Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vik Thairani Mobility Technical Sales Consultant Mobile Communication Business -Microsoft Corp. WMB308.

Published byThomasina Carson Modified over 9 years ago

Similar presentations

Presentation on theme: "Vik Thairani Mobility Technical Sales Consultant Mobile Communication Business -Microsoft Corp. WMB308."— Presentation transcript:

1

2 Vik Thairani Mobility Technical Sales Consultant Mobile Communication Business -Microsoft Corp. WMB308

3 Session Objectives and Takeaways Overview Authenticating against your Corporate Environment Secure Intranet Access Securing Data in Transport Securing Data on the Device Securing Devices for Malware and Viruses Q&A

4

5 DMZ Corporate Intranet ISA Server / Reverse Proxy Exchange 2003 / 2007 Topology Exchange Front-End/CAS Server Exchange Mailbox Server 128Bit SSL Tunnel Firewall Firewall Subscription to Mailbox MAPIClients Internet Active Directory SharePoint 2003/2007 Server SharePoint Request Proxy via Exchange CAS 128Bit SSL Tunnel

6 SCMDM 08 Deployment Topology System Center Mobile Device Manager 2008 DMZ Intranet Corporate Intranet SCMDM 08 Gateway Exchange, SharePoint, Intranet and LOB Servers SSL User Authentication MMC Console SCMDM 08 Management Server Active Directory WSUS Software Management MDM Enrollment Server IPSEC MobIKE VPN 128Bit SSL Tunnel IPSEC VPN 128bit SSL Tunnel FirewallFirewall One Time PIN for Enrollment Initial OTA Device Enrollment via SSL Machine Certificate Authentication for Mobile VPN SQL Server Internet Optional ISA or Reverse Proxy 128Bit SSL Tunnel Device Certificate Enrollment Service

7

8 SSL Tunneling vs. SSL Bridging Wildcard Cert Support Elevated Root Cert install support in WM6 Certificate Authentication ISA 2006 when Domain Joined Can Cert Auth in the DMZ Standard Authentication

9 2 Factor Authentication with RSA RSA must be installed on the IIS server RSA Agent must be 5.3 or Greater

10 DMZ Pre-Authentication via ISA Split Tunneling via ISA Listeners Radius LDAP Cert Authentication with Domain Joined ISA 2006

11 MDM 2008 11 Mobile Device Manager 2008 – 2 Factor Authentication Machine authentication and “double envelope security” Session persistence Fast reconnect Inter-network roaming Standards–based (IKEv2, MOBIKE, IPSec tunnel mode) Network Access Workload Deployment: In DMZ MobileVPN

12

13 Secure Intranet Access (VPN) Built in VPN L2TP and PPTP Mobile VPN included in MDM 2008 Issues with Traditional VPNs

14 MDM 2008 14 Mobile Device Manager 2008 VPN Machine authentication and “double envelope security” Session persistence Fast reconnect Inter-network roaming Standards–based (IKEv2, MOBIKE, IPSec tunnel mode) Network Access Workload Deployment: In DMZ MobileVPN

15

16 SSL / MobileIKE SSL RC4, 3DES, AES 128, AES 256* MobIKEv2 IPSEC Tunnel

17 Wireless LAN Security WiFi 802.1x user authentication using Protected EAP (PEAP) EAP/TLS (certificate-based) WPA / TKIP Wi-Fi Certificate Enroller provided by OEM Built in Certificate Enroller for Windows Mobile 6 in Active sync 4.5 Windows Mobile 6 Includes built in PFX, CER,.P7B installer

18 S/MIME Windows Mobile 5.0 Requires Smart-Card reader Windows Mobile 6.0 Supports Soft-Certificates Exchange 2007 SP1 Does Support SMIME

19 Mobile Device Manager 2008 19 Mobile Device Manager 2008 - IPSEC Machine authentication and “double envelope security” Session persistence Fast reconnect Inter-network roaming Standards–based (IKEv2, MOBIKE, IPSec tunnel mode) Network Access Workload Deployment: In DMZ Management Workload Deployment: Inside firewall MobileVPN

20

21 On Device Encryption Encrypted PIM Data (WM 6.1 w/ Exchange 2007, MDM) AES 128 SD Card (WM 6) AES 128 LOB Custom Applications (CryptoAPI, MDM 2008) 3DES, AES128, AES 256

22 Information Rights Management Windows Mobile 6 Supports IRM with Mail Read Only No Creation Office for Windows Mobile 6 supports IRM for Office Documents

23 Device Policies available with Exchange 2003/2007 Device Lock New Pin Enhancements (Pin Recovery, History) Device Password New Password Requirements Exchange 2007 allows for group based Polices New Exchange 2007 Policies SD Card encryption

24 Exchange 2007 Device Control Disable desktop ActiveSync Disable removable storage Disable camera Disable SMS and any MMS text messaging Network Control

25 Exchange 2007 Device Control Disable Wi-Fi Disable Bluetooth Disable IrDA Allow internet sharing from device Allow desktop sharing from device Application Control

