolutions

Mobile Operator SupportMobile Operator SupportMobile Operator provisions device and provides support Mobile Operator provisions device and provides support

Integrates into existing Mobile Operator device provisioning Integrates into existing Mobile Operator device provisioning platformplatform

Typical approach todayTypical approach todayMobile Operator provisions deviceMobile Operator provisions device

Enterprise controls software configurationEnterprise controls software configuration

Mobile Operator provides hardware supportMobile Operator provides hardware support

Enables IT to:Enables IT to:Capture and understand asset Capture and understand asset characteristicscharacteristics

Configure settings and security policiesConfigure settings and security policies

Update and deploy new applicationsUpdate and deploy new applications

Seamless end user experienceSeamless end user experience

Consistent administration experienceConsistent administration experience

Utilizes existing SMS infrastructureUtilizes existing SMS infrastructure

Device Management Feature PackDevice Management Feature Pack

InformationInformationDevice nameDevice name

Hardware IDHardware ID

Device model Device model

Power (battery status)Power (battery status)

Display resolutionDisplay resolution

Generate reports on any hardware Generate reports on any hardware characteristiccharacteristic

Can be extended to capture other Can be extended to capture other hardware inventory informationhardware inventory information

Asset ManagementAsset ManagementHardware InventoryHardware Inventory

File systemFile system

MemoryMemory

NetworkNetwork

Operating Operating systemsystem

Hardware InventoryHardware Inventory

InformationInformationPresence of filesPresence of filesFile detailsFile detailsLast software scanLast software scanProduct detailsProduct detailsSpecify directoriesSpecify directoriesSpecify wildcard file extensionsSpecify wildcard file extensionsList of files or applications in the file List of files or applications in the file systemsystem

Permits collection of log/data filesPermits collection of log/data files

Generate reports on any software or fileGenerate reports on any software or file

Asset ManagementAsset ManagementSoftware Inventory and File CollectionSoftware Inventory and File Collection

Software InventorySoftware Inventory

Configuration ManagementConfiguration ManagementDevice SettingsDevice Settings

SMS provides integrated experience to SMS provides integrated experience to configure and deploy settings configure and deploy settings

Example of configurable settings:Example of configurable settings:NetworkNetwork

GPRS NetworkGPRS Network

PPP NetworkPPP Network

VPNVPN

SecuritySecurityCertificatesCertificates

Registry EntryRegistry Entry

ApplicationsApplicationsActiveSync & Exchange E-ActiveSync & Exchange E-mailmail

Internet E-mailInternet E-mail

ProxyProxy

Browser FavoriteBrowser Favorite

Configuration ManagementConfiguration ManagementPassword PolicyPassword Policy

Centralized control of device password Centralized control of device password policypolicy

Configure mandatory numeric or strong passwordConfigure mandatory numeric or strong password

Force password setting prior to useForce password setting prior to use

Power off timeout maybe definedPower off timeout maybe defined

Administrator defined ‘lockout’ strong password Administrator defined ‘lockout’ strong password applies after certain failed device entry attemptsapplies after certain failed device entry attempts

ImplementationImplementationPassword applet contained in a separate install Password applet contained in a separate install from core SMS clientfrom core SMS client

Password policy configured and deployed as part Password policy configured and deployed as part of settingsof settings

Device Management Device Management Feature PackFeature Pack

Partner Add-onsPartner Add-ons

SMS Managed SystemsSMS Managed Systems

Pocket PC 2003/Pocket PC 2003/Phone EditionPhone EditionPocket PC 2002/Pocket PC 2002/Phone EditionPhone EditionWindows CE 3.0/4.2/5.0Windows CE 3.0/4.2/5.0Smartphone (H1CY05)Smartphone (H1CY05)

Palm Palm RIM RIM SymbianSymbian

Windows Server 2003Windows Server 2003Windows XPWindows XPWindows XPeWindows XPeWindows 2000Windows 2000Windows NT 4.0 ServerWindows NT 4.0 ServerWindows 98Windows 98

More InformationMore Information

Resources: Resources: www.microsoft.com/sms www.microsoft.com/sms

SMS 2003 DM FP DocumentationSMS 2003 DM FP Documentation

Device SecurityDevice Security

Main Security IssuesMain Security Issues

1.1. Device AccessDevice Access

2.2. Protecting data on the DeviceProtecting data on the Device

3.3. Network SecurityNetwork Security

Perimeter protectionPerimeter protectionDevice lock: PIN, Strong, exponential delayDevice lock: PIN, Strong, exponential delay

