Windows 8.1 Enterprise: More Mobile and Secure Including Bring Your Own Device (BYOD)

Windows 8.1 Enterprise, public preview introduces new manageability, mobility, security, user experience and networking capabilities including B.Y.O.D (Bring Your Own Device).

Microsoft at the TechEd 2013 North America, demonstrated new feature of its upcoming Windows 8.1 Enterprise build 9415, operating system including the tools for businesses to enable Bring Your Own Device (BYOD) scenarios.

Microsoft on June 26, at the Build developer conference in San Francisco, will release a public preview of Windows 8.1 for Windows 8, Windows RT and Windows Embedded 8.1 Industry.

New business-orinented features in Windows 8.1 "improve mobile productivity, while security enhancements such as fingerprint-based biometrics and multi-factor authentication on tablets protect corporate data and applications," Microsoft stated.

Additionally, improved management capabilities in Windows 8.1 give customers more flexibility with supported options like System Center Configuration Manager 2012 R2 and new mobile device management (MDM) solutions with third-party MDM partners, in addition to updated Windows Intune support.

Windows 8.1 Enterprise with Start Butoon

Microsoft reveals that Windows 8.1 improves mobile productivity for today's workforce with new networking capabilities that take advantage of NFC-tagged and Wi-Fi connected devices, including:

  • "NFC tap-to-pair printing - Tap your Windows 8.1 device against an enterprise NFC-enabled printer and you're all set to print. No more hunting on your network for the correct printer and no need to buy a special printer; just attach a NFC tag to your existing machines. And you don't need to buy new printers to take advantage of this; you can simply put an NFC tag on your existing printers to enable this functionality.
  • Wi-Fi Direct printing - Connect to Wi-Fi Direct printers without adding additional drivers or software on your Windows 8.1 device, forming a peer-to-peer network between your device and the printer.
  • Native Miracast wireless display - Present your work wirelessly without any dongles needed; simply project your content to a Miracast-enabled device by pairing the device through Bluetooth or NFC. Miracast will then use the available Wi-Fi connection to let you lean back and project wire-free.
  • Mobile Device Management - When a user enrolls their device, they are joining the device to the Windows Intune management service. They get access to the Company Portal which provides a consistent experience for access to their applications, data and to manage their own devices. This allows a deeper management experience with existing tools like Windows Intune. IT administrators now have more comprehensive policy management for Windows RT devices, and can manage Windows 8.1 PCs as mobile devices without having to deploy a full management client.
  • Broadband tethering - Turn your Windows 8.1 mobile broadband-enabled PC or tablet into a personal Wi-Fi hotspot, allowing other devices to connect and access the internet.
  • Auto-triggered VPN - When you select an app or resource that needs access through the inbox VPN - like a company's intranet site - Windows 8.1 will automatically prompt you to sign in with one click. This feature will be available with Microsoft and third-party inbox VPN clients."

Mobility Enhancements

  • VPN - We have added support for a wider range of VPN clients in both Windows and Windows RT devices. We have also added the ability to have an app automatically trigger VPN connections.
  • Mobile Broadband - At Windows 8 launch, the devices had embedded radios that were separate components within the devices. Windows 8.1 supports embedded wireless radio, which gives you increased power savings, longer battery life, also enables thinner form factors and lower cost devices.
  • Broadband tethering - Turn your Windows 8.1 mobile broadband-enabled PC or tablet into a personal Wi-Fi hotspot, allowing other devices to connect and access the internet.
  • Auto-triggered VPN -When you select an app or resource that needs access through the inbox VPN - like a company's intranet site - Windows 8.1 will automatically prompt you to sign in with one click. This feature will be available with Microsoft and third-party inbox VPN clients.

Security enhancements for device proliferation and mobility to help you protect your corporate data, applications and devices:

  • "Modern Access Controls - Sign in and authenticate devices with new support for fingerprint-based biometrics. Multi-factor authentication using Virtual Smart Cards will also be made even easier in Windows 8.1.
  • Malware Resistance -Windows Defender, Microsoft's free antivirus solution in Windows 8, will include network behavior monitoring to help detect and stop the execution of known and unknown malware. Internet Explorer will scan binary extensions (e.g. ActiveX) using the antimalware solution before potentially harmful code is executed.
  • Remote Business Data Removal - Corporations now have more control over corporate content which can be marked as corporate, encrypted, and then be wiped when the relationship between the corporation and user has ended. Corporate data can now be identified as corporate vs. user, encrypted, and wiped on command using EAS or EAS + OMA-DM protocol. This capability is requires implementation in the client application and in the server application (Mail + Exchange Server). The client application determines if the wipe simply makes the data inaccessible or actually deletes it.
  • Improved Biometrics - All SKU's will include end to end biometric capabilities that enable authenticating with your biometric identity anywhere in Windows (Windows sign-in, remote access, UAC, etc.). Windows 8.1 will be optimized for fingerprint based biometrics and will include a common fingerprint enrollment experience that will work with a variety of readers (touch, swipe). Modern readers are capacitive touch based rather than swipe and include liveliness detection that prevents spoofing (e.g.: silicon emulated fingerprints). Access to Windows Store Apps, functions within them, and certificate release can be gated based on verification of a user's biometric identity.
  • Pervasive Device Encryption - Device encryption previously found on Windows RT and Windows Phone 8 is now available in all editions of Windows. It is enabled out of the box and can be configured with additional BitLocker protection and management capability on Pro and Enterprise SKU. Consumer devices are automatically encrypted and protected when using a Microsoft account. Data on any Windows connected standby device is automatically protected (encrypted) with device encryption. Organizations that need to manage encryption can easily take add additional BitLocker protection options and manageability to these devices.
  • Improved Internet Explorer -Internet Explorer 11 improvements include faster page load times, side-by-side browsing of your sites, 3D graphics, enhanced pinned site notifications, reading view and app settings like favorites, tabs and settings sync across all your Windows 8.1 PCs. Internet Explorer 11 also now includes capability that enables an antimalware solution to scan the input for a binary extension before it's passed onto the extension for execution.
  • Malware Resistance -Windows Defender, Microsoft's free antivirus solution in Windows 8, will include network behavior monitoring to help detect and stop the execution of known and unknown malware. Internet Explorer will scan binary extensions (e.g. ActiveX) using the antimalware solution before potentially harmful code is executed.
  • Assigned Access- With Assigned Access, a new feature offered in Windows 8.1 RT, Windows 8.1 Pro and Windows 8.1 Enterprise, you can enable a single Windows Store application experience on the device. This can be things like a learning application for kids in an educational setting or a Customer Service application at a boutique, Assigned Access can ensure the device is delivering the intended experience. In our Windows Embedded 8.1 Industry product, we deliver additional lockdown capabilities to meet the needs of Industry devices like Point of Sale Systems, ATMs, and Digital Signs."

