Windows Phone 8.1 Enterprise Mobility Management

Mobility has changed the way we live and work everyday. Channel 9 has released a Windows Phone 8.1 Enterprise Mobility Management course which walks you through the capabilities and learning’s in this space.

Throughout this course you will learn the progress Windows has had and what’s new in Windows Phone 8.1, whether it be with user benefits or IT benefits. Microsoft technology experts Simon May, David Alessi, Mike Danoski, and Alan Meeus will delve into these topics.

This training really can help you understand Windows Phone and how this is managed via a Mobile Device Management platform.

Full course outline:

 

Full details and the course can be found below;

Mod 01: Mobile Device Management

In this module you will get an overview of all the components associated with Mobile Device Management, and explore how enrollment, policy and setting configuration are beneficial to the services.

  • [29:52] – Enrollment Demo
  • [35:14] – Policy and Settings Configuration

 

Mod 02: Asset and User Management

In this module you will learn about management and enrollment/device retirement.

  • [00:05] – Policy and Settings Configuration
  • [15:49] – Asset and User Management

 

Mod 03: App Deployment

Explore how the company portal, app deployment, and app lifecycle management all are important.

 

Mod 04: App Lifecycle Management

Learn the dynamics of App lifecycle Management while seeing how policies can affect apps.

  • [01:50] – App Lifecycle Management

 

Mod 05: Managing Data on Devices

Explore remote wipe, encryption, and app sandboxing.

 

Mod 06: Managing Device Access

Get an understanding on how managing access from devices is beneficial. This module will go over email, certificates, and VPN throughout this module.

 

Mod 07: Windows Phone 8.1 Overview

In this module you will learn about the new features and updates in Windows Phone 8.1 for IT Pros and Enterprises.

 

References :

Windows Phone 8.1 Enterprise Mobility Management – http://channel9.msdn.com/Series/Windows-Phone-8-1-Enterprise-Mobility-Management

Mod 01: Mobile Device Management – http://channel9.msdn.com/Series/Windows-Phone-8-1-Enterprise-Mobility-Management/01

Mod 02: Asset and User Management – http://channel9.msdn.com/series/Windows-Phone-8-1-Enterprise-Mobility-Management/02

Mod 03: App Deployment – http://channel9.msdn.com/series/Windows-Phone-8-1-Enterprise-Mobility-Management/03

Mod 04: App Lifecycle Management – http://channel9.msdn.com/series/Windows-Phone-8-1-Enterprise-Mobility-Management/04

Mod 05: Managing Data on Devices – http://channel9.msdn.com/series/Windows-Phone-8-1-Enterprise-Mobility-Management/05

Mod 06: Managing Device Access – http://channel9.msdn.com/series/Windows-Phone-8-1-Enterprise-Mobility-Management/06

Mod 07: Windows Phone 8.1 Overview – http://channel9.msdn.com/series/Windows-Phone-8-1-Enterprise-Mobility-Management/07

Launch workplace control panel from hyperlink

Scenario

You want to send a simple email to your Windows Phone 8.1 users to enrol their devices in the Windows Intune service, without telling them how to go to settings and find the workplace control panel.

You want a simple hyperlink in the email that redirects the end users to the workplace control panel for Windows Phone 8.1.

 

Theory

The Windows Phone 8.1 MDM Protocol guide is a mecca for information around the current capabilities for the Windows Phone platform.

As part of this documentation there are some powerful and handy tips.

One of these tips is around launching the workplace control panel from a hyperlink. In the documentation is describes that Windows Phone 8.1 supports the launching of the workplace control panel using a hyperlink: mssettings-workplace.

This should read : mssettings-workplace:

Please note the : at the end.

image

This sounds really promising to help end users join the workplace for Windows Intune. This means you can send an email to a user with the above hyperlink which intern open the workplace control panel.

 

However when receiving emails from an Exchange server, Windows Phone automatically filters out links like ms-settings-workplace: .  If you copy/paste the link, you will see that it has been replaced.