Authentication protocols: PAP, CHAP, MS-Authentication protocols: PAP, CHAP, MS-CHAP, NTLM, TLSCHAP, NTLM, TLS

Data protectionData protection128-bit Cryptographic services: CAPIv2128-bit Cryptographic services: CAPIv2

Code signing (SmartPhone only)Code signing (SmartPhone only)

Anti-virus APIAnti-virus API

Network protectionNetwork protectionSecure Browsing: HTTP (SSL), WAP (WTLS)Secure Browsing: HTTP (SSL), WAP (WTLS)

Virtual Private Networking (PPTP, L2TP IPSec)Virtual Private Networking (PPTP, L2TP IPSec)

Wireless network protection (WEP, 802.1x, Wireless network protection (WEP, 802.1x, WPA)WPA)

Windows Mobile Security FeaturesWindows Mobile Security Features

Extending Windows Mobile Security Extending Windows Mobile Security Signature authenticationSignature authentication

Certicom CorporationCerticom CorporationCommunication Intelligence CorporationCommunication Intelligence CorporationTSI/Crypto-SignTSI/Crypto-SignVASCOVASCO

Enhanced password protectionEnhanced password protectionHewlett-PackardHewlett-PackardCredant TechnologiesCredant TechnologiesPointsec Mobile TechnologiesPointsec Mobile Technologies

FirewallFirewallBluefire SecurityBluefire SecurityCheckpointCheckpoint

Fingerprint authenticationFingerprint authenticationBiocentric Solutions Inc.Biocentric Solutions Inc.Hewlett-PackardHewlett-Packard

Two factor authenticationTwo factor authenticationRSA SecurityRSA Security

Software Storage EncryptionSoftware Storage EncryptionPointsec Mobile TechnologiesPointsec Mobile TechnologiesTrust Digital LLCTrust Digital LLCCredant TechnologiesCredant TechnologiesBluefire SecurityBluefire SecurityUltimaco Safeware AGUltimaco Safeware AG

Application Data EncryptionApplication Data EncryptionCerticom CorporationCerticom CorporationGlück & Kanja GroupGlück & Kanja GroupNtrū Cryptosystems, Inc.Ntrū Cryptosystems, Inc.

Virtual Private NetworkingVirtual Private NetworkingCerticom CorporationCerticom CorporationCheck Point Software Technologies Ltd.Check Point Software Technologies Ltd.ColumbitechColumbitechEntrust, Inc.Entrust, Inc.Epiphan Consulting Inc.Epiphan Consulting Inc.

Disable ApplicationsDisable ApplicationsOdyssey SoftwareOdyssey SoftwareTrust Digital LLCTrust Digital LLCCredant TechnologiesCredant TechnologiesIntellisyncIntellisync

Device WipeDevice WipeAsynchrony.comAsynchrony.com

Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) enhancementsenhancements

Certicom CorporationCerticom CorporationDiversinet Corp.Diversinet Corp.Dreamsecurity Co., Ltd.Dreamsecurity Co., Ltd.Glück & Kanja GroupGlück & Kanja Group

Antivirus SoftwareAntivirus SoftwareComputer AssociatesComputer Associates

Anti-Virus & FirewallAnti-Virus & Firewall

Mobile Device Security RecommendationsMobile Device Security Recommendations

Risk assessment is keyRisk assessment is keyEvaluate applicability of organisation’s Evaluate applicability of organisation’s standards for laptop computersstandards for laptop computersPasswordsPasswords

Activate power-on, SIM, device lock passwordsActivate power-on, SIM, device lock passwords

Anti-virusAnti-virusFlash-able ROM for security and Flash-able ROM for security and managementmanagementEncryptionEncryption

Encrypting sensitive information in the devices and on Encrypting sensitive information in the devices and on external storage cards external storage cards End-to-end network encryption when using a virtual End-to-end network encryption when using a virtual private network (VPN) connectionprivate network (VPN) connection802.1x authentication/encryption over 802.11b WLANs802.1x authentication/encryption over 802.11b WLANs

SummarySummary

There are real applications being There are real applications being deployeddeployed

Exchange Server 2003 with Windows Exchange Server 2003 with Windows Mobile-based devices works out-of-the-Mobile-based devices works out-of-the-box for mobile PIMbox for mobile PIM

There are a range of new powerful There are a range of new powerful devices currently availabledevices currently available

Security and Management issues are Security and Management issues are addressableaddressable

Try it for yourself!Try it for yourself!

© 2004 Microsoft Corporation. All rights reserved.© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.