26 Exchange Functionality Features2007SEFeatures2007SE Password RequiredXXXMin Device Pwd Complex CharactersXX Allow non-provisionable devicesXXXRequire Device EncryptionXX Allow Simple Device PasswordXXXRequire Encrypted SMIME MessagesXX Alphanumeric PasswordXXXRequire Encryption SMIME AlgorithmXX Attachments EnabledXXXRequire Manual Sync When RoamingXX Inactivity TimeoutXXXRequire Signed SMIME AlgorithmXX Max Attachment SizeXXXRequire Signed SMIME MessagesXX Max Failed Password AttemptsXXXAllow BluetoothX Min Password LengthXXXAllow BrowserX Password ExpirationXXXAllow CameraX Password HistoryXXXAllow Consumer EmailX Password Recovery EnabledXXXAllow Desktop SyncX Policy Refresh IntervalXXXAllow Internet SharingX Storage Card EncryptionXXXAllow IrDAX UNC Access EnabledXXXAllow POP/IMAP EmailX WSS Access EnabledXXXAllow Remote DesktopX Allow HTML EmailXXAllow Storage CardX Allow SMIME Encryption Algorithm NegotiationXXAllow Text MessagingX Allow SMIME Soft CertsXXAllow Unsigned ApplicationsX Max Calendar Age FilterXXAllow Unsigned Installation PackagesX Max Email Age FilterXXAllow Wi-FiX Max Email Body Truncation SizeXXApproved Application ListX Max Email HTML Body Truncation SizeXXUnapproved InROM Application ListX 2007 = Exchange 2007 | S = Exchange 2007 SP1 Standard CAL | E = Exchange 2007 SP1 Enterprise CAL

27 Mobile Device Manager 2008 27 Mobile Device Manager 2008 - Security Active Directory ® Domain Join Policy enforcement using Active Directory/group policy targeting (>125 policies) Communications and camera disablement * File encryption Application allow and deny Remote wipe OMA DM compliant * Part of LTK requirement SecurityManagement Management Workload Deployment: Inside firewall

28

29 Antivirus and Firewalls Mitigating Attack Vectors on Windows Mobile Office Internet Explorer Application Install Entry Points on your Corporate Environment Desktop Exchange APIs available for Windows Mobile

30 Exchange Advanced Policies Allow browser Allow consumer mail Allow unsigned apps Allow unsigned installation packages

31 Mobile Device Manager 2008 31 Mobile Device Manager 2008 – Software Distribution Single point of management for mobile devices in enterprise Full over-the-air (OTA) provisioning and bootstrapping OTA software distribution based on Windows Software Update Service (WSUS) 3.0 Inventory Microsoft SQL Server ™ 2005–based reporting capabilities Role–based administration MMC snap-ins and Microsoft Windows PowerShell ™ cmdlets WMU On/Off control Management Workload Deployment: Inside firewall DeviceManagement

32 Partners Management and Security Credant Trust Digital Afaria Odyssey VPN Bluefire (Cisco) Net Motion (IPSEC Mobile) Checkpoint (SSL)

33 www.microsoft.com/teched Sessions On-Demand & Community http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources www.microsoft.com/learning Microsoft Certification & Training Resources Resources

34 Windows Mobile ® Resources TechNet TechCenter – System Center Mobile Device Manager 2008 http://technet.microsoft.com/scmdm http://technet.microsoft.com/scmdm TechNet TechCenter – Windows Mobile http://technet.microsoft.com/windowsmobile http://technet.microsoft.com/windowsmobile MSDN Center – Windows Mobile http://msdn.microsoft.com/windowsmobile http://msdn.microsoft.com/windowsmobile Webcasts and Podcasts for IT – Windows Mobile http://www.microsoft.com/events/series/msecmobility.aspx http://www.microsoft.com/events/series/msecmobility.aspx General Information – Windows Mobile http://www.windowsmobile.com http://www.windowsmobile.com General Information – System Center Mobile Device Manager 2008 http://www.windowsmobile.com/mobiledevicemanager http://www.windowsmobile.com/mobiledevicemanager Windows Marketplace Developer Portal http://developer.windowsmobile.com http://

35 Windows Mobile ® is giving away Blackjack IIs ! Stop by the Windows Mobile Technical Learning Center to learn how to enter

36 Complete an evaluation on CommNet and enter to win!

37 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Vik Thairani Mobility Technical Sales Consultant Mobile Communication Business -Microsoft Corp. WMB308."

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Unified Communications 2007 Windows Mobile Bob Hunt Sr. Messaging Technology Specialist Microsoft Corporation.

Unified Communications 2007 Windows Mobile Bob Hunt Sr. Messaging Technology Specialist Microsoft Corporation.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.

Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.
4/17/2017 6:13 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

4/17/2017 6:13 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Sessions about to start – Get your rig on!. Ash de Zylva.

Sessions about to start – Get your rig on!. Ash de Zylva.
Tech·Ed North America /19/2017 6:02 AM

Tech·Ed North America /19/2017 6:02 AM
Christophe Fiessinger & Jan Kalis Senior Technical Product Manager Microsoft Corporation Session Code: OFS214.

Christophe Fiessinger & Jan Kalis Senior Technical Product Manager Microsoft Corporation Session Code: OFS214.
Utilize an enterprise’s current Active Directory ® structure to deploy and manage Windows Mobile devices with: Over 125 policies, including specific.

Utilize an enterprise’s current Active Directory ® structure to deploy and manage Windows Mobile devices with: Over 125 policies, including specific.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Johan Arwidmark Chief Technical Architect TrueSec WEM303.

Johan Arwidmark Chief Technical Architect TrueSec WEM303.
1 Migrating From LCS 2005 To OCS 2007 Tom Laciano Sr. Program Manager Microsoft UNC352.

1 Migrating From LCS 2005 To OCS 2007 Tom Laciano Sr. Program Manager Microsoft UNC352.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Session 1.

Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
Geir Olsen Sr. Program Manager Windows Mobile WMB307.

Geir Olsen Sr. Program Manager Windows Mobile WMB307.

Similar presentations

Ads by Google