Windows Phone 7 and Exchange ActiveSync

Windows Phone 7 Email Icon

One of the big topics for Enterprises at the moment is the security of mobile devices and the ever increasing amount of data stored on them. The explosion of smartphone use that has followed the rise of the iPhone and iPad has lead many organisations to look at how best to apply and enforce security configurations to devices accessing corporate email.

Fortunately out the box MS Exchange has the ability to push and enforce policies using it’s Exchange ActiveSync (EAS) protocol.  This is supported by most smartphones these days including the iPhone, iPad, Windows Mobile and Google Android (to a limited extent, but better support is due in Gingerbread).  The polices allow you to configure the same sort of settings that Blackberries tout, pass codes, encryption and all that good stuff.  I wrote a table showing all the options and device compatibility whilst looking into it a few months ago.

With MS practically owning the corporate email market with Exchange, you’d have expected its new Windows Phone 7 platform to lead the field when it came to integration with Exchange and it’s security options. Unfortunately they seem to have missed that bit out the spec.  As it turns out WP7 has less support and integration than the Windows Mobile 6 platform it replaced.  Whilst it uses EAS to connect to Exchange and sync email, it’s only aware of a subset of the policies that can be applied.

Only the following are supported:

  • Password Required
  • Minimum Password Length
  • Idle Timeout Frequency Value
  • Device Wipe Threshold
  • Allow Simple Password
  • Password Expiration
  • Password History
  • Disable Removable Storage
  • Disable IrDA
  • Disable Desktop Sync
  • Block Remote Desktop
  • Block Internet Sharing

Whilst this subset offers very basic core security options there are far more important ones that are not there – support for encryption for example. Indeed I have an open question with MS about whether there is support for encryption at all in WP7.

So what happens if you have any of the more detailed policies already configured?  Well there’s a good chance WP7 devices won’t be allowed to connect at all.  There’s a policy called ‘Allow Non-provisionable Devices’ which unless enabled will block any device that doesn’t comply with your polices from connecting.  This will almost always be set to prevent non-compatible devices gaining access so if you’re enforcing encryption for example WP7 phones will just be blocked.

This leaves you with a few options…

First you can turn on the ‘Allow Non-provisionable Devices’ on whatever policies you currently use.  But, to be honest that pretty much opens up your exchange system to any and all devices that claim Activesync support, personally I wouldn’t do it.

Second you could create a new policy which only uses the WP7 supported settings.  While that might sound easy, you have to remember that EAS policies are applied to users not devices, so you’d have to keep track of which users have WP7 phones and ensure they are allocated the correct policy applied.  Of course you then have to hope that that person does not also have say an iPad alongside their phone.

In all honesty I find this all very odd.  MS could easily have positioned WP7 as the smartphone of choice for organisations using Exchange.  Instead it has provided limited support similar to Android and significantly less support than Apples iPhone.  Whats worse is that if it turns out WP7 doesn’t support encryption it will almost certainly be ruled out of many companies lists of permissible phones.  These days organisations just can’t take the chance of having email and data transported around unencrypted.

I can only imagine that full support was skipped in the urgency to get WP7 out to market.  If that’s so I’d hope that an update will arrive sometime soon to fix the problem.  Until it does I can’t see many companies allowing, let alone adopting WP7 in the same way they have iPhones.

Update:  I’ve added some more information in a follow up post.

Kinect for Windows (well almost)

Just over a year ago I spent a day in Microsoft’s Victoria offices for the London launch of Windows 7.  It was a good day and marked the end of the Win7 TAP programme which we’d been a part of.  One of the highlights was Steve Ballmer taking questions from the floor.  Whatever you think of Steve, he’s never going to be a dull speaker so he energetically covered a number of different topics from licensing to cloud.  What really got him going though was when someone asked him about the (then recently announced) Project Natal, now known as Kinect.

To say he was enthusiastic would be an understatement, you could see his eyes light up when he heard the question.  The funny thing was he didn’t talk about XBox.  What he wanted was ideas for applications on PC’s, he got a few from the audience and seemed genuinely pleased.  He actually spent quite a bit of time on the subject, talking about the issues they were trying to resolve around making Natal work at the close ranges you’d need for use on a desktop.  Given his quite vocal passion for the subject god help the poor engineers he claimed to have been quizzing for solutions!

Of course today Kinect has been available for a week or two, and so far I’m very impressed.  It’s very clever technology, the way it picks up on your movement is almost uncanny.  What’s almost as fascinating as the games however is what’s been happening outside of the XBox itself.  The hackers of the world have been quick to reverse engineer drivers to make the device work on real computers.  Some of the demo’s are very impressive, especially given the small amount of time that Kinect and the hacked drivers have been available.

Having a look through YouTube a couple of the demo’s really stand out.  The first (below) from a company called Evoluce shows a Kinect being used in Windows 7 and some of the Surface derived multitouch apps.  They claim to be working on a software release.

The second shows a virtual puppet that is controlled by a puppeteers arm monitors by Kinect in real time.  There’s a slight lag in there, but given that this sort of realtime motion capture has traditionally been pretty high-end stuff it’s very impressive for something that’s been knocked up in a short amount of time.

