Network administrators concerned about managing devices and ensuring security in this age of bring-your-own-device computing can find some efficient tools to use with Windows 8 — especially with the recent release of Windows 8.1.
Microsoft has responded to the challenges of BYOD by providing services to help administrators with the frequently conflicting tasks of maintaining security while providing users with access to mobile device content and services. Here’s how to leverage them.
Enable BYOD with Workplace Join
Windows 8 allowed domain access to a mobile device on a yes-or-no basis. Workplace Join in Windows 8.1 gives network administrators the ability to take a more nuanced approach — granting access to specific enterprise resources and services.
Registering a device for Workplace Join makes it known and enables seamless second-factor authentication for a single-sign-on user experience. This also gives IT the ability to enforce governance parameters on the device.
Workplace Join works with the Device Registration Service that’s included with the Active Directory Federation Role in Windows Server 2012 R2, which provides a device object in Active Directory and sets a certificate on the consumer device that’s then used to represent the device identity.
Provide synchronization with Work Folders
Users can enhance their productivity with Windows 8.1’s Work Folders feature, which enables them to store local copies of their work on a personal PC or mobile device, while enjoying automatic syncing with organizational file servers. Work Folders also requires Windows Server 2012 R2.
Protect data with Remote Business Data Removal
IT can add an extra layer of protection with the Remote Business Data Removal feature of Windows 8.1.
As the name implies, IT can use the feature to wipe data from a distance. Perhaps more important, an admin can use the feature to remove data selectively. Thus, if a teacher leaves a school, IT can remotely remove district-owned data, while leaving personal files untouched. The feature works through a client-server mechanism in which data is marked as “corporate” and encrypted. Later, data can be made inaccessible or removed.
Set policies with Configuration Manager
Windows 8 is now supported by System Center 2012 Configuration Manager SP1. This means IT staff can take advantage of Configuration Manager to, among other things, set policies for compliance and control. They also can use it to create user-based and device-based rules for accessing resources.
Enhance after-hours and weekend productivity with Windows To Go
IT can make life easier — and more productive — for mobile users through Windows 8’s Windows To Go feature, which enables an admin to place a complete Windows 8 image onto a bootable USB drive. A user can utilize the USB to transform any Windows 7 or Windows 8 computer into his or her own machine; IT benefits from the policy that comes along to help ensure data protection and compliance.