So the end users end up seeing the below

image

 

Solution

To work around this, the system does support HREF tags for HTML.  In order for this to work, you must host a re-direct website or page that can redirect the user to ms-settings-workplace: via a website to avoid the remapping on the client.  This will invoke the IE browser to deep-link into the settings page.

For example here is some source for a HTML page that you can copy and paste into notepad or web editor;

 

<!DOCTYPE HTML>
<html lang=”en-US”>
<head>
<meta charset=”UTF-8″>
<meta http-equiv=”refresh” content=”0;url=”ms-settings-workplace://”>
<script type=”text/javascript”>
window.location.href = “ms-settings-workplace://”
</script>
<title>Page Redirection</title>
</head>
<body>
<!– Note: don’t tell people to `click` the link, just tell them that it is a link. –>
If you are not redirected automatically, follow the <a href=’ms-settings-workplace://’>link to example</a>
</body>
</html>

 

Save this html to a file called wp811.htm . You can then upload or host it on your production website for your organisation.

As this point I can then send a email out to my end users. With a hyperlink that redirects clients to your WP811.htm location in an email that can be picked up on there Windows Phone 8.1 devices.

As an example here is my link that will kick off the workplace control panel :

http://www.theenterprisemobilityguy.com/wp-content/uploads/2014/08/wp811.htm

As example here is the whole workflow

image

I have highlighted some pages that your end user will never see, as an example the redirect page will not show.

References :

Windows Phone 8.1 MDM protocol documentation : http://msdn.microsoft.com/en-us/library/dn499787.aspx

Windows Phone 8.1 MDM protocol documentation PDF : Windows Phone 8.1 MDM protocol documentation

Windows Phone 8.1 MDM protocol documentation

One of the best pieces of documentation that I have used when developing content for Windows Intune for Windows Phone 8.1 is the MDM protocol guide.

image

Windows Phone 8.1 provides an enterprise management solution to help IT administrators manage company security policies and business applications while avoiding compromise of the users’ privacy on their personal phones. A built-in management component in Windows Phone 8.1 can communicate with the device management server. There are two parts to the Windows Phone management component, the enrollment client, which enrolls and configures the phone to communicate with the enterprise management server and the phone management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by an IT administrator. Third-party MDM servers can manage Windows Phone 8.1 by using the Enterprise Device Management protocol. The built-in Windows Phone 8.1 management client is able to communicate with a third-party server proxy that supports the protocols outlined in this downloadable document to perform enterprise management tasks.

Windows Phone 8.1 MDM protocol documentation : http://msdn.microsoft.com/en-us/library/dn499787.aspx 

Direct link to document : Windows Phone 8.1 MDM protocol documentation

Lets take this example :

You want to understand how to block or allow an application to run on Windows Phone 8.1. Currently today in Windows Intune this can not be achieved via the GUI from Configuration Manager.

The Windows Phone 8.1 MDM Protocol document will enable you to understand the structure of the OMA URI string that needs to be created as a setting into Configuration Manager

image

You can then find the relevant setting

image

And craft a string / setting to be deployed into Configuration Manager that is then targeted for your Windows Phone 8.1 users.

You also get examples of the XML that you may require to set that policy

imageimage

There is a whole number of configurations and capabilities that you can look to set.

This document is extremely powerful and can really help you deliver some great customisations/controls for your Windows Phone 8.1 platform using OMA URI in Configuration Manager with Windows Intune.

Reference :

Windows Phone 8 MDM protocol documentation PDF : Windows Phone 8 Enterprise Device Management Protocol 

Windows Phone 8.1 MDM protocol documentation : http://msdn.microsoft.com/en-us/library/dn499787.aspx 

Windows Phone 8.1 MDM protocol documentation PDF : Windows Phone 8.1 MDM protocol documentation

Black or Whitelist applications on Windows Phone 8.1 with Windows Intune : http://blogs.technet.com/b/tune_in_to_windows_intune/archive/2014/06/04/black-or-whitelist-applications-on-windows-phone-8-1-with-windows-intune.aspx