Enterprise Mobile Device Security: Personal Windows Device Protection
As an administrator managing mobility for an enterprise environment, you want to enforce certain policies for all personal devices being used at work, especially if your IT policy allows personal devices to access network resources. Here are some precautions you should advise users to take to prevent losing vital data on a Windows device if it's ever lost or stolen.
Microsoft’s Windows-based mobile operating system comes in two basic flavors. One is the older Windows Mobile operating system that runs on several phones from vendors such as HTC and Sony Ericsson; the other is the relatively newer Windows Phone 7. Both are vastly different operating systems with different sets of supported features.
Microsoft offers a service called My Phone for Windows Mobile and Windows Phone 7 devices, with support for loss and theft protection features, as well as the ability to sync photos, music, and other data from the phone to a computer.
Microsoft’s My Phone service (myphone.microsoft.com) is available in two options. One is a free option with limited features, and the other is a premium option with fully supported features. If the user’s phone is lost or stolen, he can use the following My Phone features to protect the data:
Locate the lost device by using GPS. After the user has signed up for Microsoft’s My Phone service, he can locate a lost or misplaced device by logging into the service using a web browser from any computer.
Note that the free version of Microsoft’s My Phone service provides the location of a device when the last sync operation was performed. This clearly isn't the same as locating the actual device when it's lost or stolen. For example, if the user last performed a sync a month ago, it will show the location where the sync was performed, not the current location of the phone.
Remotely lock or wipe the device, or set off an alarm. If the user is unable to locate the lost device using GPS, he should attempt to remotely lock the phone or even wipe its contents clean. The My Phone service provides these services for a fee.
Remotely locking the device with My Phone involves using the web-based My Phone interface and setting a passcode to lock the device. The device owner can also use the My Phone web interface to issue a wipe command on the device if he’s fairly certain it has been lost or stolen.
Other solutions available commercially from other vendors include similar web-based interfaces to issue remote lock or wipe commands.