In what can only be described as a very impressive piece of strategy, Microsoft have released some information about the management of Windows RT devices on their Windows 8 development blog.
It’s a pretty detailed post that is very recommended reading for anyone who will be managing devices across a network for a company.
I’ll try and break this down.
The post is focused on the management of Windows RT devices (which they still call WOA here).
Microsoft set out “… to develop industry-leading management capabilities that support BYO or company-deployed WOA PCs”.
They have introduced a new WOA management client (not sure if it will be called Windows RT management client now) that has two parts:
- A built-in system component or agent;
- Metro-style configuration management app/portal.
They system agent seems to be more critical here:
The agent does most of the heavy lifting on the client. It configures the client to communicate with the organization’s management infrastructure; periodically synchronizes with the management infrastructure to check for any updated LOB apps and apply the latest settings policies configured by IT for the device; and handles the actual download and installation of any LOB apps that the user wants to install.
Finally, if the user or the administrator chooses to remove the device from the management infrastructure, it clears the configuration of the agent itself and disables any LOB apps the user installed from the SSP.
Once installed, the agent can be configured to run periodically and check in with the management infrastructure.
It communicates with the management infrastructure in 2 ways:
- First, as a maintenance task that runs daily at a time that the user can configure on the client. The activities performed during these maintenance sessions focus on reporting updated hardware information to the management infrastructure, applying changes to the settings policies for the device, reporting compliance back to the management infrastructure, and applying app updates to LOB apps, or retrying any previously failed LOB app installations initiated from the SSP.
- Secondly, the agent will communicate with the management infrastructure anytime the user initiates an app installation from the SSP. These user-initiated sessions are solely focused on app installation and do not perform the maintenance and management activities described in the first case.
From the management infrastructure, IT admins are able to configure a bunch of best practices security policies including:
- Allow Convenience Logon
- Maximum Failed Password Attempts
- Maximum Inactivity Time Lock
- Minimum Device Password Complex Characters
- Minimum Password Length
- Password Enabled
- Password Expiration
- Password History
Another cool thing the agent will be able to do is automatically configure a VPN profile for the user, so that WOA devices easily connect to a corporate network without requiring any user action.
I thought this was awesome too:
Finally, the agent can also monitor and report on compliance of WOA devices for the following:
- Drive Encryption Status
- Auto Update Status
- Antivirus Status
- AntiSpyWare Status
Hopefully you get the picture. Microsoft are starting to fill in the blanks about how these new Windows RT devices will be installed and maintained across corporate networks.
It’s a detailed and involved read but this one is very much worth reading.
Once again, here’s the link.
I am very impressed.
A little tip for you guys – with these development blog posts, you learn almost as much from the comments and reactions to the post.