Network administrators concerned about managing devices and ensuring security during the age of bring-your-own-device computing can find some efficient tools to use with Windows 8 — especially with the recent release of Windows 8.1.
Microsoft has responded to the challenges of BYOD by providing services that should help administrators with their frequently conflicting tasks of maintaining security while providing users with access to content and services from mobile devices. Several of Windows 8’s features for managing mobility should enhance productivity while helping to keep agency data secure.
1. Enable BYOD with Workplace Join.
Windows 8.1 gives IT administrators some relief in dealing with BYOD demands for access to enterprise resources. Workplace Join provides administrators the ability to grant access on a finer-grained basis. Windows 8 allowed domain access to a device on a yes-or-no basis. Workplace Join lets IT grant access to specific resources and services.
Registering a device for Workplace Join makes it a known device and enables seamless second-factor authentication for a single-sign-on user experience. This also gives IT the ability to enforce governance parameters on the device. Workplace Join works with the Device Registration Service that is included with the Active Directory Federation Role in Windows Server 2012 R2, which provides a device object in Active Directory and sets a certificate on the consumer device that is used to represent the device identity.
2. Provide synchronization with Work Folders.
Users can enhance their productivity by using the Work Folders feature of Windows 8.1, which provides a synchronization service. Work Folders enable users to store local copies of their work on a personal PC or mobile device, while enjoying automatic syncing with file servers in the corporate environment. As with Workplace Join, Work Folders requires Windows Server 2012 R2.
3. Protect corporate data with Remote Business Data Removal.
IT administrators can add an extra layer of protection with the Remote Business Data Removal feature of Windows 8.1. As the name implies, IT can use the feature to wipe data from a distance. Perhaps more important, an admin can use the feature to remove data selectively. IT can remotely remove corporate data, while leaving personal files.
The feature works through a client-server mechanism in which data is marked as being corporate and is encrypted. Later, data can be made inaccessible or be removed completely.
4. Set policies with Configuration Manager.
Windows 8 is now supported by System Center 2012 Configuration Manager SP1. IT can take advantage of Configuration Manager to set polices for corporate compliance and control, and to create user-based and device-based rules for accessing resources.
5. Enhance after-hours and weekend productivity with Windows To Go.
IT administrators can make life easier — and more productive — for mobile users through use of the Windows To Go feature of Windows 8, which enables an admin to place a complete Windows 8 image onto a bootable USB drive. A user can use the USB to transform any Windows 7 or Windows 8 computer into their own machine — which also helps to ensure data protection and compliance.