Improved management solutions to make BYOD:

  • "Improved IT controls - IT departments can now control the layout of the Start screen on company-issued devices to ensure key apps are easily accessible. IT departments can also prevent users from customizing their start screen to ensure consistency across individual workgroups or the entire company.
  • Remote business data removal- Allows personal devices to connect to, access and store company content that can be efficiently removed from the device by IT at a later date while leaving the personal data intact.
  • Open MDM - With Windows 8.1, new Open Mobile Alliance Device Management (OMA-DM) capabilities are built into the OS and enable mobile device management using third-party MDM solutions, such as MobileIron or AirWatch, with no additional agent required. Enhanced policies allow administrators to manage more settings from both Windows Intune and the third-party MDM solutions for both Windows 8.1 and Windows RT 8.1.
  • Workplace Join - Further control access to company data by ensuring that only registered and trusted devices are allowed to access secured enterprise data.
  • WorkFolders allows a user to sync data to their device from their user folder located in the corporation's data center. Files created locally will sync back to the file server in the corporate environment. This syncing is natively integrated into the file system. Note, this all happens outside the firewall client sync support. Previously, Windows 8 devices needed to be domain joined (or required domain credentials) for access to file shares. Syncing could be done with 3rd party folder replication apps. With Work Folders, Users can keep local copies of their work files on their devices, with automatic synchronization to your data center, and for access from other devices. IT can enforce Dynamic Access Control policies on the Work Folder Sync Share (including automated Rights Management) and require Workplace Join to be in place.
  • Web Application Proxy - The Web Application Proxy is a new role service in the Windows Server Remote Access role. It provides the ability to publish access to corporate resources, and enforce multi-factor authentication as well as apply conditional access policies to verify both the user's identity and the device they are using resources, and enforce multi-factor authentication as well as verify the device being used before access is granted.
  • RDS Enhancements - EnhancedVDI in Server 2012 R2 which delivers improvements in Management, Value, and User Experience. Session Shadowing allows Admins to view and remotely control active user sessions in an RDSH server. Diskdedupe and storagetiering allow for lower cost storage options. User experience for RemoteApps, network connectivity and multiple display support has been improved. Administrators can now easily support users with session desktops to provide helpdesk style support. Administrators now have even more flexible storage options to support a VDI environment without expensive SAN investments. End users will find RemoteApp behavior is more like local apps, and the experience in low-bandwidth is better, with faster reconnects and improved compression, and support for multiple monitors."

More control over business devices:

  • Assigned Access - Enable a single Windows Store application experience on the device (e.g. a learning application for a child, a customer service application at a boutique.) Enabling this feature turns on a predefined set of filters that blocks other actions so the user only experiences the specified application and is unable to access system files and other applications.
  • Windows Embedded 8.1 Industry -Our offering for Industry devices like POS Systems, ATMs, and Digital Signage that provides a broader set of device lockdown capabilities.

Modern UI experience

  • "Variable, continuous size of snap views - You have more ways to see multiple apps on the screen at once. You can resize apps to nearly infinite sized windows, share the screen between two apps, or have up to three apps on each monitor depending on resolution.
  • Boot to Desktop - we have made configuration options available which will allow you to boot directly to the desktop in Windows 8.1.
  • Desktop and Start screen - Improvements have been made to better support users who prefer a mouse and keyboard experience to access applications," informs Microsoft.

Update 06:04: Windows 8.1 Preview website currently providing access to enterprise resources only is live as on June 3. The web page will most likely be updated anytime soon to comprise details for end users as well.

Windows 8.1 Preview Website

Meanwhile, watch the video below that shows upgrade from Windows 1.0 to Windows 8 Pro. Alonside, the video also show how the installation process for Windows has changed through the ages, from 1985 to 2012.

It's interesting to note that upgrade from Windows 1.01 through 2.03, 3.0a, 3.1 and 95 took just five minutes, while installing Windows Vista takes longer than the "time all of these OS's combined took."