Home » Sample » Windows 81 Address Management Mobility and Security

Windows 8.1 to Address Management, Mobility, and Security

June 24, 2013
Report by: 

Organizations that skipped evaluating Windows 8 may find that both Windows 8.1 and Windows RT 8.1 now have enterprise-focused features worth reviewing. Many organizations have chosen not to evaluate Windows 8 due to the prominent role of the touch-enabled Modern UI, the lack of enterprise features and Modern applications, and a tradition of waiting for a first service pack. Windows 8.1 and RT 8.1, which began a public preview in June 2013, address many of these concerns. However, one of the more interesting features, the ability to associate non-organization devices with Active Directory, will require Windows Server 2012 R2.

Windows and Windows RT 8.1

Windows 8.1 and Windows RT 8.1 are the first of what promise to be annual updates to the Windows client OS. The update, originally code-named Blue, will update the Windows client OS (Windows 8.1), the Windows server OS (Windows Server 2012 R2), the Windows OS for the ARM architecture (Windows RT 8.1), and eventually, Windows Phone. The first Windows update available for preview is Windows 8.1, released at the start of Microsoft's Build Conference in June 2013.

The update includes new features and fixes or significantly improves existing features. Although much has been made of changes to the Modern UI, including the ability to boot directly into the Windows desktop rather than the Start screen, changes of most interest to organizations focus on scenarios where an employee is using a non-organization owned or managed device or application to perform company work. (For a list of additional features, see the chart "Windows 8.1 Enterprise Features".)

Empowering Employee's Use of Personal Devices

The features of most interest to organizations will help secure and manage employees' devices, by associating them with an organization's Active Directory, enabling the use of third-party mobile device management tools, and remotely wiping the organization's data and applications from an employee's device.

Workplace Join relies on both Active Directory Federation Services (ADFS) and Active Directory Domain Services (AD) in Windows Server 2012 R2 to create an association between a device and a user in AD. (The device is not joined to a domain, only registered as a known device.) The device may be running Windows 8.1, Windows RT 8.1, or a non-Microsoft OS such as Apple's iOS. Once a device has been associated with AD, a user may be able to take advantage of advanced functionality, such as the ability to sign on once to access a variety of applications or services. This facilitates productivity and helps keep sites secure, as single sign-on means the user will be more likely to use a strong password and comply with other password management policies.

Open Mobile Association Device Management (OMA-DM) provides a set of APIs that are used by many third-party mobile device management tools, such as Mobile Iron or Air Watch. Windows 8.1 devices will gain support for these APIs. This will enable an organization to use third-party tools to manage their employees' Windows mobile devices in the same way as other tablets and smartphones.

Remote Business Data Removal allows an organization to remotely wipe the organization's applications, settings, and data from a device when the device is no longer associated with the organization. Although there are tools that currently do this, such as Exchange ActiveSync, the new feature is more granular, removing the organization's data and applications and leaving the user's personal data in place.

Evaluating the Preview

Although the previews will give organizations a new opportunity to evaluate Windows 8 in their environment, organizations will have to spend some time determining how each new feature either enhances or replaces existing features. For example, one new feature is pervasive hardware encryption—organizations will need to determine whether this is better in their environment than current solutions, such as BitLocker. Evaluation of some Windows 8.1 features may require Windows Server 2012 R2.

Microsoft will also be updating the Windows Assessment and Deployment Kit (ADK) for Windows 8.1. Organizations will want to evaluate it to determine whether it will help deploy Windows 8.1. ADK 8.1 will include the Windows Preinstallation Environment 5.0, User State Migration Tool 6.3, Windows System Image Manager, Deployment Image Servicing and Management, Application Compatibility Toolkit, Volume Activation Management Tool, Windows Performance Toolkit, and Windows Assessment Toolkit.


A description of what's new in Windows 8.1 is at technet.microsoft.com/windows/dn140266.aspx?ocid=wc-nl-insider.

Managing the Windows 8.1 preview is described in "Managing the Windows 8.1 Preview".

Getting the Windows 8.1 preview is explained at windows.microsoft.com/en-us/windows-8/preview.

The Windows Server 2012 R2 preview is at www.microsoft.com/en-us/server-cloud/windows-server/windows-server-2012-r2.aspx.

The Windows Assessment and Deployment Kit is available for download at www.microsoft.com/download/details.aspx?id=30652.