Windows 8 development blog. It’s a pretty detailed post that is very recommended reading for anyone who will be managing devices across a network for a company. I’ll try and break this down. The post is focused on the management of Windows RT devices (which they still call WOA here). Microsoft set out “… to develop industry-leading management capabilities that support BYO or company-deployed WOA PCs”. They have introduced a new WOA management client (not sure if it will be called Windows RT management client now) that has two parts:
- A built-in system component or agent;
- Metro-style configuration management app/portal.
The agent does most of the heavy lifting on the client. It configures the client to communicate with the organization’s management infrastructure; periodically synchronizes with the management infrastructure to check for any updated LOB apps and apply the latest settings policies configured by IT for the device; and handles the actual download and installation of any LOB apps that the user wants to install. Finally, if the user or the administrator chooses to remove the device from the management infrastructure, it clears the configuration of the agent itself and disables any LOB apps the user installed from the SSP.Once installed, the agent can be configured to run periodically and check in with the management infrastructure. It communicates with the management infrastructure in 2 ways:
From the management infrastructure, IT admins are able to configure a bunch of best practices security policies including:
- First, as a maintenance task that runs daily at a time that the user can configure on the client. The activities performed during these maintenance sessions focus on reporting updated hardware information to the management infrastructure, applying changes to the settings policies for the device, reporting compliance back to the management infrastructure, and applying app updates to LOB apps, or retrying any previously failed LOB app installations initiated from the SSP.
- Secondly, the agent will communicate with the management infrastructure anytime the user initiates an app installation from the SSP. These user-initiated sessions are solely focused on app installation and do not perform the maintenance and management activities described in the first case.
- Allow Convenience Logon
- Maximum Failed Password Attempts
- Maximum Inactivity Time Lock
- Minimum Device Password Complex Characters
- Minimum Password Length
- Password Enabled
- Password Expiration
- Password History
Finally, the agent can also monitor and report on compliance of WOA devices for the following:Hopefully you get the picture. Microsoft are starting to fill in the blanks about how these new Windows RT devices will be installed and maintained across corporate networks. It’s a detailed and involved read but this one is very much worth reading. Once again, here’s the link. I am very impressed. A little tip for you guys – with these development blog posts, you learn almost as much from the comments and reactions to the post.]]>
- Drive Encryption Status
- Auto Update Status
- Antivirus Status
- AntiSpyWare Status
