Microsoft Talks Up Windows RT's App Management Capabilities -- Redmond Channel Partner

Microsoft Talks Up Windows RT's App Management Capabilities

By Kurt Mackie
April 19, 2012

Windows RT, the version of Windows 8 for ARM-based devices, can be used for both personal and business purposes, even while organizational control is maintained over application access, Microsoft explained on Thursday.

Microsoft has a "management infrastructure in the cloud" approach that's designed to authenticate Windows RT device users and provide access to an organization's applications, according to a blog post by Jeffrey Sutherland, a program manager lead for Microsoft's management systems group. The method applies to ARM-based devices, but Sutherland added that much of the approach can also apply to x86/x64-based devices.

Microsoft has said recently that Windows RT devices, when available, will not be capable of Active Directory (AD) management, whereas x86/x64 devices running Windows 8 will have this basic IT management capability. Since AD provides a means for establishing user access within a Windows-based network, it was puzzling why Windows RT would lack direct AD support. The answer to that riddle now seems to be associated with this new management structure for Windows RT, which handles user access to apps. In the background, Active Directory is still part of the process.

Self-Service Portal for Getting Apps
Microsoft's solution for situations where a person uses their Windows RT-based personal device for work, in which they must access "line-of-business" applications on the organization's network, is an authentication approach that's associated with a self-service portal (SSP). This SSP houses Metro-style applications that were internally developed by an organization or developed by an independent software vendor. It also can include links to Web apps and links to Windows Store-based apps.

To get access to the SSP and install the apps listed there on a Windows RT device, a user supplies an e-mail address and password via an applet accessed through Windows 8's Control Panel. The SSP works with an agent that "configures the client to communicate with the organization's management infrastructure," according to Sutherland. This agent also can be used to automatically configure a user profile for virtual private network access to an organization's network.

IT pros can control who can connect to the SSP by specifying AD domain users permitted to use the service. Certain groups of users can be limited to specific app access, according to this scheme. The maximum number of devices per user allowed to access an app also can be specified.

The authentication process is performed over a Secure Socket Layer connection. The service returns an activation key to the user's device, as well as a certificate to access the apps on the SSP. The agent monitors the Windows RT device's security compliance by checking for the status of anti-sypware and anti-virus installation, drive encryption and whether the Auto Update feature is turned on. All of that information is reported back to IT personnel monitoring the network.

Personal vs. Business Apps
The agent monitors which apps are installed on a Windows RT device. However, it only monitors the line-of-business apps installed via the SSP. It doesn't monitor apps installed through Windows Store, according to the blog. Updates to apps loaded to the SSP by an IT pro will get automatically downloaded to the client device.

For those times when users leave an organization, Microsoft has devised a way to disable Metro-style apps that were installed on those devices through the SSP. This "disconnection" process can be initiated by the user via the Control Panel or remotely by an IT department. The process doesn't actually remove the applications installed on a device, but the apps can't be launched, Sutherland explains. Instead, it removes the application certificates that were delivered by the service and stops checking security compliance policies.

So far, Microsoft has only enabled this Windows RT client management process for use with "a single management infrastructure at a time," but Microsoft may expand that capability by the time of Windows 8's release, according to Sutherland. In the case of multiple management infrastructures, the most restrictive policies predominate.

"In the case where more than one policy exists for the same Windows 8 device, the policies will be merged and the most restrictive configuration will be selected for each," Sutherland explained.

See Also:

Microsoft Names Windows 8 Editions, Unveils ARM-Based 'Windows RT'

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Free Webcast! Learn about Password Management Best Practices

Featured

The 2024 Microsoft Product Roadmap

Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.
Microsoft Makes AI Push in London and Japan with Strategic Investments

Looking to further the global reach of its aggressive AI push, Microsoft made a couple of announcements this week focused on overseas initiatives and investments.
Top SMB Threats Include Ransomware and Windows Server 2012: Report

Managed services providers that support SMBs have their hands full this year: The constellation of threats targeting their customer base is more varied and harder to detect than ever.
2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Microsoft Talks Up Windows RT's App Management Capabilities

Featured

The 2024 Microsoft Product Roadmap

Microsoft Makes AI Push in London and Japan with Strategic Investments

Top SMB Threats Include Ransomware and Windows Server 2012: Report

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Microsoft Names Head of New Consumer AI Division

The Most Important Document for Partners To Read Now: CSF 2.0

Microsoft Deepens Partner Program with New Designations, More Perks

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Microsoft Names Head of New Consumer AI Division

The Most Important Document for Partners To Read Now: CSF 2.0

Microsoft Deepens Partner Program with New Designations, More Perks

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Coffee Talk: Phishing Awareness Training 101 for Partners

Security Essentials: Empowering MSPs with Datto’s Integrated Solutions

Coffee Talk: Endpoint Security 101: Threats & Strategies SMB Partners Need to Know

Automated Intelligence: Simplifying M365 Governance for MSPs

FREE WHITE PAPERS FROM OUR SPONSORS

A guide to zero trust for MSPs

Microsoft CSP Guide

10 Reasons to Bundle Security with your Managed Services

Battling Business Email Compromise