Security and data protection in Windows Phone is a key design priority. Today I published a new paper titled “Windows Phone Enterprise Security and Policy Management” that discusses the Windows Phone team’s holistic approach to security, including new features in Windows Phone 7.5, the latest update to the Windows Phone OS.
The article provides an overview of the Windows Phone security model and how Windows Phone was designed to protect information. It describes the Exchange ActiveSync (EAS) security–related policies that can be managed by IT departments and discusses how apps are isolated from each other to help protect the operating system. In addition, the article provides information on how Windows Phone helps protect against malware and how IT departments can provide secure access to corporate resources.
Windows Phone 7.5 also adds a number of new productivity features. This paper will help you understand that, in addition to the rich end user capabilities, Windows Phone is a flexible and secure phone that you can support with confidence. To see recent case studies of companies and IT departments that now support Windows Phone, visit Microsoft Case Studies.
Alan Meeus, Windows Phone Team
You still have to set AllowNonprovisionabledevices to true on your default policy to get these phones to work, which is a total crock and turns back the clock from WinMo days....I've also noticed how Exchange 2010 has turned back the default EAS settings to accomodate the lack of support in Windows Phone...for shame.
suprised and disappointed at how it looks like wp7 has less EAS features than even wp6 - this from Microsoft:
makes other mobile platforms much more attractive to us - wouldve been a good option otherwise :(
Configuring the AllowNonProvisionableDevices will allow any device that supports the EAS protocol to connect to Exchange Server and synchronize. We do not recommend using this option to allow Windows Phone to connect. A recommended approach is to create a dedicated Windows Phone EAS policy set and associate it with mailbox users that use Windows Phone.
Employees are choosing their own devices and bringing them to work. Supporting a diversity of devices with variable EAS support will require IT professionals to become more flexible in supporting those devices and not fall back on a one-size-fits-all policy set.
I am not sure what you mean with your observation that “Exchange 2010 has turned back the default EAS settings.” EAS policy support in Exchange 2010 has not changed or lowered requirements for EAS support.
I was able to get Windows 7.5 phones synced as well as Windows 8 phones using our policy that does not all non-provisional devices. Well, I stumbled across a work-around... It’s a two-step process: First configure the device into a temporary policy that is wide open and have the user configure the device. Once the initial sync has completed, move the device into the more restrictive policy. After a minute or two, they will be prompted on the device to comply with any password restrictions you have set. After that point the phone synchronizes normally. It seems that you can’t cold configure a Windows phone into a policy that does not allow non-provisional devices.