I think it’ll be fascinating to see what happens with this technology in the future.  Given how quickly the community has developed both drivers and seemingly usable applications, I’d love to see what Steve’s been able to get from the engineers he’s been chasing.  Of course quite how happy Steve would be about these community efforts I don’t know… but he did ask for desktop Natal applications this time last year :)

Continuous Services | Connected Devices

Those of you who know me will know I’m a bit of a geek.  I guess to work in IT you have to be to some extent or another.  Back when I was at uni I’d think nothing of spending hours tweaking the voltages of my poor over-clocked Celeron 300a processor to get the last drop of performance out of it.  The fact it spent most of it’s time idle didn’t really come into it!  When I got a real job and all of a sudden I had to work out ways of deploying and managing thousands of PC’s.  Suddenly all that detail started to become less important, indeed it got in the way, simplicity was the key.

Despite all the changes that have happened in the 10 years since then, that same basic rule still stands, and to be honest it always will.  Simplicity is always the goal.  There’s a great quote from Ray Ozzie about this: 

“Complexity kills. Complexity sucks the life out of users, developers and IT.  Complexity makes products difficult to plan, build, test and use.  Complexity introduces security challenges.  Complexity causes administrator frustration.”

I think he’s perfectly articulated the problem.  My challenge was that deploying IT out to a company of 18,000 odd people who are scattered all over the world just isn’t a simple thing, there is inevitable complexity there.  We just have to abstract it from the end users as best we can, and organise ourselves in a way that manages that residual complexity as efficiently as possible.  Wouldn’t it be great though if the solutions we use helped us, if they were designed to remove some of that headache?

To an extent that’s some of the appeal of cloud services.  We identify a capability that we want to provide Atkins, but then get someone else to deal with the complexity.  In theory all we would need to do it work out a way of consuming that capability.  Generally that’s going to be a lot easier than starting from scratch ourselves.

In a way that’s been the focus of the industry for the past 5 years, working out how to deliver complex services over the internet.  We’re now seeing truly viable cloud services emerge from this.  Salesforce.com is perhaps one of the most successful – and mainstream – business cloud services.  Google’s Apps service is doing well, as is Microsoft’s BPOS equivalent (or Office 365 as it’ll soon be known).  As well as these complete services there are also interesting cloud services that are designed to be the components of larger systems.  MS’s SQL Azure platform can host SQL or Access databases, and Sunguard has an emerging cloud transaction processing offering. 

So ‘cloud’ is here, we can – and do – buy services this way.  What’s next?

This is where Ray Ozzie comes back in.  If you don’t know of Ray, he’s the guy that came up with Lotus Notes.  In the 90’s he then developed the Groove collaboration tool, it was way ahead of it’s time but when online collaboration started to feature in people minds MS bought the product and company.  He then took over from Bill Gates as MS’s chief software architect.  A clever guy then.  Just after he joined MS he wrote a memo that basically turned MS’s strategy around and launched it headfirst into the cloud race, it’s worth a read.

Anyway, the quote I mentioned earlier comes from a new memo he’s written.  In it he talks about his view of what the next 5 years are going to focus on.  Again, it’s an interesting read.  He doesn’t say anything particularly revolutionary but he does articulate what we’re already starting to see here very well indeed.  In essence he believes it’s all about Continuous Services and Connected Devices.

Ray suggests that internet based services will continue to evolve and form the basis for how capabilities and applications will be delivered, whether that be to individuals or enterprises like ourselves.  They’ll be ubiquitous, available to all, and will end up hosting all of our personal and business data.  As such they’ll need to be continuously available – downtime would be disastrous.  They’ll need to transparently address the security and privacy concerns of individuals, enterprises and governments alike.  Sounds a bit like ‘cloud’, but of scale that we’ve yet to see emerge.

With such a huge reliance on these service that we can’t see or touch, how we access them would become hugely important.  Of course there will be local software of some sort, whether a browser in the Google model or specific applications as Apple and Microsoft would prefer (a rare area of agreement between them).  Ray suggests the difference is that we’ll grow used to accessing these services on devices beyond the computers we use today.  There may still be a place for desktop or laptop computers but in time people will adopt more appliance like devices that are cheap, and therefore simple (or dumb) and interchangeable and replaceable.  These devices will be use to access and consume these online services, making use of the vast amount of processing and storage they make available. 

He also makes the point these devices aren’t necessary just for consuming information, they may also be used to feed information into these services – some connected devices may just feed telemetry or control information.  Again we can see this trend emerging today with things like connected home energy monitors that feed information up to apps like Google Powermeter.  IBM’s Smarter Planet ideas apply the same principle to instrumenting systems in buildings, the buildings themselves and the rolling up all this data into views of cities and countries.

So in essence the Continuous Services | Connected Devices idea isn’t a million miles away from the world today.  Microsoft themselves have long talked about ‘Software + Services’ and ‘Three Screens and a Cloud’ (i.e. Computer, Phone and TV all accessing the same cloud services), a model that is shared with the likes of Apple and their appliance like iPad, and in future by RIM and their PlayBook

What makes Ray’s memo interesting however is that as well as articulating all of this very well, his position at MS (at least for now) means that this is likely to form a good part of MS’s thinking over the next 5 years.  This is a time when we’ll be seeing new versions of Windows and Office appear, and also a time when many organisations will be taking a close look at how they will deliver communication and collaboration.  Whether you like MS or loath them, it’s important to understand their thinking as they’ll take a huge part of the IT industry with them, as well of course as some of your clients and customers who also use their software.  For now they’re playing catch-up in this field to the likes of Google on the service side and Apple on the device side, it’ll be interesting to see how they fair over the next few years.  I imagine we’ll be hearing more about these themes in future.