IT could count on Windows Mobile to support Microsoft’s enterprise features, but so many Windows Phone 7 features are geared towards consumers, that’s not necessarily the case
Microsoft’s mobile history
Microsoft is no stranger to the world of smartphones. In fact, portable versions of Windows go back to the days of Windows CE in 1996 and the PDAs that took off in the early 2000s. Microsoft built every proceeding version of Windows Mobile upon that code base, until execs realized they had to start from scratch to complete with Android and the iPhone. Windows Phone 7, introduced in 2010, has a new, modern interface that represents a fresh start for Microsoft in the mobile market.
With Windows Phone 7 (and Windows Phone 7.5, released in 2011), Microsoft has restructured its mobile presence, aiming for the hearts of consumers with a slick, consumer-friendly OS. But with this change, IT will have to give up some of the tight control it had over Windows Mobile devices.
With Windows Phone 7, Microsoft took its enterprise-friendly mobile operating system and scrapped it for an OS and features that are more consumer-friendly. Instead of a start screen focused on appointments and emails, Facebook and personal interactions are now the stars. The goal is to catch up with Apple iOS and Google Android, not BlackBerry, so administrators need to take note of the new Windows 7 features, interface and capabilities -- as well as the missing pieces.
Windows Phone 7 enterprise features: Email and mobile device management
The center of Microsoft’s mobile device interaction has always been ActiveSync, from the personal digital assistant (PDA) desktop client to the Exchange-centric network standard. Apple iOS and Google Android even use ActiveSync to access corporate email and interact with Microsoft infrastructure.
When it comes to ActiveSync, the major Windows Phone 7 features include password enforcement and remote wipe thresholds. But the new OS supports only a subset of what Windows Mobile used to support. You cannot force encryption on the phone, for example. In fact, there is no whole-phone encryption option available. Other options, such as Disable Removable Storage and Allow HTML Email, become useless. Granted, the core set of what most organizations need for Windows Phone 7 enterprise management is there, but some missing advanced features may be showstoppers for those used to BlackBerry- and Windows Mobile-level control.
On the positive side, Exchange is baked into Windows Phone, along with a custom version of the Outlook client. This tight integration of Exchange features in the Windows Phone Outlook client will make the functionality seem very familiar to users and IT alike. Windows Phone works best with Exchange 2007 and Exchange 2010; you’ll find features lacking when synchronizing with Exchange 2003.
Windows Phone 7 enterprise certificate quirks
Managing certificates in Windows Phone has some quirks that IT should be aware of. Certificates were directly manageable in Windows Mobile, but similar Windows Phone 7 features are absent. Instead, Windows Phone assumes you are using one of the well-known public certificate authorities.
For example, I was attempting to connect to a wireless access point, which uses Radius to connect to Active Directory to authenticate users. The access point has a known expired certificate, but that has never been a problem on iOS or Android devices, which prompt you with a warning and ask if you would like to ignore the issue. Windows Phone, however, just returns an error message that states you cannot connect to the access point.
Self-signed certificates will suffer the same fate. The only way to import the certificate (a .CER file) is to email or point users to a website that contains the .CER file. There aren’t really any Windows Phone 7 features that automate the process or verify the certificate once it’s been installed. The only way to verify is to try to connect to the service you need.
From Wi-Fi to websites to Exchange, this issue could be a real problem if your organization has Windows Phone users and self-signed certificates are commonplace. Microsoft advises you link your self-signed certificates to one of the trusted root certificate authorities shipped with the phone, otherwise you will have to help users load certificates one at a time.
Windows Phone 7 enterprise users have control
More on Windows Phone 7 features
Windows Phone 7 security: Assessing WP7 security features
Windows Phone 7 improvements should entice Exchange admins
How do Windows Phone 7 features stack up?
Windows Phone 7.5 app distribution program lets IT take control
When it comes to OS updates and file syncing on Windows Phone, Microsoft leaves much of the work in users’ hands, which may give IT pause. The Zune desktop software is required for syncing photos, music and movies, plus downloading and installing OS updates.
Microsoft also urges users to establish a Windows Live ID for online access to SkyDrive, Xbox Live and Zune. It isn’t a big deal for any organization that has become familiar with the iTunes requirement for iPhone users, but it may raise eyebrows in BlackBerry shops, where IT has much more control.
Publishing Windows Phone 7 enterprise apps
Applications -- of both the mobile and Web varieties -- are another possible sticking point for Windows Phone 7 enterprise use. Microsoft has decided to actively manage and control its app store, the Windows Marketplace, much like Apple does with its App Store. If your organization has custom apps you want installed on users’ phones, you will have to submit them to the Marketplace and wait for approval. (Microsoft does offer a Windows Phone 7.5 app distribution option that hides these apps from public view, however.) Apple, on the other hand, allows you to install your own apps with the right kind of certificates and server-side setup. The plus side of the Microsoft method is that it requires no extra infrastructure to publish apps to Windows Phones.
Internet Explorer on Windows Phone supports most websites and modern HTML5 apps nicely, but you will not be able to rely on any plug-ins, which are common on the desktop version. If you want to use your organization’s Web apps, it’s best if you translate them for the mobile Web and remove reliance on ActiveX controls.
This was first published in February 2012