Microsoft Windows RT tablets will be more security friendly than iPad, Android devices

Microsoft Windows RT tablets will be more security friendly than iPad, Android devices

Microsoft can perform a type of network access control on Windows RT devices as a way to protect corporate networks from harm these devices might inflict if put to corporate use, making them a cut above iPads and Android tablets in this regard.

The newly announced capability can check the devices for compliance with corporate policies surrounding passwords, encrypting data, antivirus, anti-spyware and auto updates, according to the Building Windows 8 blog. This is similar but less comprehensive than what some NAC schemes do in order to keep devices that don't comply from connecting to networks.

Previously Microsoft had announced four flavors of Windows 8 -- Windows 8, Windows 8 Pro, Windows 8 Enterprise and Windows RT -- with Windows RT lacking many of the features included in the Enterprise edition that might make the devices more palatable to businesses.

BACKGROUND: Windows RT tablets will add to the BYOD nightmare

TEST YOURSELF: The Windows 8 Quiz

Windows RT is the name Microsoft has given to a Windows 8 operating system that is packaged with ARM-based hardware such as power-efficient tablets. They are expected to ship later this year or early next. The devices don't support applications that run on standard x86/64 machines, and until now, would accept Metro-style applications designed for Windows 8 only directly from Microsoft.

None of this made Windows RT seem any more BYOD-friendly than Android tablets or iPads.

But a client announced by Microsoft will monitor the security posture of the devices and enable downloading proprietary business applications to them. The client will communicate with an undefined cloud-based management platform that will be announced later by the team working on Microsoft's System Center.

The client's main function is to download and install Windows 8 Metro-style applications that are designed to work on both x86/64 and ARM devices. Without the agent, owners of Windows RT devices can only download applications that are stocked in the Windows Store or via Windows Update or Microsoft Update.

But Microsoft recognizes that businesses will create their own Windows 8 Metro apps that they want to deploy to personal Windows RT devices that employees might want to use for work, according to the blog.

The client makes this possible by connecting to the corporate management infrastructure and to a self-service portal, which displays applications that are available for each user to download. This provides a mechanism to download proprietary line-of-business Metro apps to employees without placing them in the public Windows Store. As the blog says, "... there is no reason to broadcast these applications to others or to have their application deployment managed through the Windows Store process."

If the business or the owner of the device decides to remove it from corporate management, the client wipes out the proprietary apps.

Before users can connect their Windows RT devices to the management service, their Active Directory settings must be changed to allow it and to specify how many devices they are allowed to connect via SSL authentication. The process involves registering the device with the network.

Each user authorized to use the management service must be specified within Active Directory as someone allowed to connect devices. Once connected, the client makes daily maintenance reports about the hardware, applies changes to settings policies on the devices, reports on compliance with those policies and updates the proprietary apps as needed.

The client also informs the management platform whenever users initiate application installation from the self-service portal, the blog says.

Administrators can set security parameters the devices must comply with such as maximum failed logins, lockout after a maximum period of inactivity, requiring passwords of specified length and complexity, imposing enabled and expired dates on passwords and maintaining password history.

The agent can also set up VPN connections automatically to the management infrastructure so users don't have to do it manually. The client also reports the status of drive encryption, auto update, antivirus and anti-spyware.

"Leveraging this compliance information, IT admins can more effectively control access to corporate resources if a device is determined to be at risk," the blog says. "Yet once again, the user's basic experience with the device is left intact and their personal privacy is maintained."

Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at and follow him on Twitter!/Tim_Greene.

Read more about software in Network World's Software section.

Follow Us

Join the ARN newsletter!

Error: Please check your email address.



IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)

IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)

Nutanix recently held its customer and channel event, .NEXT, in Sydney. The event, held at the Sheraton on the Park saw attendance from more than 150 channel and technology partners and customers. It was the first in a series of events Nutanix is holding in A/NZ in August and September, the objective of which is to brief partners and customers on “what’s next” in the design and management of datacentre technology.

IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)
IN PICTURES: EDGE 2015 sponsor debrief (+23 photos)

IN PICTURES: EDGE 2015 sponsor debrief (+23 photos)

Some of the sponsors of ARN's inaugural EDGE 2015 event got together at the ARN office for a debrieef of the event. Over some drinks and cheese, these attendees got an update on some key statistics that arose from the EDGE event and discussed potential topics and improvements that can be made at next year's event.

IN PICTURES: EDGE 2015 sponsor debrief (+23 photos)
IN PICTURES: ARN Distributor Roundtable, Sydney, 26.08.15 (+26 photos)

IN PICTURES: ARN Distributor Roundtable, Sydney, 26.08.15 (+26 photos)

ARN hosted a distributor roundtable at Cafe Del Mar in Sydney, at which attendees and their partners discussed the changing role of the traditional IT distributor. They spoke about the challenges of digital disruption, the blurring lines of the channel in the age of digital transformation, and examined the ever-evolving business models. This roundtable was sponsored by Distribution Central, Exclusive Networks, Rhipe, and Hemisphere Technologies. Photos by ARN Editorial Director, Mike Gee.

IN PICTURES: ARN Distributor Roundtable, Sydney, 26.08.15 (+26 photos) is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments