Microsoft Hardens Windows Phone for Government Duty

Tough enough for Uncle Sam? Microsoft piles on the security features in a bid to lure government agencies over to the Windows Phone 8.1 camp.

mobile security

Microsoft's love-hate relationship with the U.S. government is turning a bit more amicable, at least when it comes to Windows Phone.

The U.S. government is a big technology buyer. The 2014 federal IT budget weighs in at over $81 billion. For fiscal 2015, federal IT spending will to dip somewhat to $79 billion, according to the White House's budget (PDF).

Microsoft is hoping that Windows Phone 8.1's built-in capabilities will help the Redmond, Wash.-based software company's newest mobile operating system catch the eye of the U.S. government and its security-minded agencies, which are under pressure to adopt mobile-enabled work styles. Stymieing those efforts are concerns that smartphones are the IT equivalent of leaky faucets.

Rick Engle, Microsoft's principal Windows technology specialist, combats the notion that increased mobility means increased risk in a blog post detailing the measures his company has taken to help Windows Phone 8.1 safeguard data. Having collaborated with "Microsoft field personnel and customers in many verticals," the company baked enterprise-grade security into the OS, he said.

"The result is a security-enhanced OS and an architecture designed to help prevent malware attacks—and even prevent rooting and jail breaking," stated Engle.

Included with Windows Phone 8.1 smartphones is native virtual private networking (VPN) support. "Connections can be provisioned by an MDM [mobile device management] and provide Single-Sign-On (SSO) security-hardened access through certificate authentication, and also reconnect automatically, providing a flexible and reliable connection," informed Engle.

Other features include a built-in MDM client that hooks into an organization's MDM platform of choice. "Device enrollment has been dramatically simplified," reported Engle, "lowering support costs and helping ease enrollment in both a Bring Your Own Device and a Corporate Liable scenario."

Granular MDM policies enable "full control of onboard hardware capabilities such as camera, Bluetooth, GPS, and NFC," he added. The Assigned Access option provides a "tightly controlled, curated experience" while app whitelisting and blacklisting controls keep unapproved apps at bay. S/MIME (Secure/Multipurpose Internet Mail Extensions) support simplifies email encryption.

Windows Phone 8.1 is also a solution for weak or pilfered passwords. "One of the biggest breakthroughs is support for two-factor authentication," said Engle. "Certified devices include a Trusted Platform Module (TPM), an encrypted hardware container [that] can be used to store and help protect certificates, including PIN-protected certificates stored within a Virtual Smartcard container."

Microsoft isn't the only tech heavyweight beefing up its security capabilities to make a play for federal IT budgets.

IBM announced in June that it was opening two new SoftLayer-based cloud data centers for U.S. government workloads. Anne Altman, general manager of IBM's US Federal division, said in a statement that her company "designed these centers with government clients' needs in mind, investing in added security features and redundancies to provide a high level of availability."

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...